| |
| |||||||
Log-Analyse und Auswertung: Weisser Desktop "Webseite kann nicht angezeigt werden" Löschung auch ohne Admin-Rechte möglich?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.09.2012, 08:28
| #1 |
| |  Weisser Desktop "Webseite kann nicht angezeigt werden" Löschung auch ohne Admin-Rechte möglich? Weisser Desktop "Webseite kann nicht angezeigt werden" Löschung auch ohne Admin-Rechte möglich?? Mein Geschäftslaptop is infiziert. OTL ausgeführt,wohin mit der Logfile. Könnt ihr überhaupt was machen wenn ich nicht als Admin gemeldet bin?? OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.09.2012 09:11:22 - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Dokumente und Einstellungen\roma1\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 80,12% Memory free 3,60 Gb Paging File | 3,43 Gb Available in Paging File | 95,37% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 230,87 Gb Total Space | 197,46 Gb Free Space | 85,53% Space Free | Partition Type: NTFS Drive D: | 2,00 Gb Total Space | 1,51 Gb Free Space | 75,53% Space Free | Partition Type: FAT32 Computer Name: ***** | User Name: ***** | NOT logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\roma1\Desktop\OTL.exe (OldTimer Tools) PRC - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU () ========== Services (SafeList) ========== SRV - (0009511266567397mcinstcleanup) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\000951~1.EXE C:\PROGRA~1\GEMEIN~1\McAfee\INSTAL~1\cleanup.ini File not found SRV - (JavaQuickStarterService) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) SRV - (McShield) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe () SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (McAfeeFramework) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (McTaskManager) -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) SRV - (ImapiService) -- C:\WINDOWS\system32\imapihp.exe (Microsoft Corporation) SRV - (DpHost) -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV - (HP ProtectTools Service) -- c:\Programme\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (vcsFPService) -- C:\WINDOWS\system32\vcsFPService.exe (Validity Sensors, Inc.) SRV - (HP Power Assistant Service) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard) SRV - (HP Wireless Assistant Service) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard) SRV - (FLCDLOCK) -- C:\WINDOWS\system32\flcdlock.exe (Hewlett-Packard Ltd) SRV - (HpFkCryptService) -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) SRV - (STacSV) -- c:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.) SRV - (yksvc) -- C:\WINDOWS\system32\yk51x86.dll (Marvell) SRV - (HPFSService) -- c:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (ac.sharedstore) -- C:\Programme\Gemeinsame Dateien\ActivIdentity\ac.sharedstore.exe (ActivIdentity) SRV - (stllssvr) -- c:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (Agere Systems) SRV - (WmiApRpl) -- C:\WINDOWS\system32\wbem\wmiaprpl.dll (Microsoft Corporation) SRV - (IGDCTRL) -- C:\Programme\1&1\IGDCTRL.EXE (AVM Berlin) SRV - (PSI_SVC_2) -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (massfilter) -- system32\drivers\massfilter.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (MfeAVFK) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (MfeBOPK) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (risdpcie) -- C:\WINDOWS\system32\drivers\risdpe86.sys (REDC) DRV - (ahcix86) -- C:\WINDOWS\system32\drivers\ahcix86.sys (Advanced Micro Devices, Inc) DRV - (DAMDrv) -- C:\WINDOWS\system32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (SbAlg) -- C:\WINDOWS\System32\drivers\SbAlg.sys (McAfee, Inc.) DRV - (SbFsLock) -- C:\WINDOWS\System32\drivers\SbFsLock.sys (McAfee, Inc.) DRV - (RsvLock) -- C:\WINDOWS\System32\drivers\rsvlock.sys (McAfee, Inc.) DRV - (SafeBoot) -- C:\WINDOWS\System32\drivers\SafeBoot.sys (McAfee, Inc.) DRV - (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys () DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (rixdpcie) -- C:\WINDOWS\system32\drivers\rixdpe86.sys (REDC) DRV - (rimspci) -- C:\WINDOWS\system32\drivers\rimspe86.sys (REDC) DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (MfeRKDK) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (Net6IM) -- C:\WINDOWS\system32\drivers\net6im51.sys (Citrix Systems, Inc.) DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG) DRV - (hpdskflt) -- C:\WINDOWS\system32\drivers\hpdskflt.sys (Hewlett-Packard Corporation) DRV - (Accelerometer) -- C:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation) DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation) DRV - (WmiApRpl) -- C:\WINDOWS\system32\wbem\wmiaprpl.dll (Microsoft Corporation) DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation) DRV - (Amddfltr) -- C:\WINDOWS\system32\drivers\Amddfltr.sys (Advanced Micro Devices) DRV - (HpqKbFiltr) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (regi) -- C:\WINDOWS\system32\drivers\regi.sys (InterVideo) DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Der Such-Assistent von Internet Explorer 6 wird nicht länger unterstützt. IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c290c4de-ecf7-477d-a817-06f83529308d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.intraflad.de IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes,DefaultScope = {7936CD9A-9F9F-418B-A068-3EA333CAAAB1} IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes\{7936CD9A-9F9F-418B-A068-3EA333CAAAB1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: win32-64@anonymous.org:0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4118 FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2009.10.19 18:14:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Programme\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.09.06 13:00:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\components [2012.09.07 16:42:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\plugins [2012.06.19 14:48:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Programme\SiteAdvisor\6173\FF\ FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\components [2012.09.07 16:42:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\plugins [2012.06.19 14:48:17 | 000,000,000 | ---D | M] [2012.02.28 21:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Extensions [2012.09.07 19:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Firefox\Profiles\lup46egi.default\extensions [2012.05.19 12:50:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Firefox\Profiles\lup46egi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.09.02 14:37:27 | 000,000,000 | ---D | M] (Java Console) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.01.11 17:57:07 | 000,000,000 | ---D | M] (Win32+64) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MOZILLA FIREFOX\EXTENSIONS\WIN32-64@ANONYMOUS.ORG [2012.09.06 13:00:50 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAMME\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX [2009.10.19 18:14:23 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAMME\HEWLETT-PACKARD\HP PROTECTTOOLS SECURITY MANAGER\BIN\FIREFOXEXT Hosts file not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20110902145109.dll (McAfee, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation) O4 - HKLM..\Run: [accrdsub] C:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [acevents] C:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) O4 - HKLM..\Run: [ACPW05DE] C:\Programme\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe () O4 - HKLM..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKLM..\Run: [File Sanitizer] c:\Programme\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPPowerAssistant] C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPWirelessAssistant] C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [Atlwmi] C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\D3dcsc\pnpdvd.exe () O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [phonostarTimer] \\fileserver\Eigene Dateien\Benutzer-Daten\roma1\Eigene Dateien\phonostar-Player\phonostarTimer.exe () O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [tnwrafxsfylsprr] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tnwrafxs.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk = C:\WINDOWS\Installer\{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}\Icon2457326B4.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 1 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 1 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266837310140 (MUWebControl Class) O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} https://citrix.flad.de/net6helper.cab (Net6Launcher Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = flad-intern.