|
Plagegeister aller Art und deren Bekämpfung: GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglichWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.12.2012, 12:29 | #1 |
| GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich Moin moin, mich hat der GVU-Trojaner mit Webcam erwischt. Abgesicherter Modus lief auch nicht. Folglich habe ich mir nach Recherche hier im board die "OTLPENet.exe" von Oldtimer runter geladen und auf CD gebrannt. Nach Start des Rechners über diese Boot-Cd OTLPENet laufen lassen und den Scan gefahren. Hier ist die OTL.txt Code:
ATTFilter OTL logfile created on: 12/30/2012 11:44:41 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 46.60 Gb Total Space | 31.55 Gb Free Space | 67.71% Space Free | Partition Type: NTFS Drive D: | 3.03 Gb Total Space | 3.02 Gb Free Space | 99.46% Space Free | Partition Type: NTFS Drive E: | 104.40 Gb Total Space | 100.57 Gb Free Space | 96.34% Space Free | Partition Type: NTFS Drive F: | 507.81 Gb Total Space | 50.81 Gb Free Space | 10.00% Space Free | Partition Type: NTFS Drive G: | 1005.85 Gb Total Space | 849.86 Gb Free Space | 84.49% Space Free | Partition Type: NTFS Drive H: | 195.32 Gb Total Space | 195.25 Gb Free Space | 99.96% Space Free | Partition Type: NTFS Drive I: | 14.81 Gb Total Space | 14.74 Gb Free Space | 99.53% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2012/12/30 02:23:28 | 000,214,528 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Dokumente und Einstellungen\*****\wgsdgsdgdsgsd.dll -- (winmgmt) SRV - [2012/12/12 05:35:06 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/05 10:33:11 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/11/09 05:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/09/24 17:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/05/01 18:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Tools\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/01 17:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Tools\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/02/09 23:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2009/12/15 07:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand] -- G:\Games\RPG\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2012/10/10 17:02:31 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012/04/27 03:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012/04/24 17:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/16 14:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/01/17 07:45:58 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2011/01/14 02:06:40 | 000,277,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2010/12/10 00:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010/12/10 00:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010/11/02 06:36:26 | 006,188,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2010/06/17 08:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/11/17 18:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009/11/17 18:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\*****_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: E:\Media\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/03 15:52:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: E:\Tools\Firefox\components [2012/12/05 10:33:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: E:\Tools\Firefox\plugins [2012/12/05 10:32:58 | 000,000,000 | ---D | M] O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] E:\Tools\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\*****_ON_C..\Run: [DAEMON Tools Lite] E:\Tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\*****_ON_C..\Run: [MyTomTomSA.exe] C:\Programme\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = E:\Office\program\quickstart.exe () O4 - Startup: C:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\*****_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.7.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/07/15 07:03:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/12/30 10:57:20 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\LocalService\Recent [2012/12/30 02:23:28 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\*****\wgsdgsdgdsgsd.dll [2012/12/29 17:26:29 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll [2012/12/29 17:23:17 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll [2012/12/29 17:23:17 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll [2012/12/29 17:23:17 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll [2012/12/29 17:23:17 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll [2012/12/29 17:23:16 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll [2012/12/29 17:23:16 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll [2012/12/29 17:23:15 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll [2012/12/29 17:23:15 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll [2012/12/29 17:23:14 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll [2012/12/29 17:23:13 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll [2012/12/29 17:23:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll [2012/12/29 17:23:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll [2012/12/29 17:23:11 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll [2012/12/29 17:23:11 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll [2012/12/29 17:23:10 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll [2012/12/29 17:23:10 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll [2012/12/29 17:23:10 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll [2012/12/29 17:23:10 