| |
| |||||||
Mülltonne: Trojan.Generic.6760809 im Receycler und System Volume InformationWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
10.11.2012, 15:52
| #1 |
 |  Trojan.Generic.6760809 im Receycler und System Volume Information Da mein Eintrag wohl falsch plaziert war, das Ganze nun bei den Log-Analysen --->> Guten Tag, - auf meinem Rechner wurde von G Data Trojan.Generic.6760809 im Receycler und System Volume Information gefunden - nach Löschung Papierkorb und System Volume Information keine Funde mehr mit G Data - Eset Online findet nur C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\ICReinstall\cnet2_CMI8738_WDM_0639XP_zip.exe -> Variante von Win32/InstallCore.D Anwendung C:\Dokumente und Einstellungen\Simulator\Lokale Einstellungen\Temp\CDBurnerXP-updates\cdbxp_setup_4.3.8.2631.exe -> Win32/OpenCandy Anwendung C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe -> Win32/Toolbar.Widgi Anwendung Laut Virus total alles Fehlalarme - Rechner ansonsten völlig ohne Befund/Auffälligkeiten - alle Scans ohne Befund - Bitte um Überprüfung der beigefügten Logs, ob wieder alles ok ist. Vielen Dank ! Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.09.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Admin :: AIRBORNE1 [administrator] 09.11.2012 11:00:08 mbam-log-2012-11-09 (11-00-08).txt Scan type: Full scan (C:\|G:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 349100 Time elapsed: 4 hour(s), 37 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) *************************************************************************************************************************** GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-11-09 20:16:23 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7 WDC_WD2502ABYS-02B7A0 rev.02.03B03 Running: 480wtml6.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\uflcqpog.sys ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB903B000, 0x2C28EE, 0xE8000020] ---- EOF - GMER 1.0.15 ---- ********************************************************************************************************************************** Code:
ATTFilter OTL logfile created on: 06.11.2012 19:45:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,50 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 70,03% Memory free 2,35 Gb Paging File | 1,79 Gb Available in Paging File | 75,94% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 233,81 Gb Total Space | 20,47 Gb Free Space | 8,75% Space Free | Partition Type: NTFS Drive G: | 1397,26 Gb Total Space | 986,24 Gb Free Space | 70,58% Space Free | Partition Type: NTFS Computer Name: AIRBORNE1 | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.06 18:16:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe PRC - [2012.09.17 04:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.30 04:05:55 | 001,584,112 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe PRC - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe PRC - [2012.06.04 10:49:40 | 001,899,816 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe PRC - [2012.01.27 05:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe PRC - [2011.02.13 11:54:21 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe PRC - [2002.07.12 15:33:12 | 001,581,056 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe ========== Modules (No Company Name) ========== MOD - [2012.11.06 10:52:05 | 001,828,864 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\G Data\AVKScanP\Avast5\defs\12110601\algo.dll MOD - [2011.03.27 21:11:04 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.02.13 11:54:21 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll ========== Services (SafeList) ========== SRV - [2012.10.29 22:23:35 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.08 22:06:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.30 04:05:55 | 001,584,112 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.06.04 10:49:40 | 001,899,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc) SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2011.02.13 11:54:21 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen) SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.11.03 18:25:10 | 000,069,552 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD) DRV - [2012.11.03 18:21:25 | 000,053,536 | ---- | M] (G Data Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor) DRV - [2012.11.03 18:21:24 | 000,093,728 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2012.11.03 18:21:24 | 000,041,888 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave) DRV - [2012.11.03 17:22:01 | 000,030,200 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc) DRV - [2012.11.03 17:21:58 | 000,046,840 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.12.08 05:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.12.08 05:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.12.08 05:22:26 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011.12.08 05:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb) DRV - [2011.12.08 05:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011.11.10 04:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2010.11.16 15:07:38 | 000,058,496 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabser.sys -- (silabser) DRV - [2010.11.16 15:07:38 | 000,019,656 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabenm.sys -- (silabenm) DRV - [2010.09.23 08:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd) DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2006.02.20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv) DRV - [2005.09.14 21:01:14 | 000,824,512 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys -- (hcwPVRP2) DRV - [2003.11.21 15:20:10 | 000,113,152 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2002.07.16 09:58:12 | 000,379,726 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) DRV - [2001.03.01 03:15:00 | 000,006,144 | ---- | M] (Erik Salaj) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\IOPORT.SYS -- (IOPort) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 84 24 3A 9E A5 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.edkb.de/wetter/edkb.html" FF - prefs.js..extensions.enabledAddons: listit@csail.mit.edu:0.5.0.2 FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.3 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.http: "65.51.181.123" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.28 09:31:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.28 09:31:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.10.29 22:23:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.12.02 23:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions [2010.12.02 23:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.03 08:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions [2012.08.09 20:25:55 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.11.03 08:37:51 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.01.22 00:19:00 | 001,085,841 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions\listit@csail.mit.edu.xpi [2012.08.05 21:17:56 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kgxzhj47.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.28 09:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.03 18:21:22 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012.10.28 09:31:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.28 09:31:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2012.06.19 22:43:28 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 21:08:48 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.19 22:43:28 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 22:43:28 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 22:43:28 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 22:43:28 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.11.29 22:25:45 | 000,000,820 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 18 00 00 00 [binary data] O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2178DDF3-43FF-403C-9D39-9E2062495B6C}: DhcpNameServer = 192.168.0.100 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\programme\g data\internetsecurity\avkkid\avkcks.exe) - c:\Programme\G Data\InternetSecurity\AVKKid\AvkCKS.exe () O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.11.27 10:17:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.07.10 03:14:07 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ] O32 - AutoRun File - [2002.10.16 13:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.06 18:16:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2012.11.04 12:18:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Recent [2012.11.04 12:04:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2012.11.04 11:54:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.03 18:25:11 | 000,015,600 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GdPhyMem.sys [2012.11.03 18:25:10 | 000,069,552 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys [2012.11.03 18:21:23 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\GdScrSv.de.dll [2012.11.03 17:22:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\G Data InternetSecurity 2013 [2012.11.03 17:22:01 | 000,030,200 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys [2012.11.03 17:22:00 | 000,053,536 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys [2012.11.03 17:21:58 | 000,046,840 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\HookCentre.sys [2012.11.03 17:21:57 | 000,093,728 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys [2012.11.03 17:21:57 | 000,041,888 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys [2012.11.03 17:21:30 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\G Data [2012.11.03 17:21:30 | 000,000,000 | ---D | C] -- C:\Programme\G Data [2012.11.03 17:21:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2012.10.29 22:23:27 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2012.10.28 09:31:32 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.10.08 22:43:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Sun [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.06 20:06:05 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.06 18:19:11 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable [2012.11.06 18:18:34 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe [2012.11.06 18:16:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2012.11.06 17:55:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.06 14:50:39 | 000,855,193 | ---- | M] () -- C:\WINDOWS\System32\sig.bin [2012.11.06 14:50:39 | 000,045,869 | ---- | M] () -- C:\WINDOWS\System32\nmp.map [2012.11.05 18:09:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.04 13:40:25 | 000,060,416 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.04 13:17:37 | 000,001,441 | ---- | M] () -- C:\scu.dat [2012.11.04 12:05:51 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.11.03 22:17:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012.11.03 18:25:11 | 000,015,600 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GdPhyMem.sys [2012.11.03 18:25:10 | 000,069,552 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys [2012.11.03 18:21:25 | 000,053,536 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys [2012.11.03 18:21:24 | 000,093,728 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys [2012.11.03 18:21:24 | 000,041,888 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys [2012.11.03 17:22:01 | 000,030,200 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys [2012.11.03 17:21:58 | 000,046,840 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\HookCentre.sys [2012.11.03 17:21:52 | 000,001,829 