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC1CEEA1-D5D5-43EE-BE53-0A36BA5800E2}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - Winlogon\Notify\ackpbsc: DllName - (C:\Programme\ActivIdentity\ActivClient\ackpbsc.dll) - C:\Programme\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity) O20 - Winlogon\Notify\acunlock: DllName - (C:\Programme\ActivIdentity\ActivClient\acunlock.dll) - C:\Programme\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{164ce1f0-5e8a-11e0-8424-00271387540d}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell - "" = AutoRun O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun\command - "" = F:\laucher.exe O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell - "" = AutoRun O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.13 09:10:32 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\roma1\Desktop\OTL.exe [2012.09.10 14:40:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wqqxiodsfjqjcbo [2012.09.06 20:10:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\roma1\Desktop\honey [2012.09.06 13:00:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Freemake [2012.09.06 13:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake [2012.09.06 13:00:30 | 000,000,000 | ---D | C] -- C:\Programme\Freemake [2012.09.04 20:48:39 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\HDX4 [2012.09.04 18:28:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\roma1\Desktop\bungee [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.13 09:10:32 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\roma1\Desktop\OTL.exe [2012.09.13 09:04:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.12 22:57:30 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2012.09.12 19:30:49 | 000,001,885 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.09.12 19:30:49 | 000,001,814 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Avira DE-Cleaner.lnk [2012.09.12 18:48:43 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.10 15:25:47 | 000,096,768 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.10 14:40:15 | 000,000,051 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rimahtvhjwpqbae [2012.09.10 14:40:00 | 000,054,272 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tnwrafxs.exe [2012.09.07 16:42:43 | 000,001,054 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Mozilla Firefox.lnk [2012.09.07 01:24:39 | 000,516,352 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.09.07 01:24:39 | 000,492,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.09.07 01:24:39 | 000,099,198 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.09.07 01:24:39 | 000,083,048 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.09.06 13:34:40 | 000,013,086 | RHS- | M] () -- C:\Dokumente und Einstellungen\roma1\ntuser.pol [2012.09.06 13:34:13 | 000,055,989 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2012.09.06 13:00:52 | 000,000,945 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Freemake Video Converter.lnk [2012.09.06 12:57:57 | 000,002,135 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk [2012.09.06 12:57:56 | 000,002,365 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\FRITZ!Box starter.lnk [2012.09.04 20:11:04 | 000,002,828 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys [2012.08.24 16:25:37 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.08.16 12:40:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.10 14:40:14 | 000,054,272 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tnwrafxs.exe [2012.09.10 14:40:04 | 000,000,051 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rimahtvhjwpqbae [2012.09.06 13:00:52 | 000,000,945 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Freemake Video Converter.lnk [2012.06.19 14:48:38 | 000,130,080 | ---- | C] () -- C:\WINDOWS\HPHins15.dat [2012.06.19 14:48:38 | 000,002,885 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat [2012.02.15 14:53:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.09.02 14:08:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.09.01 16:38:40 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Frurura.dat [2011.09.01 16:38:40 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Kvigeduvakade.bin [2011.08.02 18:14:09 | 000,000,100 | --S- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\2375065399.dat [2011.03.17 14:20:44 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.01.12 21:43:37 | 000,000,056 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsidmv.dat [2011.01.11 17:49:51 | 000,096,768 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.11 14:05:47 | 000,013,086 | RHS- | C] () -- C:\Dokumente und Einstellungen\roma1\ntuser.pol [2010.03.16 00:20:29 | 000,002,828 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys [2010.03.16 00:20:29 | 000,000,008 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\D528B5E064.sys [2010.02.23 16:10:15 | 000,055,989 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol ========== LOP Check ========== [2012.04.11 16:41:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2011.04.07 13:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Beatlock Technology [2012.09.06 13:10:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake [2011.01.11 14:06:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GroupPolicy [2012.02.27 19:36:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\INFECTED [2012.09.10 16:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LOGFILES [2012.09.10 16:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\REPORTS [2012.09.10 16:55:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2009.10.19 18:30:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall [2009.10.19 18:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2012.09.10 14:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wqqxiodsfjqjcbo [2009.10.19 18:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\DigitalPersona [2012.04.11 16:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\ACD Systems [2011.01.18 23:59:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\AnvSoft [2012.01.07 03:50:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\BitTorrent [2011.03.14 01:21:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\D3dcsc [2009.10.19 18:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\DigitalPersona [2011.01.11 17:57:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\FBConnect [2011.04.26 18:07:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\FRITZ! [2012.02.29 22:58:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\InterVideo [2011.02.18 10:35:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\ntr [2012.06.19 14:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Oracle [2012.02.23 17:57:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\phonostar GmbH [2012.06.19 14:18:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\TeamViewer ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.09.2012 09:11:22 - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Dokumente und Einstellungen\roma1\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 80,12% Memory free 3,60 Gb Paging File | 3,43 Gb Available in Paging File | 95,37% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 230,87 Gb Total Space | 197,46 Gb Free Space | 85,53% Space Free | Partition Type: NTFS Drive D: | 2,00 Gb Total Space | 1,51 Gb Free Space | 75,53% Space Free | Partition Type: FAT32 Computer Name: ***** | User Name: ***** | NOT logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\roma1\Desktop\OTL.exe (OldTimer Tools) PRC - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU () ========== Services (SafeList) ========== SRV - (0009511266567397mcinstcleanup) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\000951~1.EXE C:\PROGRA~1\GEMEIN~1\McAfee\INSTAL~1\cleanup.ini File not found SRV - (JavaQuickStarterService) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) SRV - (McShield) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe () SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (McAfeeFramework) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (McTaskManager) -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) SRV - (ImapiService) -- C:\WINDOWS\system32\imapihp.exe (Microsoft Corporation) SRV - (DpHost) -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV - (HP ProtectTools Service) -- c:\Programme\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (vcsFPService) -- C:\WINDOWS\system32\vcsFPService.exe (Validity Sensors, Inc.) SRV - (HP Power Assistant Service) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard) SRV - (HP Wireless Assistant Service) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard) SRV - (FLCDLOCK) -- C:\WINDOWS\system32\flcdlock.exe (Hewlett-Packard Ltd) SRV - (HpFkCryptService) -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) SRV - (STacSV) -- c:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.) SRV - (yksvc) -- C:\WINDOWS\system32\yk51x86.dll (Marvell) SRV - (HPFSService) -- c:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (ac.sharedstore) -- C:\Programme\Gemeinsame Dateien\ActivIdentity\ac.sharedstore.exe (ActivIdentity) SRV - (stllssvr) -- c:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (Agere Systems) SRV - (WmiApRpl) -- C:\WINDOWS\system32\wbem\wmiaprpl.dll (Microsoft Corporation) SRV - (IGDCTRL) -- C:\Programme\1&1\IGDCTRL.EXE (AVM Berlin) SRV - (PSI_SVC_2) -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (massfilter) -- system32\drivers\massfilter.