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll [2012/12/29 17:23:10 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll [2012/12/29 17:23:09 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll [2012/12/29 17:23:09 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll [2012/12/29 17:23:09 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll [2012/12/29 17:23:09 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll [2012/12/29 17:23:08 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll [2012/12/29 17:23:08 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll [2012/12/29 17:23:08 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll [2012/12/29 17:23:07 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll [2012/12/29 17:23:07 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll [2012/12/29 17:23:07 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll [2012/12/29 17:23:06 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll [2012/12/29 17:23:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll [2012/12/29 17:23:06 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll [2012/12/29 17:23:06 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll [2012/12/29 17:23:05 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll [2012/12/29 17:23:05 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll [2012/12/29 17:23:05 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll [2012/12/29 17:23:05 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll [2012/12/29 17:23:04 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll [2012/12/29 17:23:04 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll [2012/12/29 17:23:04 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll [2012/12/29 17:23:04 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll [2012/12/29 17:23:03 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll [2012/12/29 17:22:10 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\dotNetFx35setup.exe [2012/12/29 17:22:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Star Vault [2012/12/23 07:27:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Downloads [2012/12/23 07:27:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\TomTom [2012/12/23 07:27:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Startmenü\Programme\TomTom [2012/12/23 07:27:21 | 000,000,000 | ---D | C] -- C:\Programme\TomTom International B.V [2012/12/23 07:27:14 | 000,000,000 | ---D | C] -- C:\Programme\MyTomTom 3 [2012/12/20 19:06:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\Birth of the Empires [2012/12/20 19:06:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Birth of the Empires Alpha 6.1 [2012/12/20 03:59:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Recuva [2012/12/20 03:58:59 | 000,000,000 | ---D | C] -- C:\Programme\Recuva [2012/12/15 14:51:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\The Walking Dead [2012/12/15 14:51:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\R.G. Mechanics [2012/12/15 14:36:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\Telltale Games [2012/12/15 14:35:53 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll [2012/12/15 14:35:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs [2012/12/10 16:27:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\Bioshock [2012/12/10 16:27:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Bioshock [2012/12/10 16:09:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\SecuROM [2012/12/10 15:31:52 | 000,108,144 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll [2012/12/08 19:49:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Application Data [2012/12/03 15:05:28 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2012/12/03 15:05:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2012/12/03 15:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google [2012/12/03 14:59:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [2012/12/03 14:59:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Google [2012/12/03 14:59:11 | 000,000,000 | ---D | C] -- C:\Programme\Google [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/30 04:03:39 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad [2012/12/30 04:03:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/12/30 04:01:35 | 000,002,984 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js [2012/12/30 03:57:31 | 000,013,730 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/12/30 02:23:35 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\runctf.lnk [2012/12/30 02:23:28 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\*****\wgsdgsdgdsgsd.dll [2012/12/30 01:35:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/12/29 17:22:10 | 000,000,810 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mortal Online.lnk [2012/12/29 17:22:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Star Vault [2012/12/23 07:28:57 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/12/21 13:48:20 | 000,125,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/12/20 19:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Birth of the Empires Alpha 6.1 [2012/12/20 03:59:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Recuva [2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [2012/12/15 14:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\R.G. Mechanics [2012/12/12 05:35:06 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/12/12 05:35:06 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/12/10 15:31:52 | 000,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll [2012/12/09 18:31:15 | 000,070,656 