| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Generic.6760809 im Receycler und System Volume InformationWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
14.11.2012, 21:55
| #1 |
 |  Trojan.Generic.6760809 im Receycler und System Volume InformationCode:
ATTFilter # AdwCleaner v2.007 - Datei am 14/11/2012 um 21:37:11 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Admin - AIRBORNE1
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Admin\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\pdfforge
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Conduit
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [1110 octets] - [14/11/2012 20:31:16]
AdwCleaner[S1].txt - [1044 octets] - [14/11/2012 21:37:11]
########## EOF - C:\AdwCleaner[S1].txt - [1104 octets] ##########
OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.11.2012 21:41:50 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,50 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 84,30% Memory free 2,35 Gb Paging File | 2,13 Gb Available in Paging File | 90,69% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 233,81 Gb Total Space | 23,13 Gb Free Space | 9,89% Space Free | Partition Type: NTFS Drive G: | 1397,26 Gb Total Space | 986,24 Gb Free Space | 70,58% Space Free | Partition Type: NTFS Computer Name: AIRBORNE1 | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\WINDOWS\system32\UTSCSI.EXE () PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation) PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) ========== Modules (No Company Name) ========== MOD - C:\Programme\AVAST Software\Avast\defs\12111401\algo.dll () MOD - C:\Programme\Notepad++\NppShell_04.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\WINDOWS\system32\UTSCSI.EXE () MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe () MOD - C:\Programme\PSPad editor\PSPadShell.dll () MOD - C:\WINDOWS\system32\pdfcmnnt.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (UTSCSI) -- C:\WINDOWS\system32\UTSCSI.EXE () SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (EagleXNt) -- C:\WINDOWS\system32\drivers\EagleXNt.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys File not found DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadserd) -- C:\WINDOWS\system32\drivers\ssadserd.sys (MCCI Corporation) DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc) DRV - (ssadmdfl) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (silabser) -- C:\WINDOWS\system32\drivers\silabser.sys (Silicon Laboratories) DRV - (silabenm) -- C:\WINDOWS\system32\drivers\silabenm.sys (Silicon Laboratories, Inc.) DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation) DRV - (hcwPVRP2) -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys (Hauppauge Computer Works, Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (cmpci) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc) DRV - (IOPort) -- C:\WINDOWS\system32\drivers\IOPORT.SYS (Erik Salaj) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1275210071-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1275210071-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 84 24 3A 9E A5 CD 01 [binary data] IE - HKU\S-1-5-21-1275210071-2049760794-839522115-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1275210071-2049760794-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1275210071-2049760794-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.edkb.de/wetter/edkb.html" FF - prefs.js..extensions.enabledAddons: listit@csail.mit.edu:0.5.0.2 FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.3 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.http: "65.51.181.123" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.11.09 20:44:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.28 09:31:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.28 09:31:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.10.29 22:23:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.12.02 23:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions [2010.12.02 23:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.03 08:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions [2012.08.09 20:25:55 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.11.03 08:37:51 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.01.22 00:19:00 | 001,085,841 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions\listit@csail.mit.edu.xpi [2012.08.05 21:17:56 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.28 09:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.28 09:31:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.28 09:31:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2012.06.19 22:43:28 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 21:08:48 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.19 22:43:28 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 22:43:28 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 22:43:28 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 22:43:28 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.12 23:56:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [WinPatrol] C:\Programme\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1275210071-2049760794-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1275210071-2049760794-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1275210071-2049760794-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O15 - HKU\S-1-5-21-1275210071-2049760794-839522115-1003\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-1275210071-2049760794-839522115-1003\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2178DDF3-43FF-403C-9D39-9E2062495B6C}: DhcpNameServer = 192.168.0.100 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.11.27 10:17:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.07.10 03:14:07 | 000,000,000 | R--D | M] - G:\autorun -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.14 16:56:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.11.13 21:54:28 