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (MfeAVFK) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (MfeBOPK) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (risdpcie) -- C:\WINDOWS\system32\drivers\risdpe86.sys (REDC) DRV - (ahcix86) -- C:\WINDOWS\system32\drivers\ahcix86.sys (Advanced Micro Devices, Inc) DRV - (DAMDrv) -- C:\WINDOWS\system32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (SbAlg) -- C:\WINDOWS\System32\drivers\SbAlg.sys (McAfee, Inc.) DRV - (SbFsLock) -- C:\WINDOWS\System32\drivers\SbFsLock.sys (McAfee, Inc.) DRV - (RsvLock) -- C:\WINDOWS\System32\drivers\rsvlock.sys (McAfee, Inc.) DRV - (SafeBoot) -- C:\WINDOWS\System32\drivers\SafeBoot.sys (McAfee, Inc.) DRV - (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys () DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (rixdpcie) -- C:\WINDOWS\system32\drivers\rixdpe86.sys (REDC) DRV - (rimspci) -- C:\WINDOWS\system32\drivers\rimspe86.sys (REDC) DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (MfeRKDK) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (Net6IM) -- C:\WINDOWS\system32\drivers\net6im51.sys (Citrix Systems, Inc.) DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG) DRV - (hpdskflt) -- C:\WINDOWS\system32\drivers\hpdskflt.sys (Hewlett-Packard Corporation) DRV - (Accelerometer) -- C:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation) DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation) DRV - (WmiApRpl) -- C:\WINDOWS\system32\wbem\wmiaprpl.dll (Microsoft Corporation) DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation) DRV - (Amddfltr) -- C:\WINDOWS\system32\drivers\Amddfltr.sys (Advanced Micro Devices) DRV - (HpqKbFiltr) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (regi) -- C:\WINDOWS\system32\drivers\regi.sys (InterVideo) DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Der Such-Assistent von Internet Explorer 6 wird nicht länger unterstützt. IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c290c4de-ecf7-477d-a817-06f83529308d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.intraflad.de IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes,DefaultScope = {7936CD9A-9F9F-418B-A068-3EA333CAAAB1} IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes\{7936CD9A-9F9F-418B-A068-3EA333CAAAB1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: win32-64@anonymous.org:0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4118 FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2009.10.19 18:14:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Programme\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.09.06 13:00:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\components [2012.09.07 16:42:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\plugins [2012.06.19 14:48:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Programme\SiteAdvisor\6173\FF\ FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\components [2012.09.07 16:42:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\plugins [2012.06.19 14:48:17 | 000,000,000 | ---D | M] [2012.02.28 21:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Extensions [2012.09.07 19:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Firefox\Profiles\lup46egi.default\extensions [2012.05.19 12:50:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Firefox\Profiles\lup46egi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.09.02 14:37:27 | 000,000,000 | ---D | M] (Java Console) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.01.11 17:57:07 | 000,000,000 | ---D | M] (Win32+64) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MOZILLA FIREFOX\EXTENSIONS\WIN32-64@ANONYMOUS.ORG [2012.09.06 13:00:50 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAMME\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX [2009.10.19 18:14:23 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAMME\HEWLETT-PACKARD\HP PROTECTTOOLS SECURITY MANAGER\BIN\FIREFOXEXT Hosts file not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20110902145109.dll (McAfee, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation) O4 - HKLM..\Run: [accrdsub] C:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [acevents] C:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) O4 - HKLM..\Run: [ACPW05DE] C:\Programme\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe () O4 - HKLM..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKLM..\Run: [File Sanitizer] c:\Programme\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPPowerAssistant] C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPWirelessAssistant] C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [Atlwmi] C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\D3dcsc\pnpdvd.exe () O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [phonostarTimer] \\fileserver\Eigene Dateien\Benutzer-Daten\roma1\Eigene Dateien\phonostar-Player\phonostarTimer.exe () O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [tnwrafxsfylsprr] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tnwrafxs.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk = C:\WINDOWS\Installer\{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}\Icon2457326B4.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 1 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 1 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266837310140 (MUWebControl Class) O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} https://citrix.flad.de/net6helper.cab (Net6Launcher Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = flad-intern.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC1CEEA1-D5D5-43EE-BE53-0A36BA5800E2}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - Winlogon\Notify\ackpbsc: DllName - (C:\Programme\ActivIdentity\ActivClient\ackpbsc.dll) - C:\Programme\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity) O20 - Winlogon\Notify\acunlock: DllName - (C:\Programme\ActivIdentity\ActivClient\acunlock.dll) - C:\Programme\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{164ce1f0-5e8a-11e0-8424-00271387540d}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell - "" = AutoRun O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun\command - "" = F:\laucher.exe O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell - "" = AutoRun O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.13 09:10:32 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\roma1\Desktop\OTL.exe [2012.09.10 14:40:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wqqxiodsfjqjcbo [2012.09.06 20:10:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\roma1\Desktop\honey [2012.09.06 13:00:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Freemake [2012.09.06 13:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake [2012.09.06 13:00:30 | 000,000,000 | ---D | C] -- C:\Programme\Freemake [2012.09.04 20:48:39 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\HDX4 [2012.09.04 18:28:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\roma1\Desktop\bungee [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.13 09:10:32 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\roma1\Desktop\OTL.exe [2012.09.13 09:04:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.12 22:57:30 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2012.09.12 19:30:49 | 000,001,885 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.09.12 19:30:49 | 000,001,814 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Avira DE-Cleaner.lnk [2012.09.12 18:48:43 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.10 15:25:47 | 000,096,768 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.10 14:40:15 | 000,000,051 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rimahtvhjwpqbae [2012.09.10 14:40:00 | 000,054,272 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tnwrafxs.exe [2012.09.07 16:42:43 | 000,001,054 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Mozilla Firefox.lnk [2012.09.07 01:24:39 | 000,516,352 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.09.07 01:24:39 | 000,492,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.09.07 01:24:39 | 000,099,198 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.09.07 01:24:39 | 000,083,048 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.09.06 13:34:40 | 000,013,086 | RHS- | M] () -- C:\Dokumente und Einstellungen\roma1\ntuser.pol [2012.09.06 13:34:13 | 000,055,989 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2012.09.06 13:00:52 | 000,000,945 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Freemake Video Converter.lnk [2012.09.06 12:57:57 | 000,002,135 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk [2012.09.06 12:57:56 | 000,002,365 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\FRITZ!Box starter.lnk [2012.09.04 20:11:04 | 000,002,828 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys [2012.08.24 16:25:37 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.08.16 12:40:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.10 14:40:14 | 000,054,272 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tnwrafxs.exe [2012.09.10 14:40:04 | 000,000,051 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rimahtvhjwpqbae [2012.09.06 13:00:52 | 000,000,945 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Freemake Video Converter.lnk [2012.06.19 14:48:38 | 000,130,080 | ---- | C] () -- C:\WINDOWS\HPHins15.dat [2012.06.19 14:48:38 | 000,002,885 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat [2012.02.15 14:53:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.09.02 14:08:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.09.01 16:38:40 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Frurura.dat [2011.09.01 16:38:40 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Kvigeduvakade.bin [2011.08.02 18:14:09 | 000,000,100 | --S- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\2375065399.dat [2011.03.17 14:20:44 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.01.12 21:43:37 | 000,000,056 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsidmv.dat [2011.01.11 17:49:51 | 000,096,768 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.11 14:05:47 | 000,013,086 | RHS- | C] () -- C:\Dokumente und Einstellungen\roma1\ntuser.pol [2010.03.16 00:20:29 | 000,002,828 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys [2010.03.16 00:20:29 | 000,000,008 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\D528B5E064.sys [2010.02.23 16:10:15 | 000,055,989 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol ========== LOP Check ========== [2012.04.11 16:41:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2011.04.07 13:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Beatlock Technology [2012.09.06 13:10:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake [2011.01.11 14:06:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GroupPolicy [2012.02.27 