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/12/03 15:05:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2012/12/03 15:05:28 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/30 02:23:35 | 000,002,984 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js [2012/12/30 02:23:34 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\runctf.lnk [2012/12/30 02:23:30 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad [2012/12/29 17:22:10 | 000,000,810 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mortal Online.lnk [2012/11/24 08:08:07 | 000,393,256 | ---- | C] () -- C:\WINDOWS\System32\CNQ4809N.DAT [2012/08/03 15:54:43 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012/08/03 15:42:31 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012/08/03 15:42:31 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2012/07/22 04:03:36 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll [2012/07/22 04:03:36 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll [2012/07/16 04:08:00 | 000,070,656 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/07/15 11:57:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/07/15 08:57:37 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2012/07/15 08:46:26 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2012/07/15 08:46:24 | 000,031,155 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2012/07/15 08:46:23 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2012/07/15 07:15:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012/07/15 07:14:38 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/07/15 07:12:05 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/07/15 07:12:05 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/07/15 07:12:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/07/15 07:11:54 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012/07/15 07:04:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012/07/15 07:00:49 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008/04/14 07:00:00 | 000,492,418 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2008/04/14 07:00:00 | 000,472,714 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008/04/14 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008/04/14 07:00:00 | 000,090,676 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2008/04/14 07:00:00 | 000,075,808 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008/04/14 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/11/30 03:19:45 | 000,000,618 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/03/17 02:33:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/03/17 02:32:28 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat ========== LOP Check ========== [2012/07/28 01:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Ashampoo [2012/12/17 15:56:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Bioshock [2012/12/01 16:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\BitTorrent [2012/08/29 16:19:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Black Sea Studios [2012/11/24 08:10:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Canon [2012/10/10 17:03:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\DAEMON Tools Lite [2012/11/07 12:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\FunnyGames [2012/09/02 13:06:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\ImgBurn [2012/07/25 03:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\MetaQuotes [2012/07/26 03:11:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\OpenOffice.org [2012/10/30 12:35:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Taunton [2012/12/15 14:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\The Walking Dead [2012/09/10 10:47:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Utherverse [2012/07/28 01:24:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo [2012/09/18 15:14:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BioWare [2012/11/24 08:10:47 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2012/11/24 08:05:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJWSpt [2012/10/10 17:03:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012/07/25 03:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MetaQuotes [2012/10/10 17:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RELOADED ========== Purity Check ========== < End of report > Hier die Extra.txt Code:
ATTFilter OTL Extras logfile created on: 12/30/2012 11:44:41 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 46.60 Gb Total Space | 31.55 Gb Free Space | 67.71% Space Free | Partition Type: NTFS Drive D: | 3.03 Gb Total Space | 3.02 Gb Free Space | 99.46% Space Free | Partition Type: NTFS Drive E: | 104.40 Gb Total Space | 100.57 Gb Free Space | 96.34% Space Free | Partition Type: NTFS Drive F: | 507.81 Gb Total Space | 50.81 Gb Free Space | 10.00% Space Free | Partition Type: NTFS Drive G: | 1005.85 Gb Total Space | 849.86 Gb Free Space | 84.49% Space Free | Partition Type: NTFS Drive H: | 195.32 Gb Total Space | 195.25 Gb Free Space | 99.96% Space Free | Partition Type: NTFS Drive I: | 14.81 Gb Total Space | 14.74 Gb Free Space | 99.53% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "E:\Media\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [open] -- explorer.exe "%1" (Microsoft Corporation) Directory [PlayWithVLC] -- "E:\Media\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "G:\Games\RPG\Dragon Age\bin_ship\daorigins.exe" = G:\Games\RPG\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age: Origins -- (BioWare) "G:\Games\RPG\Dragon