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\G Data InternetSecurity.lnk [2012.11.03 17:16:03 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.11.03 08:54:19 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.31 23:05:28 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLet.DAT [2012.10.28 09:32:16 | 000,517,474 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.28 09:32:16 | 000,494,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.28 09:32:16 | 000,101,628 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.28 09:32:16 | 000,084,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.23 19:20:03 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT [2012.10.13 14:58:31 | 000,017,442 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Diät Lilli.odt [2012.10.11 21:11:19 | 000,420,229 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Antrag Tobias Müller - ergänze Angaben.pdf [2012.10.11 20:56:08 | 000,476,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Antrag Tobias Müller.pdf [2012.10.09 16:32:37 | 000,013,684 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\RES_T6G9CF15135_0.pdf [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.06 18:19:11 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable [2012.11.06 18:18:33 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe [2012.11.04 07:40:08 | 000,855,193 | ---- | C] () -- C:\WINDOWS\System32\sig.bin [2012.11.04 07:40:08 | 000,045,869 | ---- | C] () -- C:\WINDOWS\System32\nmp.map [2012.11.03 17:21:52 | 000,001,829 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\G Data InternetSecurity.lnk [2012.11.03 09:06:44 | 000,001,441 | ---- | C] () -- C:\scu.dat [2012.10.12 18:44:39 | 000,017,442 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Diät Lilli.odt [2012.10.11 21:11:19 | 000,420,229 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Antrag Tobias Müller - ergänze Angaben.pdf [2012.10.11 20:56:08 | 000,476,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Antrag Tobias Müller.pdf [2012.10.09 16:32:37 | 000,013,684 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\RES_T6G9CF15135_0.pdf [2012.09.26 22:52:49 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\.recently-used.xbel [2012.08.22 22:42:43 | 000,001,607 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2012.08.16 21:05:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI [2012.08.16 19:56:17 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Analog Mono [2012.08.16 19:56:17 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Action Clauses [2012.08.16 19:56:17 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLes.DAT [2012.08.16 19:54:51 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Analog Pad [2012.08.16 19:54:51 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ambient [2012.08.16 19:54:51 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Alerts [2012.08.16 19:54:51 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Action [2012.08.16 19:54:51 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT [2012.08.16 19:54:51 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLet.DAT [2012.08.16 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Authentication [2012.08.16 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Applications [2012.08.16 19:54:28 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLeo.DAT [2012.04.03 22:48:42 | 000,036,932 | ---- | C] () -- C:\WINDOWS\cmijack.dat [2012.04.03 22:48:42 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini [2012.04.03 22:48:42 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.dat [2012.02.15 17:30:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.12 13:46:45 | 000,000,125 | ---- | C] () -- C:\WINDOWS\TKWIN.INI [2012.02.05 21:49:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.01.31 18:15:42 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2012.01.31 18:15:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2012.01.31 18:15:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2012.01.31 18:15:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.09.08 21:18:23 | 000,558,128 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1275210071-2049760794-839522115-1003-0.dat [2011.09.08 21:18:23 | 000,136,238 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.07.21 16:24:15 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2011.04.04 21:37:10 | 000,000,715 | ---- | C] () -- C:\WINDOWS\wiso.ini [2011.03.23 09:41:27 | 000,000,488 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2011.03.13 15:52:00 | 000,004,726 | ---- | C] () -- C:\WINDOWS\Q-Dir.ini [2011.02.24 21:45:48 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI [2011.02.13 11:54:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE [2011.01.07 20:08:35 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll [2011.01.07 20:08:16 | 000,002,285 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2011.01.06 21:30:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011.01.06 21:29:45 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.01.06 17:44:22 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2010.12.12 16:41:47 | 000,006,678 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\mdbu.bin [2010.12.11 20:51:52 | 000,060,416 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.27 22:57:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll [2010.11.27 22:54:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll [2010.11.27 21:18:33 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2010.11.27 21:06:29 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.11.27 20:54:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\scrub2k.exe [2010.11.27 20:54:50 | 000,000,443 | ---- | C] () -- C:\WINDOWS\hpw0460k.ini [2010.11.27 20:53:35 | 000,000,092 | ---- | C] () -- C:\WINDOWS\hpdj460.ini [2010.11.27 20:53:31 | 000,001,445 | ---- | C] () -- C:\WINDOWS\mariner.ini [2010.11.27 20:37:30 | 000,035,344 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2010.11.27 20:37:08 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010.11.27 20:36:54 | 000,142,337 | ---- | C] () -- C:\WINDOWS\System32\Wait.exe [2010.11.27 20:27:01 | 000,000,199 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2010.11.27 20:27:01 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2010.11.27 17:49:04 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010.11.27 13:15:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.11.27 10:18:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.11.27 10:15:06 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.11.27 10:06:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.11.27 10:05:41 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== ZeroAccess Check ========== [2010.11.27 17:46:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2010.09.09 15:17:08 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.04 12:18:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\AIMP3 [2011.03.13 17:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Auslogics [2011.04.04 21:40:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Buhl Data Service [2010.12.12 12:53:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Canneverbe Limited [2012.11.04 11:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\elsterformular [2011.04.02 12:18:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FileZilla [2012.08.09 20:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Garmin [2010.12.30 21:59:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Greenshot [2010.12.12 11:12:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\KeePass [2011.12.10 00:03:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\LibreOffice [2012.06.03 13:18:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\LogView [2011.04.01 21:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MrJobs [2012.08.16 20:52:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Nikon [2012.04.13 22:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Notepad++ [2010.12.10 17:09:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\OpenOffice.org [2010.12.11 17:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Panasonic [2011.09.18 15:47:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\pdfforge [2012.08.24 13:06:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PhotoScape [2011.03.13 16:09:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Q-Dir [2011.12.11 13:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\RavensburgerTipToi [2012.03.04 17:02:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Samsung [2012.01.27 21:47:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TeamViewer [2010.12.02 23:11:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Thunderbird [2011.06.20 17:09:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Tracker Software [2012.11.04 17:21:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Wireshark [2010.11.27 12:45:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2012.08.16 21:04:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2011.04.04 21:37:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2010.12.05 00:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2011.02.13 12:31:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations [2012.11.04 11:49:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2012.08.16 19:56:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp [2012.08.16 19:54:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Flange Saw [2012.08.16 19:56:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Framework [2012.11.03 18:37:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2012.08.16 19:54:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gems [2012.08.16 21:02:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon [2011.05.28 16:24:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic [2010.11.27 17:42:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panda Security [2012.08.16 19:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Perl [2012.11.04 12:01:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2011.02.13 14:02:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SMART Technologies [2011.12.18 14:23:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2012.08.16 19:56:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15 ========== Purity Check ========== < End of report > ******************************************************************************************************************** Code:
ATTFilter OTL Extras logfile created on: 06.11.2012 19:45:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,50 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 70,03% Memory free
2,35 Gb Paging File | 1,79 Gb Available in Paging File | 75,94% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 233,81 Gb Total Space | 20,47 Gb Free Space | 8,75% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 986,24 Gb Free Space | 70,58% Space Free | Partition Type: NTFS
Computer Name: AIRBORNE1 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe" = C:\Programme\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe:*:Disabled:Toolbox for HP Printing System for Windows -- (Hewlett-Packard Company)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\PhoenixRC\phoenixRC.exe" = C:\Programme\PhoenixRC\phoenixRC.exe:*:Enabled:phoenixRC -- ()
"C:\Programme\RealVNC\VNC4\vncviewer.exe" = C:\Programme\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32 -- (RealVNC Ltd.)
"C:\Programme\RealVNC\VNC4\winvnc4.exe" = C:\Programme\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32 -- (RealVNC Ltd.)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{147E4062-DC7C-4B74-B64F-0991516C53B0}_is1" = CodeVisionAVR V2.03.4 ATM18 Evaluation