19:36:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\INFECTED [2012.09.10 16:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LOGFILES [2012.09.10 16:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\REPORTS [2012.09.10 16:55:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2009.10.19 18:30:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall [2009.10.19 18:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2012.09.10 14:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wqqxiodsfjqjcbo [2009.10.19 18:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\DigitalPersona [2012.04.11 16:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\ACD Systems [2011.01.18 23:59:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\AnvSoft [2012.01.07 03:50:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\BitTorrent [2011.03.14 01:21:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\D3dcsc [2009.10.19 18:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\DigitalPersona [2011.01.11 17:57:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\FBConnect [2011.04.26 18:07:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\FRITZ! [2012.02.29 22:58:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\InterVideo [2011.02.18 10:35:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\ntr [2012.06.19 14:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Oracle [2012.02.23 17:57:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\phonostar GmbH [2012.06.19 14:18:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\TeamViewer ========== Purity Check ========== < End of report > |
|
16.09.2012, 07:28
| #2 |
| /// the machine /// TB-Ausbilder    | Weisser Desktop "Webseite kann nicht angezeigt werden" Löschung auch ohne Admin-Rechte möglich? Hi,
__________________Sorry für die Verspätung. Brauchst Du immer noch Hilfe?
__________________ |
|
16.09.2012, 16:37
| #3 |
| | Weisser Desktop "Webseite kann nicht angezeigt werden" Löschung auch ohne Admin-Rechte möglich? hallo ,
__________________ja das wäre super.  Einfach das er mal entsperrt ist. Danach lass ich mal nen Virenscanner drüber , die Daten in Sicherheit gebracht und dann neu bespielt. |
|
16.09.2012, 16:48
| #4 |
| /// the machine /// TB-Ausbilder | Weisser Desktop "Webseite kann nicht angezeigt werden" Löschung auch ohne Admin-Rechte möglich? Hi, Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [tnwrafxsfylsprr] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tnwrafxs.exe ()
O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [Atlwmi] C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\D3dcsc\pnpdvd.exe ()
[2011.03.14 01:21:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\D3dcsc
:Commands
[emptytemp]
Poste bitte ein frisches OTL logfile.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.09.2012, 17:06
| #5 |
| | Weisser Desktop "Webseite kann nicht angezeigt werden" Löschung auch ohne Admin-Rechte möglich? Textdokument war keines bei...mach aber einen neuen Scan und poste dann die Logfile OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.09.2012 18:09:07 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Dokumente und Einstellungen\*****\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 54,92% Memory free 3,60 Gb Paging File | 3,02 Gb Available in Paging File | 83,97% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 230,87 Gb Total Space | 197,88 Gb Free Space | 85,71% Space Free | Partition Type: NTFS Drive D: | 2,00 Gb Total Space | 1,51 Gb Free Space | 75,53% Space Free | Partition Type: FAT32 Computer Name: WS-0285 | User Name: roma1 | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.16 18:03:25 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Desktop\OTL.exe PRC - [2011.11.17 00:04:20 | 000,822,384 | ---- | M] (ACD Systems) -- C:\Programme\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe PRC - [2011.06.08 04:06:00 | 000,333,120 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe PRC - [2011.06.08 04:06:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\McTray.exe PRC - [2011.04.08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.11.23 20:26:00 | 000,039,936 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\phonostarTimer.exe PRC - [2009.09.02 20:03:22 | 000,694,352 | ---- | M] (DigitalPersona, Inc.) -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe PRC - [2009.08.27 10:58:32 | 000,070,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe PRC - [2009.08.20 13:15:54 | 001,640,504 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe PRC - [2009.08.20 13:12:26 | 000,361,528 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe PRC - [2009.08.13 13:11:06 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe PRC - [2009.07.15 11:01:38 | 011,258,368 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\coreshredder.exe PRC - [2009.06.17 12:13:36 | 002,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe PRC - [2009.06.03 16:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\acevents.exe PRC - [2009.06.03 16:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\accrdsub.exe PRC - [2009.05.05 14:56:52 | 001,451,384 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2009.05.05 14:56:52 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009.04.21 18:01:56 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe PRC - [2009.04.03 12:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Programme\WinZip\WZQKPICK.EXE PRC - [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.12.07 17:08:26 | 000,778,240 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\Stcenter.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 09:02:02 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll MOD - [2012.06.15 07:23:52 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012.06.15 07:23:25 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.06.14 21:59:15 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll MOD - [2012.06.14 21:58:53 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll MOD - [2012.06.14 21:57:52 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.05.09 21:36:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.09 19:59:21 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.09 19:58:35 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll MOD - [2012.05.09 19:58:23 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll MOD - [2012.05.09 19:57:45 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll MOD - [2012.05.09 19:57:38 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.09 19:57:28 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2010.11.23 20:26:00 | 000,039,936 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\phonostarTimer.exe MOD - [2010.10.01 14:06:52 | 002,278,912 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\****\Eigene Dateien\phonostar-Player\QtCore4.dll MOD - [2010.09.10 16:07:26 | 000,416,256 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\plugins\sqldrivers\qsqlite4.dll MOD - [2010.09.10 13:20:48 | 008,151,040 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\QtGui4.dll MOD - [2010.09.10 13:06:58 | 000,190,464 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\QtSql4.dll MOD - [2010.02.25 13:12:28 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll MOD - [2010.02.25 13:12:20 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll MOD - [2010.02.25 13:12:16 | 000,249,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010.02.25 13:12:00 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.08.20 13:15:54 | 000,051,256 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\Graphs.dll MOD - [2009.08.20 13:15:50 | 000,051,768 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll MOD - [2009.08.20 13:12:26 | 000,051,768 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll MOD - [2009.08.20 13:12:24 | 000,030,264 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll MOD - [2009.08.17 12:26:20 | 000,300,600 | ---- | M] () -- C:\WINDOWS\system32\flcdlmsg.dll MOD - [2009.06.17 11:40:16 | 007,745,536 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtGui4.dll MOD - [2009.06.17 11:40:16 | 002,121,728 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtCore4.dll MOD - [2009.06.17 11:40:16 | 000,135,168 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2009.05.05 14:00:32 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll MOD - [2009.05.05 13:58:00 | 000,069,697 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Unknown] -- -- (0009511266567397mcinstcleanup) SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Unknown] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011.09.02 14:50:49 | 000,159,320 | ---- | M] () [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2011.09.02 14:50:49 | 000,145,936 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.08 04:06:00 | 000,132,416 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2011.01.12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2009.10.19 18:59:45 | 000,156,160 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\WINDOWS\system32\imapihp.exe -- (ImapiService) SRV - [2009.09.02 20:03:22 | 000,303,184 | ---- | M] (DigitalPersona, Inc.) [Auto | Unknown] -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV - [2009.08.26 13:52:02 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Unknown] -- c:\Programme\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2009.08.20 18:27:48 | 001,615,152 | ---- | M] (Validity Sensors, Inc.) [Auto | Unknown] -- C:\WINDOWS\system32\vcsFPService.exe -- (vcsFPService) SRV - [2009.08.20 13:15:50 | 000,095,800 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV - [2009.08.20 13:12:26 | 000,096,312 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV - [2009.08.17 12:30:20 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Unknown] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK) SRV - [2009.08.12 16:59:10 | 000,277,024 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2009.08.05 22:00:42 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Unknown] -- c:\Programme\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2009.07.17 10:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Unknown] -- C:\WINDOWS\system32\yk51x86.dll -- (yksvc) SRV - [2009.07.15 11:01:26 | 000,293,376 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- c:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2009.06.17 12:21:20 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2009.06.03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore) SRV - [2009.04.30 13:59:38 | 000,074,392 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Unknown] -- c:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - [2009.03.13 20:12:40 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Unknown] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.04.14 07:52:34 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl) SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Unknown] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDCOMP) DRV - File not found [Kernel | System | Unknown] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01) DRV - File not found [Kernel | On_Demand | Unknown] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | System | Unknown] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Unknown] -- -- (i2omgmt) DRV - File not found [Kernel | System | Unknown] -- -- (Changer) DRV - [2011.09.02 14:50:49 | 000,436,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2011.09.02 14:50:49 | 000,171,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (MfeAVFK) DRV - [2011.09.02 14:50:49 | 000,116,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2011.09.02 14:50:49 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k) DRV - [2011.09.02 14:50:49 | 000,085,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2011.09.02 14:50:49 | 000,058,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (MfeBOPK) DRV - [2009.09.05 19:57:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\risdpe86.sys -- (risdpcie) DRV - [2009.08.31 23:55:08 | 000,184,888 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\ahcix86.sys -- (ahcix86) DRV - [2009.08.17 09:51:52 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv) DRV - [2009.08.13 07:27:06 | 004,125,184 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009.08.12 17:01:18 | 000,051,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg) DRV - [2009.08.12 17:01:08 | 000,013,184 | ---- | M] (McAfee, Inc.) [File_System | Boot | Unknown] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2009.08.12 17:01:06 | 000,040,016 | ---- | M] (McAfee, Inc.) [Kernel | System | Unknown] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock) DRV - [2009.08.12 17:01:04 | 000,110,448 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2009.08.10 17:14:04 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2009.08.05 22:00:42 | 001,644,211 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2009.07.17 10:10:00 | 000,297,728 | ---- | M] (Marvell) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2009.07.04 19:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\rixdpe86.sys -- (rixdpcie) DRV - [2009.07.02 09:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci) DRV - [2009.06.02 03:26:28 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.06.02 02:57:44 | 001,746,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2009.05.15 18:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK) DRV - [2009.05.07 02:01:38 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2009.05.07 02:01:38 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2009.05.07 02:01:38 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2009.05.07 02:01:36 | 000,992,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2009.05.07 02:01:36 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2009.04.21 19:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud) DRV - [2009.03.13 20:13:06 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.09.10 19:32:54 | 000,049,008 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\net6im51.sys -- (Net6IM) DRV - [2008.07.23 21:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2008.05.23 13:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2008.05.23 13:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.05.08 16:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2008.04.14 07:52:34 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl) DRV - [2008.04.14 00:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC) DRV - [2008.03.13 01:43:26 | 000,015,416 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\Amddfltr.sys -- (Amddfltr) DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi) DRV - [2007.04.16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Der Such-Assistent von Internet Explorer 6 wird nicht länger unterstützt. IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c290c4de-ecf7-477d-a817-06f83529308d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.intraflad.de IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes,DefaultScope = {7936CD9A-9F9F-418B-A068-3EA333CAAAB1} IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes\{7936CD9A-9F9F-418B-A068-3EA333CAAAB1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: win32-64@anonymous.org:0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4118 FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2009.10.19 18:14:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Programme\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.09.06 13:00:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\components [2012.09.07 16:42:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\plugins [2012.06.19 14:48:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Programme\SiteAdvisor\6173\FF\ FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\components [2012.09.07 16:42:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\plugins [2012.06.19 14:48:17 | 000,000,000 | ---D | M] [2012.02.28 21:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Extensions [2012.09.07 19:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Firefox\Profiles\lup46egi.default\extensions [2012.05.19 12:50:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Firefox\Profiles\lup46egi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.09.02 14:37:27 | 000,000,000 | ---D | M] (Java Console) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.01.11 17:57:07 | 000,000,000 | ---D | M] (Win32+64) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MOZILLA FIREFOX\EXTENSIONS\WIN32-64@ANONYMOUS.ORG [2012.09.06 13:00:50 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAMME\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX [2009.10.19 18:14:23 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAMME\HEWLETT-PACKARD\HP PROTECTTOOLS SECURITY MANAGER\BIN\FIREFOXEXT Hosts file not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20110902145109.dll (McAfee, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation) O4 - HKLM..\Run: [accrdsub] C:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [acevents] C:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) O4 - HKLM..\Run: [ACPW05DE] C:\Programme\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe () O4 - HKLM..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKLM..\Run: [File Sanitizer] c:\Programme\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPPowerAssistant] C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPWirelessAssistant] C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [phonostarTimer] \\fileserver\Eigene Dateien\Benutzer-Daten\roma1\Eigene Dateien\phonostar-Player\phonostarTimer.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk = C:\WINDOWS\Installer\{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}\Icon2457326B4.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 1 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 1 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266837310140 (MUWebControl Class) O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} https://citrix.flad.de/net6helper.cab (Net6Launcher Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = flad-intern.