Age\DAOriginsLauncher.exe" = G:\Games\RPG\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins-Launcher -- (BioWare) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation) "E:\Market\MetaTrader5\metatester.exe" = E:\Market\MetaTrader5\metatester.exe:*:Enabled:MetaTrader 5 Strategy Tester Agent -- (MetaQuotes Software Corp.) "G:\Games\Simulation\Utherverse VWW Client\Utherverse.exe" = G:\Games\Simulation\Utherverse VWW Client\Utherverse.exe:*:Enabled:Utherverse "E:\Media\Winamp\winamp.exe" = E:\Media\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.) "G:\Games\RPG\Dragon Age\bin_ship\daorigins.exe" = G:\Games\RPG\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age: Origins -- (BioWare) "E:\Tools\bitTorrent\BitTorrent.exe" = E:\Tools\bitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temp\7zS0264\HPDiagnosticCoreUI.exe" = C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temp\7zS0264\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS -- (Hewlett-Packard) "G:\Games\Strategie\Birth of the Empires Alpha 6.1\BotE.exe" = G:\Games\Strategie\Birth of the Empires Alpha 6.1\BotE.exe:*:Enabled:Birth of the Empires -- (Sir Pustekuchen) "G:\Games\RPG\Mortal Online\Mortal Online Launcher.exe" = G:\Games\RPG\Mortal Online\Mortal Online Launcher.exe:*:Enabled:Mortal Online Launcher -- (Star Vault) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{0A753859-207A-436C-BB49-B0A4FA72F91E}_is1" = Birth of the Empires 0.81 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809" = CanoScan LiDE 210 Scanner Driver "{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX "{4F75616F-49C7-4EA2-8725-7E1A7AB1949C}" = Nero InfoTool 11 Help (CHM) "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{64BEF779-5053-48AF-A3D8-B70EBC1C70E7}" = Nero 11 InfoTool "{69764F1C-55E1-4219-BDC5-299CD95FF004}_is1" = Mortal Online "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7911C404-9AFA-4BB2-B9B7-E47423D87528}" = Knights Of Honor "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A90E924E-1B35-44B0-978E-3F6F89FBC960}" = Nero InfoTool 11 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1" = Stranded II 1.0.0.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F7311566-7EA9-4213-A7F8-E0C237EFAD16}" = UFO Extraterrestrials "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80 "Avira AntiVir Desktop" = Avira Free Antivirus "BitTorrent" = BitTorrent "CanonSolutionMenuEX" = Canon Solution Menu EX "DAEMON Tools Lite" = DAEMON Tools Lite "DivX Setup" = DivX-Setup "ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09] "HP PrecisionScan LTX" = HP PrecisionScan LTX "ie8" = Windows Internet Explorer 8 "ImgBurn" = ImgBurn "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "MetaTrader 5" = MetaTrader 5 "Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "MyTomTom" = MyTomTom 3.2.0.802 "Recuva" = Recuva "The Walking Dead_R.G. Mechanics_is1" = The Walking Dead "VLC media player" = VLC media player 2.0.2 "Winamp" = Winamp "WinRAR archiver" = WinRAR 4.10 (32-Bit) "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Xvid Video Codec 1.3.2" = Xvid Video Codec ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\*****_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete "BASE 5.1" = BASE 5.1 "FunnyGames - the_last_stand_-_union_city" = FunnyGames - The Last Stand - Union City < End of report > Auf jedenfall wünsche ich allen hier einen guten Rutsch ins neue Jahr :-) Gruß Pete |
30.12.2012, 12:48 | #2 |
/// TB-Ausbilder | GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglichIch habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld.
__________________ |
30.12.2012, 16:16 | #3 |
| GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich Ok, danke für die Info
__________________ |
30.12.2012, 17:36 | #4 |
/// TB-Ausbilder | GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich Hallo Pete und Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist. Bevor wir loslegen - Hinweise zum Ablauf:
Schritt 1
Code:
ATTFilter :OTL SRV - [2012/12/30 02:23:28 | 000,214,528 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Dokumente und Einstellungen\*****\wgsdgsdgdsgsd.dll [2012/12/30 04:03:39 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad [2012/12/30 04:01:35 | 000,002,984 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js [2012/12/30 02:23:35 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\runctf.lnk :files C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk :Commands [emptytemp]
Schritt 2 Versuche nun wieder in den normalen Modus von Windows zu booten. Wenn das klappt und der Sperrbildschirm weg ist, dann: Lade dir bitte OTL von Oldtimer herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
30.12.2012, 23:37 | #5 |
| GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich Guten Abend, leider bleibe ich schon bei Schritt 1 hängen. In das Skript habe ich natürlich die Sternchen mit dem Original ersetzt und den Fix gestartet. Nur bleibt OTLpe gleich in der ersten Zeile hängen und reagiert nicht mehr. Es werden keine Log-Dateien erstellt. Könnte ich es nicht auch manuell durchführen? Sieht für mich aus, als müßten nur diese Dateien gelöscht werden. Gruß Pete |
31.12.2012, 10:43 | #6 |
/// TB-Ausbilder | GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich Ich seh auch, warum der Fix hängengeblieben ist, entschuldige. So sollte es besser klappen: Schritt 1
Code:
ATTFilter :OTL SRV - [2012/12/30 02:23:28 | 000,214,528 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Dokumente und Einstellungen\*****\wgsdgsdgdsgsd.dll -- (winmgmt) [2012/12/30 04:03:39 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad [2012/12/30 04:01:35 | 000,002,984 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js [2012/12/30 02:23:35 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\runctf.lnk :files C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk :Commands [emptytemp]
