| |
| |||||||
Log-Analyse und Auswertung: Googelergebnisse leiten auf falsche SeitenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
18.10.2012, 15:12
| #16 |
| /// Selecta Jahrusso   |  Googelergebnisse leiten auf falsche Seiten Sorry für die Verzögerung. Arbeit und Schule halten mich gerade ziemlich "in Form"  Noch irgendwelche Probleme?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
18.10.2012, 15:55
| #17 |
 | Googelergebnisse leiten auf falsche Seiten hi Daniel, schon länger nicht mehr.
__________________Du schienst noch Bedenken zu haben, die jetzt noch gefundene Malware hatte keine offesichtlichen Auswirkungen. Danke für die Mühe, du machst nen guten Job |
|
18.10.2012, 22:12
| #18 |
| /// Selecta Jahrusso | Googelergebnisse leiten auf falsche Seiten Sehen wir uns noch mal letzte OTL Logs an
__________________ Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread.
__________________ |
|
22.10.2012, 12:14
| #19 |
| | Googelergebnisse leiten auf falsche Seiten OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.10.2012 13:03:03 - Run 3 OTL by OldTimer - Version 3.2.68.0 Folder = D:\Dokumente und Einstellungen\Günther\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 767,48 Mb Total Physical Memory | 352,91 Mb Available Physical Memory | 45,98% Memory free 1,83 Gb Paging File | 1,27 Gb Available in Paging File | 69,14% Paging File free Paging file location(s): D:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme Drive C: | 3,91 Gb Total Space | 0,28 Gb Free Space | 7,19% Space Free | Partition Type: NTFS Drive D: | 37,26 Gb Total Space | 12,74 Gb Free Space | 34,20% Space Free | Partition Type: NTFS Drive E: | 24,70 Gb Total Space | 0,87 Gb Free Space | 3,52% Space Free | Partition Type: FAT32 Drive F: | 111,79 Gb Total Space | 76,49 Gb Free Space | 68,42% Space Free | Partition Type: NTFS Computer Name: RECHTS | User Name: Günther | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Dokumente und Einstellungen\Günther\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Programme\System Explorer\SystemExplorer.exe (Mister Group) PRC - D:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - D:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Programme\PTBSync\PTBSync.exe (ElmüSoft) PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - D:\Programme\System Explorer\service\SystemExplorerService.exe (Mister Group) PRC - D:\Programme\NVDA\nvda_service.exe (NV Access Limited) PRC - D:\Programme\open3A\apache\bin\apache.exe (Apache Software Foundation) PRC - D:\Programme\open3A\mysql\bin\mysqld-nt.exe () PRC - D:\Programme\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project) PRC - D:\Programme\FileZilla Server\FileZilla server.exe (FileZilla Project) PRC - D:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - D:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - D:\Programme\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.) PRC - D:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - D:\Programme\Unlocker\UnlockerAssistant.exe () PRC - D:\Programme\Outlook Express\msimn.exe (Microsoft Corporation) PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - D:\Programme\PTFB\PTFB.exe (Technology Lighthouse) PRC - D:\WINDOWS\system32\dolserve.exe (Dolphin Oceanic Ltd.) PRC - D:\Programme\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc) PRC - D:\Programme\Neolec Crystal OP\LwbWheel.exe () PRC - D:\Programme\Babylon Translator\babylon.exe (Babylon Ltd.) PRC - D:\WINDOWS\speech\vcmd.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - D:\Programme\Mozilla Firefox\mozjs.dll () MOD - D:\Programme\open3A\apache\bin\libmysql.dll () MOD - D:\Programme\open3A\apache\bin\libpq.dll () MOD - D:\Programme\open3A\mysql\bin\mysqld-nt.exe () MOD - D:\Programme\NVDA\_ctypes.pyd () MOD - D:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - D:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - D:\Programme\NVDA\servicemanager.pyd () MOD - D:\Programme\NVDA\win32api.pyd () MOD - D:\Programme\NVDA\win32service.pyd () MOD - D:\Programme\NVDA\pywintypes27.dll () MOD - D:\Programme\Unlocker\UnlockerAssistant.exe () MOD - D:\Programme\Unlocker\UnlockerHook.dll () MOD - D:\WINDOWS\system32\nvapi.dll () MOD - D:\Programme\Neolec Crystal OP\MouseDll.dll () MOD - D:\Programme\Neolec Crystal OP\LwbWheel.exe () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (MsMpSvc) -- D:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (MozillaMaintenance) -- D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SystemExplorerHelpService) -- D:\Programme\System Explorer\service\SystemExplorerService.exe (Mister Group) SRV - (nvda) -- D:\Programme\NVDA\nvda_service.exe (NV Access Limited) SRV - (Apache2.2) -- D:\Programme\open3A\apache\bin\apache.exe (Apache Software Foundation) SRV - (mysql) -- D:\Programme\open3A\mysql\bin\mysqld-nt.exe () SRV - (ServiceLayer) -- D:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (FileZilla Server) -- D:\Programme\FileZilla Server\FileZilla server.exe (FileZilla Project) SRV - (Nero BackItUp Scheduler 4.0) -- D:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (IDriverT) -- D:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (DolphinInterceptorStartup) -- D:\WINDOWS\system32\dolserve.exe (Dolphin Oceanic Ltd.) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (CFcatchme) -- D:\DOKUME~1\GNTHER~1\LOKALE~1\Temp\CFcatchme.sys File not found DRV - (catchme) -- D:\ComboFix\catchme.sys File not found DRV - (WinRing0_1_2_0) -- D:\WINDOWS\system32\drivers\ptbring0.sys (OpenLibSys.org) DRV - (MBAMProtector) -- D:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (pccsmcfd) -- D:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (PortTalk) -- D:\WINDOWS\system32\drivers\ptbtalk.sys (Beyond Logic Beyondlogic) DRV - (nmwcdc) -- D:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- D:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- D:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- D:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (teamviewervpn) -- D:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (gameenum) -- D:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (UFBFilte) -- D:\WINDOWS\system32\drivers\UFBFilte.sys (????--?) DRV - (slabbus) -- D:\WINDOWS\system32\drivers\slabbus.sys (MCCI) DRV - (viaagp1) -- D:\WINDOWS\system32\drivers\VIAAGP1.SYS (VIA Technologies, Inc.) DRV - (fpcibase) -- D:\WINDOWS\system32\drivers\fpcibase.sys (AVM GmbH) DRV - (AVMWAN) -- D:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - D:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\SearchScopes,DefaultScope = {DF21B326-B87E-496D-AB18-685E54F7EAA9} IE - HKCU\..