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC1CEEA1-D5D5-43EE-BE53-0A36BA5800E2}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - Winlogon\Notify\ackpbsc: DllName - (C:\Programme\ActivIdentity\ActivClient\ackpbsc.dll) - C:\Programme\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity) O20 - Winlogon\Notify\acunlock: DllName - (C:\Programme\ActivIdentity\ActivClient\acunlock.dll) - C:\Programme\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{164ce1f0-5e8a-11e0-8424-00271387540d}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell - "" = AutoRun O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun\command - "" = F:\laucher.exe O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell - "" = AutoRun O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.16 18:13:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\roma1\Recent [2012.09.16 18:04:24 | 000,000,000 | ---D | C] -- C:\_OTL [2012.09.16 18:03:20 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\roma1\Desktop\OTL.exe [2012.09.10 14:40:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wqqxiodsfjqjcbo [2012.09.06 20:10:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\roma1\Desktop\honey [2012.09.06 13:00:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Freemake [2012.09.06 13:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake [2012.09.06 13:00:30 | 000,000,000 | ---D | C] -- C:\Programme\Freemake [2012.09.04 20:48:39 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\HDX4 [2012.09.04 18:28:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\roma1\Desktop\bungee [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.16 18:07:43 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2012.09.16 18:07:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.16 18:03:25 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\roma1\Desktop\OTL.exe [2012.09.16 17:37:58 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.13 15:02:39 | 003,790,788 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\ccsetup322.zip [2012.09.13 11:02:50 | 000,001,885 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.09.13 11:02:49 | 000,001,814 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Avira DE-Cleaner.lnk [2012.09.13 10:37:12 | 000,096,768 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.10 14:40:15 | 000,000,051 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rimahtvhjwpqbae [2012.09.07 16:42:43 | 000,001,054 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Mozilla Firefox.lnk [2012.09.07 01:24:39 | 000,516,352 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.09.07 01:24:39 | 000,492,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.09.07 01:24:39 | 000,099,198 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.09.07 01:24:39 | 000,083,048 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.09.06 13:34:40 | 000,013,086 | RHS- | M] () -- C:\Dokumente und Einstellungen\roma1\ntuser.pol [2012.09.06 13:34:13 | 000,055,989 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2012.09.06 13:00:52 | 000,000,945 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Freemake Video Converter.lnk [2012.09.06 12:57:57 | 000,002,135 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk [2012.09.06 12:57:56 | 000,002,365 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\FRITZ!Box starter.lnk [2012.09.04 20:11:04 | 000,002,828 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys [2012.08.24 16:25:37 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.13 15:02:39 | 003,790,788 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Desktop\ccsetup322.zip [2012.09.10 14:40:04 | 000,000,051 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rimahtvhjwpqbae [2012.09.06 13:00:52 | 000,000,945 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Freemake Video Converter.lnk [2012.06.19 14:48:38 | 000,130,080 | ---- | C] () -- C:\WINDOWS\HPHins15.dat [2012.06.19 14:48:38 | 000,002,885 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat [2012.02.15 14:53:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.09.02 14:08:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.09.01 16:38:40 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Frurura.dat [2011.09.01 16:38:40 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Kvigeduvakade.bin [2011.08.02 18:14:09 | 000,000,100 | --S- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\2375065399.dat [2011.03.17 14:20:44 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.01.12 21:43:37 | 000,000,056 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsidmv.dat [2011.01.11 17:49:51 | 000,096,768 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.11 14:05:47 | 000,013,086 | RHS- | C] () -- C:\Dokumente und Einstellungen\roma1\ntuser.pol [2010.03.16 00:20:29 | 000,002,828 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys [2010.03.16 00:20:29 | 000,000,008 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\D528B5E064.sys [2010.02.23 16:10:15 | 000,055,989 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol ========== LOP Check ========== [2012.04.11 16:41:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2011.04.07 13:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Beatlock Technology [2012.09.06 13:10:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake [2011.01.11 14:06:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GroupPolicy [2012.02.27 19:36:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\INFECTED [2012.09.10 16:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LOGFILES [2012.09.10 16:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\REPORTS [2012.09.10 16:55:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2009.10.19 18:30:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall [2009.10.19 18:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2012.09.10 14:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wqqxiodsfjqjcbo [2009.10.19 18:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\DigitalPersona [2012.04.11 16:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\ACD Systems [2011.01.18 23:59:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\AnvSoft [2012.01.07 03:50:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\BitTorrent [2009.10.19 18:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\DigitalPersona [2011.01.11 17:57:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\FBConnect [2011.04.26 18:07:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\FRITZ! [2012.02.29 22:58:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\InterVideo [2011.02.18 10:35:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\ntr [2012.06.19 14:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Oracle [2012.02.23 17:57:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\phonostar GmbH [2012.06.19 14:18:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\TeamViewer ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.09.2012 18:09:07 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Dokumente und Einstellungen\*****\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 54,92% Memory free 3,60 Gb Paging File | 3,02 Gb Available in Paging File | 83,97% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 230,87 Gb Total Space | 197,88 Gb Free Space | 85,71% Space Free | Partition Type: NTFS Drive D: | 2,00 Gb Total Space | 1,51 Gb Free Space | 75,53% Space Free | Partition Type: FAT32 Computer Name: WS-0285 | User Name: roma1 | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.16 18:03:25 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Desktop\OTL.exe PRC - [2011.11.17 00:04:20 | 000,822,384 | ---- | M] (ACD Systems) -- C:\Programme\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe PRC - [2011.06.08 04:06:00 | 000,333,120 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe PRC - [2011.06.08 04:06:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\McTray.exe PRC - [2011.04.08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.11.23 20:26:00 | 000,039,936 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\phonostarTimer.exe PRC - [2009.09.02 20:03:22 | 000,694,352 | ---- | M] (DigitalPersona, Inc.) -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe PRC - [2009.08.27 10:58:32 | 000,070,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe PRC - [2009.08.20 13:15:54 | 001,640,504 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe PRC - [2009.08.20 13:12:26 | 000,361,528 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe PRC - [2009.08.13 13:11:06 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe PRC - [2009.07.15 11:01:38 | 011,258,368 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\coreshredder.exe PRC - [2009.06.17 12:13:36 | 002,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe PRC - [2009.06.03 16:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\acevents.exe PRC - [2009.06.03 16:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\accrdsub.exe PRC - [2009.05.05 14:56:52 | 001,451,384 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2009.05.05 14:56:52 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009.04.21 18:01:56 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe PRC - [2009.04.03 12:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Programme\WinZip\WZQKPICK.EXE PRC - [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.12.07 17:08:26 | 000,778,240 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\Stcenter.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 09:02:02 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll MOD - [2012.06.15 07:23:52 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012.06.15 07:23:25 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.06.14 21:59:15 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll MOD - [2012.06.14 21:58:53 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll MOD - [2012.06.14 21:57:52 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.05.09 21:36:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.09 19:59:21 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.09 19:58:35 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll MOD - [2012.05.09 19:58:23 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll MOD - [2012.05.09 19:57:45 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll MOD - [2012.05.09 19:57:38 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.09 19:57:28 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2010.11.23 20:26:00 | 000,039,936 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\phonostarTimer.exe MOD - [2010.10.01 14:06:52 | 002,278,912 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\****\Eigene Dateien\phonostar-Player\QtCore4.dll MOD - [2010.09.10 16:07:26 | 000,416,256 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\plugins\sqldrivers\qsqlite4.dll MOD - [2010.09.10 13:20:48 | 008,151,040 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\QtGui4.dll