Schritt 2 Versuche nun wieder in den normalen Modus von Windows zu booten. Wenn das klappt und der Sperrbildschirm weg ist, dann: Lade dir bitte OTL von Oldtimer herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ --> GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich |
31.12.2012, 12:14 | #7 |
| GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich Moin, moin, diesmal hat der Fix geklappt. Was bedeuted das Kürzel, welches du angehängt hast? Fixlog von OTLpe Code:
ATTFilter ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winmgmt deleted successfully. C:\Dokumente und Einstellungen\*****\wgsdgsdgdsgsd.dll moved successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad moved successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js moved successfully. C:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\runctf.lnk moved successfully. ========== FILES ========== C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 3230772 bytes User: ***** ->Temp folder emptied: 2114883928 bytes ->Temporary Internet Files folder emptied: 79460189 bytes ->FireFox cache emptied: 78229340 bytes ->Flash cache emptied: 5757779 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2753610 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5298720 bytes Total Files Cleaned = 2,184.00 mb OTLPE by OldTimer - Version 3.1.48.0 log created on 12312012_113022 OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.12.2012 12:03:29 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\*****\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 83,61% Memory free 5,32 Gb Paging File | 4,82 Gb Available in Paging File | 90,51% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 46,60 Gb Total Space | 33,72 Gb Free Space | 72,37% Space Free | Partition Type: NTFS Drive D: | 3,03 Gb Total Space | 3,02 Gb Free Space | 99,46% Space Free | Partition Type: NTFS Drive E: | 104,40 Gb Total Space | 100,57 Gb Free Space | 96,34% Space Free | Partition Type: NTFS Drive F: | 507,81 Gb Total Space | 50,81 Gb Free Space | 10,00% Space Free | Partition Type: NTFS Drive G: | 1005,85 Gb Total Space | 849,86 Gb Free Space | 84,49% Space Free | Partition Type: NTFS Drive H: | 195,32 Gb Total Space | 195,25 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Drive K: | 14,81 Gb Total Space | 14,81 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: T-14D6CA48631E4 | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.31 11:31:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Desktop\OTL.exe PRC - [2012.11.01 18:56:20 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2012.09.24 23:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.09.10 09:17:48 | 000,436,728 | ---- | M] (TomTom) -- C:\Programme\MyTomTom 3\MyTomTomSA.exe PRC - [2012.08.08 17:11:10 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Tools\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Tools\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Tools\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Tools\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.02.10 05:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- E:\Office\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- E:\Office\program\soffice.bin PRC - [2010.11.17 02:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.08.29 16:06:10 | 001,077,248 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe ========== Modules (No Company Name) ========== MOD - [2012.11.01 18:57:10 | 000,100,248 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2012.11.01 18:56:20 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2012.09.10 09:17:56 | 000,025,592 | ---- | M] () -- C:\Programme\MyTomTom 3\DeviceDetection.dll MOD - [2012.09.10 09:17:52 | 000,254,968 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterProxy.dll MOD - [2012.09.10 09:17:50 | 000,073,720 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterBase.dll MOD - [2012.07.27 21:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2012.07.26 07:46:31 | 000,985,088 | ---- | M] () -- E:\Office\program\libxml2.dll MOD - [2012.04.16 22:11:02 | 000,398,288 | ---- | M] () -- E:\Tools\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.01.09 18:44:20 | 000,166,912 | ---- | M] () -- E:\Tools\WinRar\RarExt.dll MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Services (SafeList) ========== SRV - [2012.12.12 11:35:06 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.05 16:33:11 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.09.24 23:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Tools\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Tools\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.10 05:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2009.12.15 13:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- G:\Games\RPG\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.10.10 23:02:31 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.01.17 13:45:58 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2011.01.14 08:06:40 | 000,277,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2010.12.10 06:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010.12.10 06:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010.11.02 12:36:26 | 006,188,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009.11.18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: E:\Media\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.03 21:52:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: E:\Tools\Firefox\components [2012.12.05 16:33:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: E:\Tools\Firefox\plugins [2012.12.05 16:32:58 | 000,000,000 | ---D | M] [2012.07.15 15:10:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Extensions [2012.10.23 07:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\5vypdmku.default\extensions O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] E:\Tools\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Programme\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - Startup: C:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = E:\Office\program\quickstart.