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.11.12 23:57:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012.11.12 23:49:33 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.11.12 23:47:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.11.12 23:47:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.11.12 23:47:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.11.12 23:47:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.11.12 23:46:47 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.12 23:46:42 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Eigene Videos [2012.11.12 23:46:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.11.12 23:44:41 | 005,000,679 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Admin\Desktop\ComboFix.exe [2012.11.12 23:18:17 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Admin\Desktop\tdsskiller.exe [2012.11.12 23:16:53 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Admin\Desktop\aswMBR.exe [2012.11.12 22:58:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\WinPatrol [2012.11.12 22:58:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinPatrol [2012.11.12 22:58:33 | 000,000,000 | ---D | C] -- C:\Programme\BillP Studios [2012.11.10 16:02:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\vlc [2012.11.10 16:01:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [2012.11.09 20:45:05 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.11.09 20:45:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus [2012.11.09 20:45:04 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.11.09 20:45:03 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.11.09 20:45:02 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.11.09 20:45:02 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.11.09 20:45:01 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.11.09 20:45:01 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.11.09 20:45:01 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.11.09 20:43:56 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.11.09 20:43:54 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012.11.09 20:43:31 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2012.11.09 20:43:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.11.08 22:05:25 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe [2012.11.08 22:05:25 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2012.11.08 21:37:42 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Recent [2012.11.06 22:03:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\sun [2012.11.06 22:02:14 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.4.1 [2012.11.06 22:00:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2012.11.06 18:16:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2012.11.04 12:04:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2012.11.03 18:25:11 | 000,015,600 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GdPhyMem.sys [2012.11.03 18:25:10 | 000,069,552 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys [2012.11.03 18:21:23 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\GdScrSv.de.dll [2012.11.03 17:21:30 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\G Data [2012.11.03 17:21:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2012.10.29 22:23:27 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2012.10.28 09:31:32 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.11.14 21:40:00 | 000,000,354 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.11.14 21:39:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.14 21:06:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.14 20:30:44 | 000,541,569 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\adwcleaner.exe [2012.11.14 17:27:07 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.11.14 17:21:24 | 000,517,474 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.14 17:21:24 | 000,494,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.14 17:21:24 | 000,101,628 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.14 17:21:24 | 000,084,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.14 17:10:14 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.14 16:44:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2012.11.14 00:47:42 | 000,001,441 | ---- | M] () -- C:\scu.dat [2012.11.13 22:13:53 | 000,000,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\mbam.context.scan [2012.11.13 21:06:32 | 000,718,187 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Gebäudeversicherung.pdf [2012.11.13 18:04:58 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\jn1rsnny.exe [2012.11.12 23:56:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.11.12 23:49:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012.11.12 23:44:51 | 005,000,679 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Admin\Desktop\ComboFix.exe [2012.11.12 23:18:18 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Admin\Desktop\tdsskiller.exe [2012.11.12 23:17:15 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Admin\Desktop\aswMBR.exe [2012.11.11 19:41:12 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLet.DAT [2012.11.10 20:20:22 | 000,000,101 | ---- | M] () -- C:\WINDOWS\CMMIXER.INI [2012.11.10 16:59:20 | 000,000,638 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Winamp.lnk [2012.11.10 16:05:31 | 000,062,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.10 16:01:51 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2012.11.09 20:45:05 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.11.09 20:45:01 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.11.09 17:54:18 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\480wtml6.exe [2012.11.09 10:55:34 | 000,861,312 | ---- | M] () -- C:\WINDOWS\System32\sig.bin [2012.11.09 10:55:34 | 000,046,027 | ---- | M] () -- C:\WINDOWS\System32\nmp.map [2012.11.08 22:48:11 | 000,001,814 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lightroom 3.6.lnk [2012.11.08 22:28:28 | 000,000,878 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2012.11.08 