\SearchScopes\{DF21B326-B87E-496D-AB18-685E54F7EAA9}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.meteox.de/gmap.aspx?soort=loop3uur&zoom=7&lat=52.2385&lon=10.5385|https://safecart.com/pcutilitiespro/.op-special/purchase|hxxp://download.web.de/toolbar/firefox/runonce.html|chrome://unitedtb/content/pref/opt-in.xhtml" FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:15.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: D:\Programme\Java\jre6\lib\deploy\jqs\ff [2012.03.12 14:33:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.09.10 13:48:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.02.29 14:20:03 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\Günther\Anwendungsdaten\Mozilla\Extensions [2012.10.11 14:19:44 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\Günther\Anwendungsdaten\Mozilla\Firefox\Profiles\4nldfmer.default\extensions [2012.10.10 17:00:12 | 000,002,273 | ---- | M] () -- D:\Dokumente und Einstellungen\Günther\Anwendungsdaten\Mozilla\Firefox\Profiles\4nldfmer.default\searchplugins\englische-ergebnisse.xml [2012.09.10 13:48:04 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions [2012.09.10 13:48:21 | 000,000,000 | ---D | M] (Default) -- D:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.09.10 13:48:21 | 000,266,720 | ---- | M] (Mozilla Foundation) -- D:\Programme\mozilla firefox\components\browsercomps.dll [2012.08.15 15:30:41 | 000,001,392 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 14:50:48 | 000,002,465 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\bing.xml [2012.08.15 15:30:41 | 000,001,153 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.09.05 14:50:48 | 000,003,581 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\google.xml [2012.08.15 15:30:41 | 000,006,805 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.15 15:30:41 | 000,001,178 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.15 15:30:41 | 000,001,105 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.08 13:07:25 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - D:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - D:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - D:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdressLittle] D:\Programme\Adress Little 2.0\ageb.exe (Joachim Stroemer) O4 - HKLM..\Run: [LWBMOUSE] D:\Programme\Neolec Crystal OP\LwbWheel.exe () O4 - HKLM..\Run: [MSC] D:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Omnipage] D:\Programme\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc) O4 - HKLM..\Run: [PTBSync] D:\Programme\PTBSync\PTBSync.exe (ElmüSoft) O4 - HKLM..\Run: [UnlockerAssistant] D:\Programme\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [Babylon Translator] D:\Programme\Babylon Translator\babylon.exe (Babylon Ltd.) O4 - HKCU..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [FileZilla Server Interface] D:\Programme\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project) O4 - HKCU..\Run: [SystemExplorerAutoStart] D:\Programme\System Explorer\SystemExplorer.exe (Mister Group) O4 - Startup: D:\Dokumente und Einstellungen\Günther\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = D:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: D:\Dokumente und Einstellungen\Günther\Startmenü\Programme\Autostart\PTFB.lnk = D:\Programme\PTFB\PTFB.exe (Technology Lighthouse) O4 - Startup: D:\Dokumente und Einstellungen\Günther\Startmenü\Programme\Autostart\Total Commander.lnk = D:\Programme\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.) O4 - Startup: D:\Dokumente und Einstellungen\Günther\Startmenü\Programme\Autostart\Verknüpfung mit msimn.lnk = D:\Programme\Outlook Express\msimn.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - D:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225890083727 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8B4E240-5ACC-4D6D-84C1-B89172D0518E}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - D:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - D:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - D:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - D:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - D:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - D:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - D:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - D:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - D:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - D:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - D:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - D:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - D:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - D:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - D:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - D:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.08 14:08:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.18 13:32:25 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Günther\Anwendungsdaten\FileZilla [2012.10.18 13:32:15 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Günther\Startmenü\Programme\FileZilla FTP Client [2012.10.18 13:32:11 | 000,000,000 | ---D | C] -- D:\Programme\FileZilla FTP Client [2012.10.18 12:48:27 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FileZilla Server [2012.10.18 12:48:23 | 000,000,000 | ---D | C] -- D:\Programme\FileZilla Server [2012.10.17 12:56:58 | 000,000,000 | ---D | C] -- D:\Programme\ESET [2012.10.17 12:46:43 | 000,000,000 | ---D | C] -- D:\_OTL [2012.10.10 16:15:35 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Günther\Lokale Einstellungen\Anwendungsdaten\PCHealth [2012.10.10 15:55:08 | 000,000,000 | -HSD | C] -- D:\RECYCLER [2012.10.01 16:46:41 | 000,518,144 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe [2012.10.01 16:46:41 | 000,406,528 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe [2012.10.01 16:46:41 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe [2012.10.01 16:46:41 | 000,060,416 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe [2012.10.01 16:46:27 | 000,000,000 | ---D | C] -- D:\Qoobox [2012.10.01 16:46:19 | 000,000,000 | R--D | C] -- D:\Dokumente und Einstellungen\Günther\Startmenü\Programme\Verwaltung [2012.10.01 16:45:56 | 000,000,000 | ---D | C] -- D:\WINDOWS\erdnt [2012.09.26 15:23:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Dokumente und Einstellungen\Günther\Desktop\OTL.exe ========== Files - Modified Within 30 Days ========== [2012.10.22 13:06:53 | 000,000,422 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{E9B1A2C8-E9A4-47B0-A184-99AFD58F38C6}.job [2012.10.22 13:05:00 | 000,001,798 | ---- | M] () -- D:\Dokumente und Einstellungen\Günther\Eigene Dateien\PTBSync-AutoExport-Günther.ini [2012.10.22 12:13:55 | 000,000,386 | -H-- | M] () -- D:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012.10.22 12:04:59 | 000,004,933 | ---- | M] () -- D:\WINDOWS\wincmd.ini [2012.10.22 12:04:45 | 000,088,566 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml [2012.10.22 12:03:48 | 000,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2012.10.22 12:03:47 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2012.10.22 12:03:45 | 804,835,328 | -HS- | M] () -- D:\hiberfil.sys [2012.10.18 12:48:27 | 000,001,724 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\FileZilla Server Interface.lnk [2012.10.17 16:24:39 | 000,001,065 | ---- | M] () -- D:\WINDOWS\winamp.ini [2012.10.11 17:47:15 | 000,000,375 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts.ics [2012.10.10 16:15:22 | 000,001,917 | ---- | M] () -- D:\WINDOWS\epplauncher.mif [2012.10.10 16:00:09 | 000,001,393 | ---- | M] () -- D:\WINDOWS\imsins.BAK [2012.10.08 13:07:25 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts [2012.10.08 12:36:16 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerApp.exe [2012.10.08 12:36:14 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.10.04 14:46:20 | 017,805,468 | ---- | M] () -- D:\Dokumente und Einstellungen\Günther\Desktop\Alto2 CD-image.nrg [2012.10.04 14:31:19 | 000,000,086 | ---- | M] () -- D:\Dokumente und Einstellungen\Günther\Desktop\Topfield HD-Receiver Test und Testberichte.URL [2012.10.01 15:21:56 | 005,988,760 | ---- | M] () -- D:\Dokumente und Einstellungen\Günther\Desktop\topfield crt2401 Anl..pdf [2012.09.26 16:34:11 | 000,069,895 | ---- | M] () -- D:\Dokumente und Einstellungen\Günther\Eigene Dateien\trojaner-board.rtf [2012.09.26 15:23:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Dokumente und Einstellungen\Günther\Desktop\OTL.exe ========== Files Created - No Company Name ========== [2012.10.18 12:48:27 | 000,001,724 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Desktop\FileZilla Server Interface.lnk [2012.10.10 16:29:44 | 000,000,386 | -H-- | C] () -- D:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012.10.04 14:46:04 | 017,805,468 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\Desktop\Alto2 CD-image.nrg [2012.10.04 14:31:19 | 000,000,086 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\Desktop\Topfield HD-Receiver Test und Testberichte.URL [2012.10.01 18:13:18 | 005,988,760 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\Desktop\topfield crt2401 Anl..pdf [2012.10.01 16:46:41 | 000,256,000 | ---- | C] () -- D:\WINDOWS\PEV.exe [2012.10.01 16:46:41 | 000,208,896 | ---- | C] () -- D:\WINDOWS\MBR.exe [2012.10.01 16:46:41 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe [2012.10.01 16:46:41 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe [2012.10.01 16:46:41 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe [2012.09.26 16:34:11 | 000,069,895 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\Eigene Dateien\trojaner-board.rtf [2012.09.10 15:23:57 | 000,005,407 | ---- | C] () -- D:\WINDOWS\my.ini [2012.09.10 13:59:02 | 000,000,142 | ---- | C] () -- D:\WINDOWS\System32\gdichain.ini [2012.09.10 13:58:48 | 000,000,380 | ---- | C] () -- D:\WINDOWS\dcmuser.ini [2012.08.29 13:30:27 | 000,000,060 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\Anwendungsdaten\mbam.context.scan [2012.07.30 12:47:32 | 000,000,238 | ---- | C] () -- D:\WINDOWS\System32\xscan32.dat [2012.07.30 11:07:08 | 000,007,680 | ---- | C] () -- D:\WINDOWS\System32\CNMVS6y.DLL [2012.06.05 13:45:45 | 000,000,000 | ---- | C] () -- D:\WINDOWS\PLEXTRS.INI [2012.02.15 13:24:19 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll [2011.11.29 19:22:11 | 000,132,520 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\w11 cd1.jpg [2011.11.29 19:21:56 | 000,147,209 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\w11 cd2.jpg [2010.02.23 19:42:39 | 000,007,168 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.06 16:38:25 | 000,021,616 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\image010.jpg [2009.06.29 12:40:24 | 000,022,723 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\UL25100.pdf [2009.05.11 14:21:01 | 000,868,675 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\Poster A1 Hallenplan 2009.pdf [2009.04.23 11:50:04 | 000,151,972 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\2009_05rechnung_4763659586.pdf [2009.04.01 15:22:27 | 000,022,921 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\UL25079.pdf [2009.03.11 15:12:49 | 000,988,743 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\Katalog-2008.pdf ========== ZeroAccess Check ========== [2009.03.19 13:43:20 | 000,000,227 | RHS- | M] () -- D:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.10.2012 13:03:03 - Run 3
OTL by OldTimer - Version 3.2.68.0 Folder = D:\Dokumente und Einstellungen\Günther\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
767,48 Mb Total Physical Memory | 352,91 Mb Available Physical Memory | 45,98% Memory free
1,83 Gb Paging File | 1,27 Gb Available in Paging File | 69,14% Paging File free
Paging file location(s): D:\pagefile.sys 1152 2304 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 3,91 Gb Total Space | 0,28 Gb Free Space | 7,19% Space Free | Partition Type: NTFS
Drive D: | 37,26 Gb Total Space | 12,74 Gb Free Space | 34,20% Space Free | Partition Type: NTFS
Drive E: | 24,70 Gb Total Space | 0,87 Gb Free Space | 3,52% Space Free | Partition Type: FAT32
Drive F: | 111,79 Gb Total Space | 76,49 Gb Free Space | 68,42% Space Free | Partition Type: NTFS
Computer Name: RECHTS | User Name: Günther | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SlimBrowserHtml] -- D:\Programme\SlimBrowser\sbframe.exe (FlashPeak Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "D:\Programme\SlimBrowser\sbframe.exe" -nosp -ni (FlashPeak Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Programme\Soulseek\slsk.exe" = D:\Programme\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"D:\Programme\deepinvent\MailStore Home\MailStoreLocal.exe" = D:\Programme\deepinvent\MailStore Home\MailStoreLocal.exe:*:Enabled:MailStore Home -- (deepinvent Software GmbH)
"D:\Programme\ScanSoft\OmniPageSE\EregGer\NAVBrowser.exe" = D:\Programme\ScanSoft\OmniPageSE\EregGer\NAVBrowser.exe:*:Enabled:NAVBrowser -- (Naviant, Inc.)