"{18941178-396B-0CC4-2168-17112315EBB8}" = ccc-utility
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2C7946AF-8AE9-6369-0075-7A3419F59441}" = Catalyst Control Center InstallProxy
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37B3776C-6DE6-4DD4-9AC6-C14952083932}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{579CB8A1-9966-4223-943F-05B3CF84C841}" = Microsoft Visual C++ 2008 Samples
"{59F646AD-A378-4783-8638-EA1AD92E1153}_is1" = MPEG-VCR 3.14.7.5 (09/2010)
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{656E92B7-1C9A-464F-8269-0D3F6AFDACBB}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{790F6156-B231-F7D6-BAE4-741E7CB0ACB1}" = ccc-utility
"{7A03BEDC-6390-440E-8D13-721A22F0BD1F}" = PhoenixRC
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{810AD6B3-C830-A74C-300E-D14820CE1850}" = Catalyst Control Center InstallProxy
"{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B361E4-A86E-4335-99FF-6C3604788DAB}" = HD Writer AE 1.0 for HDC
"{9875BF9C-8565-4085-B6A4-5D8D838FB5C3}" = HP Deskjet 460
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36579B4-313E-DC6B-D817-41824D46EF5D}" = CCC Help English
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3BA6488-5C3E-A4EF-BA64-74C54ABCEE03}" = ccc-core-static
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{EDD654B3-6FE9-67AC-CE7D-5FE3698439DB}" = Catalyst Control Center Graphics Previews Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"DVD-lab PRO_is1" = DVD-lab PRO 1.51 Full
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.4.0
"GIMP-2_is1" = GIMP 2.8.0
"Greenshot_is1" = Greenshot
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV Radio" = Hauppauge WinTV Radio
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"hp deskjet 460 series" = HP Deskjet 460 Series
"ie8" = Windows Internet Explorer 8
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.21
"LogView V2" = LogView V2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG-VCR" = MPEG-VCR 3.14.7.5 (09/2010)
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Notepad++" = Notepad++
"PCI Audio Driver" = PCI Audio Driver
"PE Builder_is1" = PE Builder 3.1.10a
"Picasa 3" = Picasa 3
"PSPad editor_is1" = PSPad editor
"RealVNC_is1" = VNC Free Edition 4.1.3
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 2.0.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.5
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.7.4
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"LogView V2 2" = LogView V2 2
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.09.2011 16:10:26 | Computer Name = AIRBORNE1 | Source = Help Index | ID = 1003
Description = Für das Produkt "VS\100\de-DE" wurden keine gültigen Indexdateien
gefunden.
Error - 08.09.2011 16:10:26 | Computer Name = AIRBORNE1 | Source = .NET Runtime | ID = 1026
Description = Anwendung: HelpLibAgent.exe Frameworkversion: v4.0.30319 Beschreibung:
Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen:
System.Net.HttpListenerException Stapel: bei Microsoft.Help.HelpHttpServer.ConnectionManagerThreadStart()
bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
System.Threading.ContextCallback, System.Object) bei System.Threading.ThreadHelper.ThreadStart()
Error - 09.09.2011 16:18:12 | Computer Name = AIRBORNE1 | Source = Help Index | ID = 1003
Description = Für das Produkt "VS\100\de-DE" wurden keine gültigen Indexdateien
gefunden.
Error - 09.09.2011 16:18:15 | Computer Name = AIRBORNE1 | Source = Help Index | ID = 1003
Description = Für das Produkt "VS\100\de-DE" wurden keine gültigen Indexdateien
gefunden.
Error - 14.10.2011 10:31:38 | Computer Name = AIRBORNE1 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 15.10.2011 08:53:16 | Computer Name = AIRBORNE1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 7.0.1.4288, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.11.2011 18:08:49 | Computer Name = AIRBORNE1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wintv.exe, Version 6.0.26080.0, fehlgeschlagenes
Modul mfc42.dll, Version 6.2.8081.0, Fehleradresse 0x000022be.
Error - 09.12.2011 14:20:41 | Computer Name = AIRBORNE1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 8.0.0.4325, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 09.12.2011 14:20:42 | Computer Name = AIRBORNE1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 8.0.0.4325, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 09.12.2011 14:20:42 | Computer Name = AIRBORNE1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 8.0.0.4325, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 03.11.2012 12:26:33 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 03.11.2012 13:23:10 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 04.11.2012 02:37:01 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 04.11.2012 03:37:41 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 04.11.2012 10:03:25 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 04.11.2012 11:19:51 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 05.11.2012 13:09:49 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 06.11.2012 02:01:51 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 06.11.2012 09:40:10 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 06.11.2012 12:56:34 | Computer Name = AIRBORNE1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
< End of report >
|
| Themen zu Trojan.Generic.6760809 im Receycler und System Volume Information |
| 7-zip, ad-aware, adobe, antivirus, application/pdf:, avast, bho, einstellungen, error, explorer, firefox, firewall, flash player, ftp, google, helper, icreinstall, index, intranet, logfile, mozilla, panda usb vaccine, pdfforge toolbar, plug-in, prozess, registry, rundll, security, software, system, temp, tracker, trojan.generic., udp, virus, virus total, win32/installcore.d, windows internet |
Linear-Darstellung