MOD - [2010.09.10 13:06:58 | 000,190,464 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\QtSql4.dll MOD - [2010.02.25 13:12:28 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll MOD - [2010.02.25 13:12:20 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll MOD - [2010.02.25 13:12:16 | 000,249,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010.02.25 13:12:00 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.08.20 13:15:54 | 000,051,256 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\Graphs.dll MOD - [2009.08.20 13:15:50 | 000,051,768 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll MOD - [2009.08.20 13:12:26 | 000,051,768 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll MOD - [2009.08.20 13:12:24 | 000,030,264 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll MOD - [2009.08.17 12:26:20 | 000,300,600 | ---- | M] () -- C:\WINDOWS\system32\flcdlmsg.dll MOD - [2009.06.17 11:40:16 | 007,745,536 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtGui4.dll MOD - [2009.06.17 11:40:16 | 002,121,728 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtCore4.dll MOD - [2009.06.17 11:40:16 | 000,135,168 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2009.05.05 14:00:32 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll MOD - [2009.05.05 13:58:00 | 000,069,697 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Unknown] -- -- (0009511266567397mcinstcleanup) SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Unknown] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011.09.02 14:50:49 | 000,159,320 | ---- | M] () [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2011.09.02 14:50:49 | 000,145,936 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.08 04:06:00 | 000,132,416 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2011.01.12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2009.10.19 18:59:45 | 000,156,160 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\WINDOWS\system32\imapihp.exe -- (ImapiService) SRV - [2009.09.02 20:03:22 | 000,303,184 | ---- | M] (DigitalPersona, Inc.) [Auto | Unknown] -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV - [2009.08.26 13:52:02 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Unknown] -- c:\Programme\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2009.08.20 18:27:48 | 001,615,152 | ---- | M] (Validity Sensors, Inc.) [Auto | Unknown] -- C:\WINDOWS\system32\vcsFPService.exe -- (vcsFPService) SRV - [2009.08.20 13:15:50 | 000,095,800 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV - [2009.08.20 13:12:26 | 000,096,312 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV - [2009.08.17 12:30:20 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Unknown] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK) SRV - [2009.08.12 16:59:10 | 000,277,024 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2009.08.05 22:00:42 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Unknown] -- c:\Programme\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2009.07.17 10:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Unknown] -- C:\WINDOWS\system32\yk51x86.dll -- (yksvc) SRV - [2009.07.15 11:01:26 | 000,293,376 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- c:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2009.06.17 12:21:20 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2009.06.03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore) SRV - [2009.04.30 13:59:38 | 000,074,392 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Unknown] -- c:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - [2009.03.13 20:12:40 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Unknown] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.04.14 07:52:34 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl) SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Unknown] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDCOMP) DRV - File not found [Kernel | System | Unknown] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01) DRV - File not found [Kernel | On_Demand | Unknown] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | System | Unknown] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Unknown] -- -- (i2omgmt) DRV - File not found [Kernel | System | Unknown] -- -- (Changer) DRV - [2011.09.02 14:50:49 | 000,436,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2011.09.02 14:50:49 | 000,171,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (MfeAVFK) DRV - [2011.09.02 14:50:49 | 000,116,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2011.09.02 14:50:49 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k) DRV - [2011.09.02 14:50:49 | 000,085,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2011.09.02 14:50:49 | 000,058,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (MfeBOPK) DRV - [2009.09.05 19:57:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\risdpe86.sys -- (risdpcie) DRV - [2009.08.31 23:55:08 | 000,184,888 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\ahcix86.sys -- (ahcix86) DRV - [2009.08.17 09:51:52 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv) DRV - [2009.08.13 07:27:06 | 004,125,184 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009.08.12 17:01:18 | 000,051,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg) DRV - [2009.08.12 17:01:08 | 000,013,184 | ---- | M] (McAfee, Inc.) [File_System | Boot | Unknown] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2009.08.12 17:01:06 | 000,040,016 | ---- | M] (McAfee, Inc.) [Kernel | System | Unknown] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock) DRV - [2009.08.12 17:01:04 | 000,110,448 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2009.08.10 17:14:04 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2009.08.05 22:00:42 | 001,644,211 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2009.07.17 10:10:00 | 000,297,728 | ---- | M] (Marvell) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2009.07.04 19:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\rixdpe86.sys -- (rixdpcie) DRV - [2009.07.02 09:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci) DRV - [2009.06.02 03:26:28 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.06.02 02:57:44 | 001,746,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2009.05.15 18:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK) DRV - [2009.05.07 02:01:38 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2009.05.07 02:01:38 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2009.05.07 02:01:38 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2009.05.07 02:01:36 | 000,992,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2009.05.07 02:01:36 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2009.04.21 19:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud) DRV - [2009.03.13 20:13:06 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.09.10 19:32:54 | 000,049,008 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\net6im51.sys -- (Net6IM) DRV - [2008.07.23 21:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2008.05.23 13:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2008.05.23 13:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.05.08 16:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2008.04.14 07:52:34 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl) DRV - [2008.04.14 00:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC) DRV - [2008.03.13 01:43:26 | 000,015,416 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\Amddfltr.sys -- (Amddfltr) DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi) DRV - [2007.04.16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Der Such-Assistent von Internet Explorer 6 wird nicht länger unterstützt. IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c290c4de-ecf7-477d-a817-06f83529308d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.intraflad.de IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes,DefaultScope = {7936CD9A-9F9F-418B-A068-3EA333CAAAB1} IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes\{7936CD9A-9F9F-418B-A068-3EA333CAAAB1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: win32-64@anonymous.org:0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4118 FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2009.10.19 18:14:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Programme\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.09.06 13:00:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\components [2012.09.07 16:42:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\plugins [2012.06.19 14:48:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Programme\SiteAdvisor\6173\FF\ FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\components [2012.09.07 16:42:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\plugins [2012.06.19 14:48:17 | 000,000,000 | ---D | M] [2012.02.28 21:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Extensions [2012.09.07 19:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Firefox\Profiles\lup46egi.default\extensions [2012.05.19 12:50:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Firefox\Profiles\lup46egi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.09.02 14:37:27 | 000,000,000 | ---D | M] (Java Console) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.01.11 17:57:07 | 000,000,000 | ---D | M] (Win32+64) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MOZILLA FIREFOX\EXTENSIONS\WIN32-64@ANONYMOUS.ORG [2012.09.06 13:00:50 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAMME\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX [2009.10.19 18:14:23 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAMME\HEWLETT-PACKARD\HP PROTECTTOOLS SECURITY MANAGER\BIN\FIREFOXEXT Hosts file not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20110902145109.dll (McAfee, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation) O4 - HKLM..