"D:\Programme\TeamViewer\Version5\TeamViewer.exe" = D:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"D:\Programme\TeamViewer\Version5\TeamViewer_Service.exe" = D:\Programme\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{079B4FC8-3E7E-431D-89D3-5BDABDD2621B}_is1" = open3A 1.6
"{109AB81D-9732-40B3-9C1F-113A86CE6F93}" = Canon MP Navigator 1.0
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2df687b7-34fa-43ec-bc98-f154d8a88090}" = Nero 9
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3FF3DD04-F386-46B0-97FC-B86238B65487}" = Canon MP Drivers 6.0
"{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1" = System Explorer 3.9.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C40BB83A-F30A-4308-AA58-6C9BF73C12D2}" = kapmanager
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CBE331E3-CB6B-46a3-A669-2C6DABBA2601}" = TheWorld Browser 2.4 Final (2.4.0.7)
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D55D670B-8C3C-434B-89C2-9D7F79C4F0B8}" = PTFB
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E41142B9-79FC-47D7-A2A9-A3D146C447AC}" = kapmanager
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{e73a9892-0062-4b33-b27d-b89cdf4d91fa}" = Gracenote Plug-in
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adress Little 2.0_is1" = Adress Little 2.0
"Babylon Translator" = Babylon Translator
"Browser Mouse Browser Mouse" = Browser Mouse Browser Mouse 1.0
"CANONBJ_Deinstall_CNMCP5m.DLL" = Canon i865
"C-Media Audio" = C-Media 3D Audio
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dMC Power Pack" = dMC Power Pack
"DolphinHal_Demo" = Hal Professionell 30 Minuten Demo
"EasyRechnung" = EasyRechnung
"ESET Online Scanner" = ESET Online Scanner v3
"FileOpenPatcher" = FileOpenPatcher
"FileZilla Server" = FileZilla Server
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader_is1" = Foxit Reader
"Freeware Faktura" = Freeware Faktura 2012.04.20
"Freeware.de Toolbar" = Freeware.de Toolbar
"ie8" = Windows Internet Explorer 8
"InstallShield_{7D1C2184-C19D-471F-906E-4239BC7B27F8}" = PLEXTALK Recording Software 2.05.02.00
"MailStore Home 2.7.2_is1" = MailStore Home 2.7.2.2033
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.50
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MWSnap 3" = MWSnap 3
"NVDA" = NVDA
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoFiltre" = PhotoFiltre
"PTBSync" = PTBSync (Atomuhr Synchronisation & Terminkalender)
"SLABCOMM" = CP2101 USB to UART Bridge Controller
"SlimBrowser" = FlashPeak SlimBrowser
"Soulseek2" = SoulSeek 157 NS 13e
"ST6UNST #1" = Rechnung
"System Explorer_is1" = System Explorer 3.7.1
"TeamViewer 5" = TeamViewer 5
"Totalcmd" = Total Commander (Remove or Repair)
"Unlocker" = Unlocker 1.8.7
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.3
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.10.2012 06:18:41 | Computer Name = RECHTS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 04.10.2012 06:18:41 | Computer Name = RECHTS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 04.10.2012 06:18:45 | Computer Name = RECHTS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 10.10.2012 10:15:23 | Computer Name = RECHTS | Source = Microsoft Security Client | ID = 5000
Description =
Error - 11.10.2012 06:53:03 | Computer Name = RECHTS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 11.10.2012 07:43:21 | Computer Name = RECHTS | Source = MsiInstaller | ID = 10005
Description = Product: Nero Live -- This .msi file cannot be executed. Please start
Setup.exe to install this application
Error - 11.10.2012 08:13:30 | Computer Name = RECHTS | Source = MsiInstaller | ID = 10005
Description = Product: Advertising Center -- This .msi file cannot be executed.
Please start Setup.exe to install this application
Error - 18.10.2012 09:13:59 | Computer Name = RECHTS | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 15.0.1.4631, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 22.10.2012 06:05:23 | Computer Name = RECHTS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 22.10.2012 06:05:23 | Computer Name = RECHTS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
[ System Events ]
Error - 17.10.2012 06:46:47 | Computer Name = RECHTS | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 17.10.2012 06:49:18 | Computer Name = RECHTS | Source = Print | ID = 19
Description = Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker Canon 2 (USB),
Freigabename Drucker6.
Error - 17.10.2012 06:50:23 | Computer Name = RECHTS | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
Fehler:
"%3"
aufgetreten
beim Starten dieses Befehls: D:\Programme\Messenger\msmsgs.exe -Embedding
Error - 17.10.2012 07:43:05 | Computer Name = RECHTS | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
Fehler:
"%3"
aufgetreten
beim Starten dieses Befehls: D:\Programme\Messenger\msmsgs.exe -Embedding
Error - 17.10.2012 07:43:58 | Computer Name = RECHTS | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
Fehler:
"%3"
aufgetreten
beim Starten dieses Befehls: D:\Programme\Messenger\msmsgs.exe -Embedding
Error - 17.10.2012 08:04:42 | Computer Name = RECHTS | Source = SideBySide | ID = 16842810
Description = Syntaxfehler in der Manifest- oder Richtliniendatei "D:\Programme\Nero\Nero
9\Nero Express\AudioPluginMgr\APM_MSAxp.dll" in Zeile 1.
Error - 17.10.2012 08:04:42 | Computer Name = RECHTS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für D:\Programme\Nero\Nero 9\Nero
Express\AudioPluginMgr\APM_MSAxp.dll fehlgeschlagen. Referenzfehlermeldung: Der Vorgang
wurde erfolgreich beendet. .