16:59:58 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.08 16:35:45 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.11.08 16:35:45 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.11.06 22:02:14 | 000,000,909 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.4.1.lnk [2012.11.06 21:28:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.06 18:19:11 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable [2012.11.06 18:18:34 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe [2012.11.04 12:05:51 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.11.03 18:25:11 | 000,015,600 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GdPhyMem.sys [2012.11.03 18:25:10 | 000,069,552 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.10.30 23:51:57 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012.10.23 19:20:03 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT [2012.10.22 20:56:29 | 001,866,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys [2012.10.22 20:56:29 | 001,866,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys ========== Files Created - No Company Name ========== [2012.11.14 20:30:43 | 000,541,569 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\adwcleaner.exe [2012.11.14 17:10:12 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012.11.13 22:13:53 | 000,000,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\mbam.context.scan [2012.11.13 21:06:32 | 000,718,187 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Gebäudeversicherung.pdf [2012.11.13 18:04:58 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\jn1rsnny.exe [2012.11.12 23:49:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012.11.12 23:49:34 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.11.12 23:47:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.11.12 23:47:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.11.12 23:47:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.11.12 23:47:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.11.12 23:47:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.11.10 16:59:20 | 000,000,638 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Winamp.lnk [2012.11.10 16:01:51 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2012.11.09 20:45:05 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.11.09 20:45:01 | 000,000,354 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.11.09 17:54:18 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\480wtml6.exe [2012.11.08 22:48:11 | 000,001,814 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lightroom 3.6.lnk [2012.11.08 22:48:10 | 000,001,808 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Photoshop Lightroom 3.6.lnk [2012.11.08 22:28:28 | 000,000,878 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2012.11.06 22:02:14 | 000,000,909 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.4.1.lnk [2012.11.06 18:19:11 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable [2012.11.06 18:18:33 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe [2012.11.04 07:40:08 | 000,861,312 | ---- | C] () -- C:\WINDOWS\System32\sig.bin [2012.11.04 07:40:08 | 000,046,027 | ---- | C] () -- C:\WINDOWS\System32\nmp.map [2012.11.03 09:06:44 | 000,001,441 | ---- | C] () -- C:\scu.dat [2012.08.16 21:05:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI [2012.08.16 19:56:17 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Analog Mono [2012.08.16 19:56:17 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Action Clauses [2012.08.16 19:56:17 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLes.DAT [2012.08.16 19:54:51 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Analog Pad [2012.08.16 19:54:51 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ambient [2012.08.16 19:54:51 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Alerts [2012.08.16 19:54:51 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Action [2012.08.16 19:54:51 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT [2012.08.16 19:54:51 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLet.DAT [2012.08.16 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Authentication [2012.08.16 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Applications [2012.08.16 19:54:28 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLeo.DAT [2012.04.03 22:48:42 | 000,036,932 | ---- | C] () -- C:\WINDOWS\cmijack.dat [2012.04.03 22:48:42 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini [2012.04.03 22:48:42 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.dat [2012.02.15 17:30:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.12 13:46:45 | 000,000,125 | ---- | C] () -- C:\WINDOWS\TKWIN.INI [2012.02.05 21:49:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.01.31 18:15:42 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2012.01.31 18:15:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2012.01.31 18:15:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2012.01.31 18:15:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.09.08 21:18:23 | 000,558,128 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1275210071-2049760794-839522115-1003-0.dat [2011.09.08 21:18:23 | 000,136,238 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.07.21 16:24:15 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2011.04.04 21:37:10 | 000,000,715 | ---- | C] () -- C:\WINDOWS\wiso.ini [2011.03.23 09:41:27 | 000,000,488 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2011.03.13 15:52:00 | 000,004,726 | ---- | C] () -- C:\WINDOWS\Q-Dir.ini [2011.02.24 21:45:48 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI [2011.02.13 11:54:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE [2011.01.07 20:08:35 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll [2011.01.07 20:08:16 | 000,002,285 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2011.01.06 21:30:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011.01.06 21:29:45 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.01.06 