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.7.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{245F58A0-26A6-4A5D-B4D4-6C81745F00A5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.07.15 13:03:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.31 11:46:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Desktop\OTL.exe [2012.12.31 04:25:30 | 000,000,000 | ---D | C] -- C:\_OTL [2012.12.29 23:22:10 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\dotNetFx35setup.exe [2012.12.29 23:22:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Star Vault [2012.12.23 13:27:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Downloads [2012.12.23 13:27:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\TomTom [2012.12.23 13:27:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Startmenü\Programme\TomTom [2012.12.23 13:27:21 | 000,000,000 | ---D | C] -- C:\Programme\TomTom International B.V [2012.12.23 13:27:14 | 000,000,000 | ---D | C] -- C:\Programme\MyTomTom 3 [2012.12.21 01:06:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\Birth of the Empires [2012.12.21 01:06:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Birth of the Empires Alpha 6.1 [2012.12.20 09:59:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Recuva [2012.12.20 09:58:59 | 000,000,000 | ---D | C] -- C:\Programme\Recuva [2012.12.15 20:51:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\The Walking Dead [2012.12.15 20:51:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\R.G. Mechanics [2012.12.15 20:36:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\Telltale Games [2012.12.15 20:35:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs [2012.12.10 22:27:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\Bioshock [2012.12.10 22:27:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Bioshock [2012.12.10 22:09:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\SecuROM [2012.12.10 21:31:52 | 000,108,144 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll [2012.12.09 01:49:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Application Data [2012.12.03 21:05:28 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2012.12.03 21:05:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2012.12.03 21:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google [2012.12.03 20:59:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [2012.12.03 20:59:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Google [2012.12.03 20:59:11 | 000,000,000 | ---D | C] -- C:\Programme\Google ========== Files - Modified Within 30 Days ========== [2012.12.31 11:52:29 | 000,013,730 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.12.31 11:52:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.12.31 11:31:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Desktop\OTL.exe [2012.12.30 13:00:05 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.12.30 07:35:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.12.29 23:22:10 | 000,000,810 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mortal Online.lnk [2012.12.23 13:28:57 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.12.21 19:48:20 | 000,125,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.12.10 21:31:52 | 000,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll [2012.12.10 00:31:15 | 000,070,656 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.03 21:05:28 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk ========== Files Created - No Company Name ========== [2012.12.30 13:00:05 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.12.29 23:22:10 | 000,000,810 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mortal Online.lnk [2012.11.24 14:08:07 | 000,393,256 | ---- | C] () -- C:\WINDOWS\System32\CNQ4809N.DAT [2012.08.03 21:54:43 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012.08.03 21:42:31 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012.08.03 21:42:31 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2012.07.22 10:03:36 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll [2012.07.22 10:03:36 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll [2012.07.16 10:08:00 | 000,070,656 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.15 17:57:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.07.15 14:57:37 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2012.07.15 14:46:26 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2012.07.15 14:46:24 | 000,031,155 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2012.07.15 14:46:23 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2012.07.15 13:15:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012.07.15 13:14:38 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.07.15 13:12:05 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012.07.15 13:12:05 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012.07.15 