Error - 18.10.2012 05:38:22 | Computer Name = RECHTS | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
Fehler:
"%3"
aufgetreten
beim Starten dieses Befehls: D:\Programme\Messenger\msmsgs.exe -Embedding
Error - 18.10.2012 10:02:36 | Computer Name = RECHTS | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
Fehler:
"%3"
aufgetreten
beim Starten dieses Befehls: D:\Programme\Messenger\msmsgs.exe -Embedding
Error - 22.10.2012 06:04:52 | Computer Name = RECHTS | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
Fehler:
"%3"
aufgetreten
beim Starten dieses Befehls: D:\Programme\Messenger\msmsgs.exe -Embedding
< End of report >
danke Günther |
|
22.10.2012, 12:15
| #20 |
| | Googelergebnisse leiten auf falsche Seiten OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.10.2012 13:03:03 - Run 3 OTL by OldTimer - Version 3.2.68.0 Folder = D:\Dokumente und Einstellungen\Günther\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 767,48 Mb Total Physical Memory | 352,91 Mb Available Physical Memory | 45,98% Memory free 1,83 Gb Paging File | 1,27 Gb Available in Paging File | 69,14% Paging File free Paging file location(s): D:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme Drive C: | 3,91 Gb Total Space | 0,28 Gb Free Space | 7,19% Space Free | Partition Type: NTFS Drive D: | 37,26 Gb Total Space | 12,74 Gb Free Space | 34,20% Space Free | Partition Type: NTFS Drive E: | 24,70 Gb Total Space | 0,87 Gb Free Space | 3,52% Space Free | Partition Type: FAT32 Drive F: | 111,79 Gb Total Space | 76,49 Gb Free Space | 68,42% Space Free | Partition Type: NTFS Computer Name: RECHTS | User Name: Günther | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Dokumente und Einstellungen\Günther\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Programme\System Explorer\SystemExplorer.exe (Mister Group) PRC - D:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - D:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Programme\PTBSync\PTBSync.exe (ElmüSoft) PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - D:\Programme\System Explorer\service\SystemExplorerService.exe (Mister Group) PRC - D:\Programme\NVDA\nvda_service.exe (NV Access Limited) PRC - D:\Programme\open3A\apache\bin\apache.exe (Apache Software Foundation) PRC - D:\Programme\open3A\mysql\bin\mysqld-nt.exe () PRC - D:\Programme\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project) PRC - D:\Programme\FileZilla Server\FileZilla server.exe (FileZilla Project) PRC - D:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - D:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - D:\Programme\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.) PRC - D:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - D:\Programme\Unlocker\UnlockerAssistant.exe () PRC - D:\Programme\Outlook Express\msimn.exe (Microsoft Corporation) PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - D:\Programme\PTFB\PTFB.exe (Technology Lighthouse) PRC - D:\WINDOWS\system32\dolserve.exe (Dolphin Oceanic Ltd.) PRC - D:\Programme\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc) PRC - D:\Programme\Neolec Crystal OP\LwbWheel.exe () PRC - D:\Programme\Babylon Translator\babylon.exe (Babylon Ltd.) PRC - D:\WINDOWS\speech\vcmd.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - D:\Programme\Mozilla Firefox\mozjs.dll () MOD - D:\Programme\open3A\apache\bin\libmysql.dll () MOD - D:\Programme\open3A\apache\bin\libpq.dll () MOD - D:\Programme\open3A\mysql\bin\mysqld-nt.exe () MOD - D:\Programme\NVDA\_ctypes.pyd () MOD - D:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - D:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - D:\Programme\NVDA\servicemanager.pyd () MOD - D:\Programme\NVDA\win32api.pyd () MOD - D:\Programme\NVDA\win32service.pyd () MOD - D:\Programme\NVDA\pywintypes27.dll () MOD - D:\Programme\Unlocker\UnlockerAssistant.exe () MOD - D:\Programme\Unlocker\UnlockerHook.dll () MOD - D:\WINDOWS\system32\nvapi.dll () MOD - D:\Programme\Neolec Crystal OP\MouseDll.dll () MOD - D:\Programme\Neolec Crystal OP\LwbWheel.exe () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (MsMpSvc) -- D:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (MozillaMaintenance) -- D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SystemExplorerHelpService) -- D:\Programme\System Explorer\service\SystemExplorerService.exe (Mister Group) SRV - (nvda) -- D:\Programme\NVDA\nvda_service.exe (NV Access Limited) SRV - (Apache2.2) -- D:\Programme\open3A\apache\bin\apache.exe (Apache Software Foundation) SRV - (mysql) -- D:\Programme\open3A\mysql\bin\mysqld-nt.exe () SRV - (ServiceLayer) -- D:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (FileZilla Server) -- D:\Programme\FileZilla Server\FileZilla server.exe (FileZilla Project) SRV - (Nero BackItUp Scheduler 4.0) -- D:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (IDriverT) -- D:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (DolphinInterceptorStartup) -- D:\WINDOWS\system32\dolserve.exe (Dolphin Oceanic Ltd.) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (CFcatchme) -- D:\DOKUME~1\GNTHER~1\LOKALE~1\Temp\CFcatchme.sys File not found DRV - (catchme) -- D:\ComboFix\catchme.sys File not found DRV - (WinRing0_1_2_0) -- D:\WINDOWS\system32\drivers\ptbring0.sys (OpenLibSys.org) DRV - (MBAMProtector) -- D:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (pccsmcfd) -- D:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (PortTalk) -- D:\WINDOWS\system32\drivers\ptbtalk.sys (Beyond Logic Beyondlogic) DRV - (nmwcdc) -- D:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- D:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- D:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- D:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (teamviewervpn) -- D:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (gameenum) -- D:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (UFBFilte) -- D:\WINDOWS\system32\drivers\UFBFilte.sys (????--?) DRV - (slabbus) -- D:\WINDOWS\system32\drivers\slabbus.sys (MCCI) DRV - (viaagp1) -- D:\WINDOWS\system32\drivers\VIAAGP1.SYS (VIA Technologies, Inc.) DRV - (fpcibase) -- D:\WINDOWS\system32\drivers\fpcibase.sys (AVM GmbH) DRV - (AVMWAN) -- D:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - D:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\SearchScopes,DefaultScope = {DF21B326-B87E-496D-AB18-685E54F7EAA9} IE - HKCU\..