17:44:22 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2010.12.12 16:41:47 | 000,006,678 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\mdbu.bin [2010.12.11 20:51:52 | 000,062,464 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.27 22:57:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll [2010.11.27 22:54:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll [2010.11.27 21:18:33 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2010.11.27 21:06:29 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.11.27 20:54:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\scrub2k.exe [2010.11.27 20:54:50 | 000,000,443 | ---- | C] () -- C:\WINDOWS\hpw0460k.ini [2010.11.27 20:53:35 | 000,000,092 | ---- | C] () -- C:\WINDOWS\hpdj460.ini [2010.11.27 20:53:31 | 000,001,445 | ---- | C] () -- C:\WINDOWS\mariner.ini [2010.11.27 20:37:30 | 000,035,344 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2010.11.27 20:37:08 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010.11.27 20:36:54 | 000,142,337 | ---- | C] () -- C:\WINDOWS\System32\Wait.exe [2010.11.27 20:27:01 | 000,000,199 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2010.11.27 20:27:01 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2010.11.27 17:49:04 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010.11.27 13:15:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.11.27 10:18:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.11.27 10:15:06 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.11.27 10:06:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.11.27 10:05:41 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== ZeroAccess Check ========== [2010.11.27 17:46:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.09.09 15:17:08 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > [/code] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.11.2012 21:41:50 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,50 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 84,30% Memory free
2,35 Gb Paging File | 2,13 Gb Available in Paging File | 90,69% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 233,81 Gb Total Space | 23,13 Gb Free Space | 9,89% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 986,24 Gb Free Space | 70,58% Space Free | Partition Type: NTFS
Computer Name: AIRBORNE1 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1275210071-2049760794-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe" = C:\Programme\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe:*:Disabled:Toolbox for HP Printing System for Windows -- (Hewlett-Packard Company)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\PhoenixRC\phoenixRC.exe" = C:\Programme\PhoenixRC\phoenixRC.exe:*:Enabled:phoenixRC -- ()
"C:\Programme\RealVNC\VNC4\vncviewer.exe" = C:\Programme\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32 -- (RealVNC Ltd.)
"C:\Programme\RealVNC\VNC4\winvnc4.exe" = C:\Programme\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32 -- (RealVNC Ltd.)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{147E4062-DC7C-4B74-B64F-0991516C53B0}_is1" = CodeVisionAVR V2.03.4 ATM18 Evaluation
"{18941178-396B-0CC4-2168-17112315EBB8}" = ccc-utility
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2C7946AF-8AE9-6369-0075-7A3419F59441}" = Catalyst Control Center InstallProxy
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37B3776C-6DE6-4DD4-9AC6-C14952083932}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{579CB8A1-9966-4223-943F-05B3CF84C841}" = Microsoft Visual C++ 2008 Samples
"{59F646AD-A378-4783-8638-EA1AD92E1153}_is1" = MPEG-VCR 3.14.7.5 (09/2010)
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{656E92B7-1C9A-464F-8269-0D3F6AFDACBB}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{790F6156-B231-F7D6-BAE4-741E7CB0ACB1}" = ccc-utility
"{7A03BEDC-6390-440E-8D13-721A22F0BD1F}" = PhoenixRC
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{810AD6B3-C830-A74C-300E-D14820CE1850}" = Catalyst Control Center InstallProxy
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B361E4-A86E-4335-99FF-6C3604788DAB}" = HD Writer AE 1.0 for HDC
"{9875BF9C-8565-4085-B6A4-5D8D838FB5C3}" = HP Deskjet 460
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36579B4-313E-DC6B-D817-41824D46EF5D}" = CCC Help English
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0ACE207-0F90-402C-8CFA-2CB3D44CE689}" = Adobe Photoshop Lightroom 3.6
"{D3BA6488-5C3E-A4EF-BA64-74C54ABCEE03}" = ccc-core-static
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{EDD654B3-6FE9-67AC-CE7D-5FE3698439DB}" = Catalyst Control Center Graphics Previews Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"DVD-lab PRO_is1" = DVD-lab PRO 1.51 Full
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.4.0
"GIMP-2_is1" = GIMP 2.8.0
"Greenshot_is1" = Greenshot
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV Radio" = Hauppauge WinTV Radio
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"hp deskjet 460 series" = HP Deskjet 460 Series
"ie8" = Windows Internet Explorer 8
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.21
"LogView V2" = LogView V2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG-VCR" = MPEG-VCR 3.14.7.5 (09/2010)
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Notepad++" = Notepad++
"PCI Audio Driver" = PCI Audio Driver
"PE Builder_is1" = PE Builder 3.1.10a
"Picasa 3" = Picasa 3
"PSPad editor_is1" = PSPad editor
"RealVNC_is1" = VNC Free Edition 4.1.3
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 2.0.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.5
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.7.4
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1275210071-2049760794-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"LogView V2 2" = LogView V2 2
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.09.2011 16:10:26 | Computer Name = AIRBORNE1 | Source = Help Index | ID = 1003
Description = Für das Produkt "VS\100\de-DE" wurden keine gültigen Indexdateien
gefunden.