\Run: [accrdsub] C:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [acevents] C:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) O4 - HKLM..\Run: [ACPW05DE] C:\Programme\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe () O4 - HKLM..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKLM..\Run: [File Sanitizer] c:\Programme\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPPowerAssistant] C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPWirelessAssistant] C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [phonostarTimer] \\fileserver\Eigene Dateien\Benutzer-Daten\roma1\Eigene Dateien\phonostar-Player\phonostarTimer.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk = C:\WINDOWS\Installer\{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}\Icon2457326B4.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 1 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1 O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 1 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266837310140 (MUWebControl Class) O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} https://citrix.flad.de/net6helper.cab (Net6Launcher Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = flad-intern.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC1CEEA1-D5D5-43EE-BE53-0A36BA5800E2}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - Winlogon\Notify\ackpbsc: DllName - (C:\Programme\ActivIdentity\ActivClient\ackpbsc.dll) - C:\Programme\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity) O20 - Winlogon\Notify\acunlock: DllName - (C:\Programme\ActivIdentity\ActivClient\acunlock.dll) - C:\Programme\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{164ce1f0-5e8a-11e0-8424-00271387540d}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell - "" = AutoRun O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun\command - "" = F:\laucher.exe O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell - "" = AutoRun O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.16 18:13:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\roma1\Recent [2012.09.16 18:04:24 | 000,000,000 | ---D | C] -- C:\_OTL [2012.09.16 18:03:20 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\roma1\Desktop\OTL.exe [2012.09.10 14:40:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wqqxiodsfjqjcbo [2012.09.06 20:10:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\roma1\Desktop\honey [2012.09.06 13:00:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Freemake [2012.09.06 13:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake [2012.09.06 13:00:30 | 000,000,000 | ---D | C] -- C:\Programme\Freemake [2012.09.04 20:48:39 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\HDX4 [2012.09.04 18:28:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\roma1\Desktop\bungee [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.16 18:07:43 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2012.09.16 18:07:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.16 18:03:25 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\roma1\Desktop\OTL.exe [2012.09.16 17:37:58 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.13 15:02:39 | 003,790,788 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\ccsetup322.zip [2012.09.13 11:02:50 | 000,001,885 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.09.13 11:02:49 | 000,001,814 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Avira DE-Cleaner.lnk [2012.09.13 10:37:12 | 000,096,768 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.10 14:40:15 | 000,000,051 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rimahtvhjwpqbae [2012.09.07 16:42:43 | 000,001,054 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Mozilla Firefox.lnk [2012.09.07 01:24:39 | 000,516,352 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.09.07 01:24:39 | 000,492,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.09.07 01:24:39 | 000,099,198 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.09.07 01:24:39 | 000,083,048 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.09.06 13:34:40 | 000,013,086 | RHS- | M] () -- C:\Dokumente und Einstellungen\roma1\ntuser.pol [2012.09.06 13:34:13 | 000,055,989 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2012.09.06 13:00:52 | 000,000,945 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Freemake Video Converter.lnk [2012.09.06 12:57:57 | 000,002,135 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk [2012.09.06 12:57:56 | 000,002,365 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\FRITZ!Box starter.lnk [2012.09.04 20:11:04 | 000,002,828 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys [2012.08.24 16:25:37 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.13 15:02:39 | 003,790,788 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Desktop\ccsetup322.zip [2012.09.10 14:40:04 | 000,000,051 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rimahtvhjwpqbae [2012.09.06 13:00:52 | 000,000,945 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Freemake Video Converter.lnk [2012.06.19 14:48:38 | 000,130,080 | ---- | C] () -- C:\WINDOWS\HPHins15.dat [2012.06.19 14:48:38 | 000,002,885 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat [2012.02.15 14:53:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.09.02 14:08:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.09.01 16:38:40 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Frurura.dat [2011.09.01 16:38:40 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Kvigeduvakade.bin [2011.08.02 18:14:09 | 000,000,100 | --S- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\2375065399.dat [2011.03.17 14:20:44 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.01.12 21:43:37 | 000,000,056 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsidmv.dat [2011.01.11 17:49:51 | 000,096,768 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.11 14:05:47 | 000,013,086 | RHS- | C] () -- C:\Dokumente und Einstellungen\roma1\ntuser.pol [2010.03.16 00:20:29 | 000,002,828 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys [2010.03.16 00:20:29 | 000,000,008 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\D528B5E064.sys [2010.02.23 16:10:15 | 000,055,989 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol ========== LOP Check ========== [2012.04.11 16:41:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2011.04.07 13:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Beatlock Technology [2012.09.06 13:10:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake [2011.01.11 14:06:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GroupPolicy [2012.02.27 19:36:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\INFECTED [2012.09.10 16:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LOGFILES [2012.09.10 16:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\REPORTS [2012.09.10 16:55:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2009.10.19 18:30:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall [2009.10.19 18:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2012.09.10 14:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wqqxiodsfjqjcbo [2009.10.19 18:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\DigitalPersona [2012.04.11 16:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\ACD Systems [2011.01.18 23:59:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\AnvSoft [2012.01.07 03:50:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\BitTorrent [2009.10.19 18:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\DigitalPersona [2011.01.11 17:57:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\FBConnect [2011.04.26 18:07:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\FRITZ! [2012.02.29 22:58:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\InterVideo [2011.02.18 10:35:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\ntr [2012.06.19 14:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Oracle [2012.02.23 17:57:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\phonostar GmbH [2012.06.19 14:18:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\TeamViewer ========== Purity Check ========== < End of report > |
|
16.09.2012, 17:17
| #6 |
| /// the machine /// TB-Ausbilder | Weisser Desktop "Webseite kann nicht angezeigt werden" Löschung auch ohne Admin-Rechte möglich? Was sind die aktuellen Probleme mit dem Rechner?
__________________ --> Weisser Desktop "Webseite kann nicht angezeigt werden" Löschung auch ohne Admin-Rechte möglich? |
|
16.09.2012, 17:26
| #7 |
| | Weisser Desktop "Webseite kann nicht angezeigt werden" Löschung auch ohne Admin-Rechte möglich? läuft  danke vielmals. Reicht für dass was ich sichern will. Der wird dann platt gemacht. super was ihr hier macht. Danke |
|
16.09.2012, 17:28
| #8 |
| /// the machine /// TB-Ausbilder | Weisser Desktop "Webseite kann nicht angezeigt werden" Löschung auch ohne Admin-Rechte möglich? hehe, schneller fix aus der hüfte 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.09.2012, 17:29
| #9 |
| | Weisser Desktop "Webseite kann nicht angezeigt werden" Löschung auch ohne Admin-Rechte möglich? niccee! schönen Sonntag  |
|
| Themen zu Weisser Desktop "Webseite kann nicht angezeigt werden" Löschung auch ohne Admin-Rechte möglich? |
| angezeigt, ausgeführt, desktop, gemeldet, infiziert., löschung, nicht angezeigt, plug-in, virus löschung ohne admin-rechte möglich??, webseite, weisser, weisser desktop, werden", überhaupt |
.
Linear-Darstellung