\SearchScopes\{DF21B326-B87E-496D-AB18-685E54F7EAA9}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.meteox.de/gmap.aspx?soort=loop3uur&zoom=7&lat=52.2385&lon=10.5385|https://safecart.com/pcutilitiespro/.op-special/purchase|hxxp://download.web.de/toolbar/firefox/runonce.html|chrome://unitedtb/content/pref/opt-in.xhtml" FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:15.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: D:\Programme\Java\jre6\lib\deploy\jqs\ff [2012.03.12 14:33:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.09.10 13:48:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.02.29 14:20:03 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\Günther\Anwendungsdaten\Mozilla\Extensions [2012.10.11 14:19:44 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\Günther\Anwendungsdaten\Mozilla\Firefox\Profiles\4nldfmer.default\extensions [2012.10.10 17:00:12 | 000,002,273 | ---- | M] () -- D:\Dokumente und Einstellungen\Günther\Anwendungsdaten\Mozilla\Firefox\Profiles\4nldfmer.default\searchplugins\englische-ergebnisse.xml [2012.09.10 13:48:04 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions [2012.09.10 13:48:21 | 000,000,000 | ---D | M] (Default) -- D:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.09.10 13:48:21 | 000,266,720 | ---- | M] (Mozilla Foundation) -- D:\Programme\mozilla firefox\components\browsercomps.dll [2012.08.15 15:30:41 | 000,001,392 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 14:50:48 | 000,002,465 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\bing.xml [2012.08.15 15:30:41 | 000,001,153 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.09.05 14:50:48 | 000,003,581 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\google.xml [2012.08.15 15:30:41 | 000,006,805 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.15 15:30:41 | 000,001,178 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.15 15:30:41 | 000,001,105 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.08 13:07:25 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - D:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - D:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - D:\Programme\Freeware.de\prxtbFre2.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdressLittle] D:\Programme\Adress Little 2.0\ageb.exe (Joachim Stroemer) O4 - HKLM..\Run: [LWBMOUSE] D:\Programme\Neolec Crystal OP\LwbWheel.exe () O4 - HKLM..\Run: [MSC] D:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Omnipage] D:\Programme\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc) O4 - HKLM..\Run: [PTBSync] D:\Programme\PTBSync\PTBSync.exe (ElmüSoft) O4 - HKLM..\Run: [UnlockerAssistant] D:\Programme\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [Babylon Translator] D:\Programme\Babylon Translator\babylon.exe (Babylon Ltd.) O4 - HKCU..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [FileZilla Server Interface] D:\Programme\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project) O4 - HKCU..\Run: [SystemExplorerAutoStart] D:\Programme\System Explorer\SystemExplorer.exe (Mister Group) O4 - Startup: D:\Dokumente und Einstellungen\Günther\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = D:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: D:\Dokumente und Einstellungen\Günther\Startmenü\Programme\Autostart\PTFB.lnk = D:\Programme\PTFB\PTFB.exe (Technology Lighthouse) O4 - Startup: D:\Dokumente und Einstellungen\Günther\Startmenü\Programme\Autostart\Total Commander.lnk = D:\Programme\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.) O4 - Startup: D:\Dokumente und Einstellungen\Günther\Startmenü\Programme\Autostart\Verknüpfung mit msimn.lnk = D:\Programme\Outlook Express\msimn.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - D:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225890083727 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8B4E240-5ACC-4D6D-84C1-B89172D0518E}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - D:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - D:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - D:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - D:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - D:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - D:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - D:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - D:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - D:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - D:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - D:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - D:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - D:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - D:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - D:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - D:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.08 14:08:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.18 13:32:25 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Günther\Anwendungsdaten\FileZilla [2012.10.18 13:32:15 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Günther\Startmenü\Programme\FileZilla FTP Client [2012.10.18 13:32:11 | 000,000,000 | ---D | C] -- D:\Programme\FileZilla FTP Client [2012.10.18 12:48:27 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FileZilla Server [2012.10.18 12:48:23 | 000,000,000 | ---D | C] -- D:\Programme\FileZilla Server [2012.10.17 12:56:58 | 000,000,000 | ---D | C] -- D:\Programme\ESET [2012.10.17 12:46:43 | 000,000,000 | ---D | C] -- D:\_OTL [2012.10.10 16:15:35 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Günther\Lokale Einstellungen\Anwendungsdaten\PCHealth [2012.10.10 15:55:08 | 000,000,000 | -HSD | C] -- D:\RECYCLER [2012.10.01 16:46:41 | 000,518,144 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe [2012.10.01 16:46:41 | 000,406,528 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe [2012.10.01 16:46:41 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe [2012.10.01 16:46:41 | 000,060,416 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe [2012.10.01 16:46:27 | 000,000,000 | ---D | C] -- D:\Qoobox [2012.10.01 16:46:19 | 000,000,000 | R--D | C] -- D:\Dokumente und Einstellungen\Günther\Startmenü\Programme\Verwaltung [2012.10.01 16:45:56 | 000,000,000 | ---D | C] -- D:\WINDOWS\erdnt [2012.09.26 15:23:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Dokumente und Einstellungen\Günther\Desktop\OTL.exe ========== Files - Modified Within 30 Days ========== [2012.10.22 13:06:53 | 000,000,422 