Error - 08.09.2011 16:10:26 | Computer Name = AIRBORNE1 | Source = .NET Runtime | ID = 1026
Description = Anwendung: HelpLibAgent.exe Frameworkversion: v4.0.30319 Beschreibung:
Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen:
System.Net.HttpListenerException Stapel: bei Microsoft.Help.HelpHttpServer.ConnectionManagerThreadStart()
bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
System.Threading.ContextCallback, System.Object) bei System.Threading.ThreadHelper.ThreadStart()
Error - 09.09.2011 16:18:12 | Computer Name = AIRBORNE1 | Source = Help Index | ID = 1003
Description = Für das Produkt "VS\100\de-DE" wurden keine gültigen Indexdateien
gefunden.
Error - 09.09.2011 16:18:15 | Computer Name = AIRBORNE1 | Source = Help Index | ID = 1003
Description = Für das Produkt "VS\100\de-DE" wurden keine gültigen Indexdateien
gefunden.
Error - 14.10.2011 10:31:38 | Computer Name = AIRBORNE1 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 15.10.2011 08:53:16 | Computer Name = AIRBORNE1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 7.0.1.4288, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.11.2011 18:08:49 | Computer Name = AIRBORNE1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wintv.exe, Version 6.0.26080.0, fehlgeschlagenes
Modul mfc42.dll, Version 6.2.8081.0, Fehleradresse 0x000022be.
Error - 09.12.2011 14:20:41 | Computer Name = AIRBORNE1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 8.0.0.4325, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 09.12.2011 14:20:42 | Computer Name = AIRBORNE1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 8.0.0.4325, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 09.12.2011 14:20:42 | Computer Name = AIRBORNE1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 8.0.0.4325, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 12.11.2012 17:33:53 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7034
Description = Dienst "B's Recorder GOLD Library General Service" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.
Error - 12.11.2012 17:33:53 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 12.11.2012 17:33:53 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7034
Description = Dienst "NMSAccess" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 12.11.2012 17:33:53 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7034
Description = Dienst "CLCV0" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 12.11.2012 17:41:30 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 13.11.2012 12:09:53 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 13.11.2012 17:02:16 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 14.11.2012 11:41:01 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 14.11.2012 12:29:17 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 14.11.2012 16:39:38 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
< End of report >
[/code] |
|
| Themen zu Trojan.Generic.6760809 im Receycler und System Volume Information |
| 7-zip, ad-aware, adobe, antivirus, application/pdf:, avast, bho, einstellungen, error, explorer, firefox, firewall, flash player, ftp, google, helper, icreinstall, index, intranet, logfile, mozilla, panda usb vaccine, pdfforge toolbar, plug-in, prozess, registry, rundll, security, software, system, temp, tracker, trojan.generic., udp, virus, virus total, win32/installcore.d, windows internet |
Hybrid-Darstellung