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{E9B1A2C8-E9A4-47B0-A184-99AFD58F38C6}.job [2012.10.22 13:05:00 | 000,001,798 | ---- | M] () -- D:\Dokumente und Einstellungen\Günther\Eigene Dateien\PTBSync-AutoExport-Günther.ini [2012.10.22 12:13:55 | 000,000,386 | -H-- | M] () -- D:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012.10.22 12:04:59 | 000,004,933 | ---- | M] () -- D:\WINDOWS\wincmd.ini [2012.10.22 12:04:45 | 000,088,566 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml [2012.10.22 12:03:48 | 000,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2012.10.22 12:03:47 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2012.10.22 12:03:45 | 804,835,328 | -HS- | M] () -- D:\hiberfil.sys [2012.10.18 12:48:27 | 000,001,724 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\FileZilla Server Interface.lnk [2012.10.17 16:24:39 | 000,001,065 | ---- | M] () -- D:\WINDOWS\winamp.ini [2012.10.11 17:47:15 | 000,000,375 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts.ics [2012.10.10 16:15:22 | 000,001,917 | ---- | M] () -- D:\WINDOWS\epplauncher.mif [2012.10.10 16:00:09 | 000,001,393 | ---- | M] () -- D:\WINDOWS\imsins.BAK [2012.10.08 13:07:25 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts [2012.10.08 12:36:16 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerApp.exe [2012.10.08 12:36:14 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.10.04 14:46:20 | 017,805,468 | ---- | M] () -- D:\Dokumente und Einstellungen\Günther\Desktop\Alto2 CD-image.nrg [2012.10.04 14:31:19 | 000,000,086 | ---- | M] () -- D:\Dokumente und Einstellungen\Günther\Desktop\Topfield HD-Receiver Test und Testberichte.URL [2012.10.01 15:21:56 | 005,988,760 | ---- | M] () -- D:\Dokumente und Einstellungen\Günther\Desktop\topfield crt2401 Anl..pdf [2012.09.26 16:34:11 | 000,069,895 | ---- | M] () -- D:\Dokumente und Einstellungen\Günther\Eigene Dateien\trojaner-board.rtf [2012.09.26 15:23:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Dokumente und Einstellungen\Günther\Desktop\OTL.exe ========== Files Created - No Company Name ========== [2012.10.18 12:48:27 | 000,001,724 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Desktop\FileZilla Server Interface.lnk [2012.10.10 16:29:44 | 000,000,386 | -H-- | C] () -- D:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012.10.04 14:46:04 | 017,805,468 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\Desktop\Alto2 CD-image.nrg [2012.10.04 14:31:19 | 000,000,086 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\Desktop\Topfield HD-Receiver Test und Testberichte.URL [2012.10.01 18:13:18 | 005,988,760 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\Desktop\topfield crt2401 Anl..pdf [2012.10.01 16:46:41 | 000,256,000 | ---- | C] () -- D:\WINDOWS\PEV.exe [2012.10.01 16:46:41 | 000,208,896 | ---- | C] () -- D:\WINDOWS\MBR.exe [2012.10.01 16:46:41 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe [2012.10.01 16:46:41 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe [2012.10.01 16:46:41 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe [2012.09.26 16:34:11 | 000,069,895 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\Eigene Dateien\trojaner-board.rtf [2012.09.10 15:23:57 | 000,005,407 | ---- | C] () -- D:\WINDOWS\my.ini [2012.09.10 13:59:02 | 000,000,142 | ---- | C] () -- D:\WINDOWS\System32\gdichain.ini [2012.09.10 13:58:48 | 000,000,380 | ---- | C] () -- D:\WINDOWS\dcmuser.ini [2012.08.29 13:30:27 | 000,000,060 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\Anwendungsdaten\mbam.context.scan [2012.07.30 12:47:32 | 000,000,238 | ---- | C] () -- D:\WINDOWS\System32\xscan32.dat [2012.07.30 11:07:08 | 000,007,680 | ---- | C] () -- D:\WINDOWS\System32\CNMVS6y.DLL [2012.06.05 13:45:45 | 000,000,000 | ---- | C] () -- D:\WINDOWS\PLEXTRS.INI [2012.02.15 13:24:19 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll [2011.11.29 19:22:11 | 000,132,520 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\w11 cd1.jpg [2011.11.29 19:21:56 | 000,147,209 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\w11 cd2.jpg [2010.02.23 19:42:39 | 000,007,168 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.06 16:38:25 | 000,021,616 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\image010.jpg [2009.06.29 12:40:24 | 000,022,723 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\UL25100.pdf [2009.05.11 14:21:01 | 000,868,675 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\Poster A1 Hallenplan 2009.pdf [2009.04.23 11:50:04 | 000,151,972 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\2009_05rechnung_4763659586.pdf [2009.04.01 15:22:27 | 000,022,921 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\UL25079.pdf [2009.03.11 15:12:49 | 000,988,743 | ---- | C] () -- D:\Dokumente und Einstellungen\Günther\Katalog-2008.pdf ========== ZeroAccess Check ========== [2009.03.19 13:43:20 | 000,000,227 | RHS- | M] () -- D:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.10.2012 13:03:03 - Run 3
OTL by OldTimer - Version 3.2.68.0 Folder = D:\Dokumente und Einstellungen\Günther\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
767,48 Mb Total Physical Memory | 352,91 Mb Available Physical Memory | 45,98% Memory free
1,83 Gb Paging File | 1,27 Gb Available in Paging File | 69,14% Paging File free
Paging file location(s): D:\pagefile.sys 1152 2304 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 3,91 Gb Total Space | 0,28 Gb Free Space | 7,19% Space Free | Partition Type: NTFS
Drive D: | 37,26 Gb Total Space | 12,74 Gb Free Space | 34,20% Space Free | Partition Type: NTFS
Drive E: | 24,70 Gb Total Space | 0,87 Gb Free Space | 3,52% Space Free | Partition Type: FAT32
Drive F: | 111,79 Gb Total Space | 76,49 Gb Free Space | 68,42% Space Free | Partition Type: NTFS
Computer Name: RECHTS | User Name: Günther | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SlimBrowserHtml] -- D:\Programme\SlimBrowser\sbframe.exe (FlashPeak Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "D:\Programme\SlimBrowser\sbframe.exe" -nosp -ni (FlashPeak Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Programme\Soulseek\slsk.exe" = D:\Programme\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"D:\Programme\deepinvent\MailStore Home\MailStoreLocal.exe" = D:\Programme\deepinvent\MailStore Home\MailStoreLocal.exe:*:Enabled:MailStore Home -- (deepinvent Software GmbH)
"D:\Programme\ScanSoft\OmniPageSE\EregGer\NAVBrowser.exe" = D:\Programme\ScanSoft\OmniPageSE\EregGer\NAVBrowser.exe:*:Enabled:NAVBrowser -- (Naviant, Inc.)
"D:\Programme\TeamViewer\Version5\TeamViewer.exe" = D:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"D:\Programme\TeamViewer\Version5\TeamViewer_Service.exe" = D:\Programme\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{079B4FC8-3E7E-431D-89D3-5BDABDD2621B}_is1" = open3A 1.6
"{109AB81D-9732-40B3-9C1F-113A86CE6F93}" = Canon MP Navigator 1.0
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2df687b7-34fa-43ec-bc98-f154d8a88090}" = Nero 9
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3FF3DD04-F386-46B0-97FC-B86238B65487}" = Canon MP Drivers 6.0
"{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1" = System Explorer 3.9.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C40BB83A-F30A-4308-AA58-6C9BF73C12D2}" = kapmanager
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CBE331E3-CB6B-46a3-A669-2C6DABBA2601}" = TheWorld Browser 2.4 Final (2.4.0.7)
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D55D670B-8C3C-434B-89C2-9D7F79C4F0B8}" = PTFB
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E41142B9-79FC-47D7-A2A9-A3D146C447AC}" = kapmanager
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{e73a9892-0062-4b33-b27d-b89cdf4d91fa}" = Gracenote Plug-in
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adress Little 2.0_is1" = Adress Little 2.0
"Babylon Translator" = Babylon Translator
"Browser Mouse Browser Mouse" = Browser Mouse Browser Mouse 1.0
"CANONBJ_Deinstall_CNMCP5m.DLL" = Canon i865
"C-Media Audio" = C-Media 3D Audio
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dMC Power Pack" = dMC Power Pack
"DolphinHal_Demo" = Hal Professionell 30 Minuten Demo
"EasyRechnung" = EasyRechnung
"ESET Online Scanner" = ESET Online Scanner v3
"FileOpenPatcher" = FileOpenPatcher
"FileZilla Server" = FileZilla Server
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader_is1" = Foxit Reader
"Freeware Faktura" = Freeware Faktura 2012.04.20
"Freeware.de Toolbar" = Freeware.de Toolbar
"ie8" = Windows Internet Explorer 8
"InstallShield_{7D1C2184-C19D-471F-906E-4239BC7B27F8}" = PLEXTALK Recording Software 2.05.02.00
"MailStore Home 2.7.2_is1" = MailStore Home 2.7.2.2033
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.50
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MWSnap 3" = MWSnap 3
"NVDA" = NVDA
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoFiltre" = PhotoFiltre
"PTBSync" = PTBSync (Atomuhr Synchronisation & Terminkalender)
"SLABCOMM" = CP2101 USB to UART Bridge Controller
"SlimBrowser" = FlashPeak SlimBrowser
"Soulseek2" = SoulSeek 157 NS 13e
"ST6UNST #1" = Rechnung
"System Explorer_is1" = System Explorer 3.7.1
"TeamViewer 5" = TeamViewer 5
"Totalcmd" = Total Commander (Remove or Repair)
"Unlocker" = Unlocker 1.8.7
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.3
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.10.2012 06:18:41 | Computer Name = RECHTS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 04.10.2012 06:18:41 | Computer Name = RECHTS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 04.10.2012 06:18:45 | Computer Name = RECHTS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 10.10.2012 10:15:23 | Computer Name = RECHTS | Source = Microsoft Security Client | ID = 5000
Description =
Error - 11.10.2012 06:53:03 | Computer Name = RECHTS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 11.10.2012 07:43:21 | Computer Name = RECHTS | Source = MsiInstaller | ID = 10005
Description = Product: Nero Live -- This .msi file cannot be executed. Please start
Setup.exe to install this application
Error - 11.10.2012 08:13:30 | Computer Name = RECHTS | Source = MsiInstaller | ID = 10005
Description = Product: Advertising Center -- This .msi file cannot be executed.
Please start Setup.exe to install this application
Error - 18.10.2012 09:13:59 | Computer Name = RECHTS | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 15.0.1.4631, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 22.10.2012 06:05:23 | Computer Name = RECHTS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 22.10.2012 06:05:23 | Computer Name = RECHTS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
[ System Events ]
Error - 17.10.2012 06:46:47 | Computer Name = RECHTS | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 17.10.2012 06:49:18 | Computer Name = RECHTS | Source = Print | ID = 19
Description = Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker Canon 2 (USB),
Freigabename Drucker6.
Error - 17.10.2012 06:50:23 | Computer Name = RECHTS | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
Fehler:
"%3"
aufgetreten
beim Starten dieses Befehls: D:\Programme\Messenger\msmsgs.exe -Embedding
Error - 17.10.2012 07:43:05 | Computer Name = RECHTS | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
Fehler:
"%3"
aufgetreten
beim Starten dieses Befehls: D:\Programme\Messenger\msmsgs.exe -Embedding
Error - 17.10.2012 07:43:58 | Computer Name = RECHTS | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
Fehler:
"%3"
aufgetreten
beim Starten dieses Befehls: D:\Programme\Messenger\msmsgs.exe -Embedding
Error - 17.10.2012 08:04:42 | Computer Name = RECHTS | Source = SideBySide | ID = 16842810
Description = Syntaxfehler in der Manifest- oder Richtliniendatei "D:\Programme\Nero\Nero
9\Nero Express\AudioPluginMgr\APM_MSAxp.dll" in Zeile 1.
Error - 17.10.2012 08:04:42 | Computer Name = RECHTS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für D:\Programme\Nero\Nero 9\Nero
Express\AudioPluginMgr\APM_MSAxp.dll fehlgeschlagen. Referenzfehlermeldung: Der Vorgang
wurde erfolgreich beendet. .
Error - 18.10.2012 05:38:22 | Computer Name = RECHTS | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
Fehler:
"%3"
aufgetreten
beim Starten dieses Befehls: D:\Programme\Messenger\msmsgs.exe -Embedding
Error - 18.10.2012 10:02:36 | Computer Name = RECHTS | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
Fehler:
"%3"
aufgetreten
beim Starten dieses Befehls: D:\Programme\Messenger\msmsgs.exe -Embedding
Error - 22.10.2012 06:04:52 | Computer Name = RECHTS | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
Fehler:
"%3"
aufgetreten
beim Starten dieses Befehls: D:\Programme\Messenger\msmsgs.exe -Embedding
< End of report >
danke Günther ooops, das war 2-mal das Selbe |
|
23.10.2012, 18:27
| #21 |
| /// Selecta Jahrusso | Googelergebnisse leiten auf falsche Seiten Hy und sorry. Habe gerade viel um die Ohren. Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Downloade dir bitte OTC Starte das Tool mit Doppelklick. Dies wird die meisten Logfiles, Tools usw die wir benötigt haben, entfernen. Sollte etwas bestehen bleiben, bitte manuell löschen. Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Googelergebnisse leiten auf falsche Seiten |
|
24.10.2012, 12:02
| #22 |
| | Googelergebnisse leiten auf falsche Seiten Hi, Danke - alles prima ciao Günther |
|
| Themen zu Googelergebnisse leiten auf falsche Seiten |
| application/pdf:, bho, conduit, converter, desktop, einstellungen, error, explorer, firefox, flash player, format, home, loadtbs-3.0, logfile, maus, mozilla, musik, object, plug-in, port, problem, registry, remote control, rundll, safer networking, scan, security, software, starten, temp, udp, windows internet |
Linear-Darstellung