13:12:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012.07.15 13:11:54 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012.07.15 13:04:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.07.15 13:00:49 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2012.07.18 18:48:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.28 07:24:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo [2012.09.18 21:14:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BioWare [2012.11.24 14:10:47 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2012.11.24 14:05:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJWSpt [2012.10.10 23:03:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012.07.25 09:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MetaQuotes [2012.10.10 23:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RELOADED [2012.07.28 07:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Ashampoo [2012.12.17 21:56:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Bioshock [2012.12.01 22:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\BitTorrent [2012.08.29 22:19:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Black Sea Studios [2012.11.24 14:10:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Canon [2012.10.10 23:03:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\DAEMON Tools Lite [2012.11.07 18:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\FunnyGames [2012.09.02 19:06:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\ImgBurn [2012.07.25 09:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\MetaQuotes [2012.07.26 09:11:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\OpenOffice.org [2012.10.30 18:35:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Taunton [2012.12.15 20:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\The Walking Dead [2012.09.10 16:47:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Utherverse ========== Purity Check ========== < End of report > [/CODE] |
31.12.2012, 17:48 | #8 |
/// TB-Ausbilder | GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich Dieses Kürzel ist der Dienstname. Gibts im Moment noch Probleme mit dem Rechner? Schritt 1
Schritt 2 ESET Online Scanner
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
01.01.2013, 10:02 | #9 |
| GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich Moin moin, der Rechner läuft wieder soweit. Allerdings hat mich etwas stutzig gemacht. Ich wollte die Firewall aussschalten um den Scan mit ESET durch zu führen, da gibt mir das System bekannt, dass der zugehörige Dienst der Firewall nicht ausgeführt wird. Der Dienst kann auch nicht gestartet werden. Mein Rechner fährt also schon seit längeren ohne Firewall, ohne dass ich es gemerkt habe MBAM Log Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.31.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Sönke :: T-14D6CA48631E4 [Administrator] 31.12.2012 18:16:27 mbam-log-2012-12-31 (18-16-27).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 242820 Laufzeit: 2 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESET Log Code:
ATTFilter C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\11\240c6f0b-500eb5b9 a variant of Java/Exploit.CVE-2012-5076.Q trojan C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\11\2d814f8b-564a3ca3 Java/Exploit.CVE-2012-5076.A trojan C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\19\7c89d313-3d4fcf8c Java/Exploit.CVE-2012-4681.AC trojan C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\25\656ce259-1a785aeb multiple threats C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\26\2d87829a-11aec6a2 Java/Exploit.CVE-2012-1723.BR trojan C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\29\6f66c31d-56a2647e multiple threats C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\30\1ede2ede-341dee94 a variant of Win32/Kryptik.ARKD trojan C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\34\6c4218a2-2fef7f26 Java/Exploit.CVE-2012-5076.J trojan C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\44\2489b2ac-65eb5d16 a variant of Java/Exploit.CVE-2012-5076.A trojan C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\44\33af0eac-2bebd00b Java/Exploit.Agent.AC trojan C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46\294d5d2e-23cd5e2d Java/Exploit.CVE-2012-5076.B trojan C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50\1d86af2-53783589 a variant of Java/Exploit.CVE-2012-4681.CD trojan C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\7\4f2e6607-2f0aaaf8 multiple threats C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\9\27e0e089-4ff8c9f6 Java/Agent.FH trojan C:\_OTL\MovedFiles\12312012_113022\C_Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk Win32/Reveton.M trojan C:\_OTL\MovedFiles\12312012_113022\C_Dokumente und Einstellungen\*****\wgsdgsdgdsgsd.dll a variant of Win32/Kryptik.ARKD trojan C:\_OTL\MovedFiles\12312012_113022\C_Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\runctf.lnk Win32/Reveton.M trojan F:\docs\Drawing\Vilppu.Studio-NECK.Anatomy\Vilppu.Studio-NECK.Anatomy.part01.rar Win32/Adware.Gator.Trickler.F application F:\docs\Drawing\Vilppu.Studio-UPPER.TORSO.Anatomy\Vilppu.Studio-UPPER.TORSO.Anatomy.part1.rar Win32/Adware.Gator.Trickler.F application F:\docs\market\Books - rapid\Stock books 056\Forex\Forex_BrainTrading_system\Braintrading.exe probably a variant of Win32/Agent.NPORNUL trojan F:\docs\market\stock market books\stock_market_books.rar probably a variant of Win32/Agent.NPORNUL trojan F:\docs\The Best Of Fine Woodworking_The Taunton Press 2002\The Best Of Fine Woodworking_The Taunton Press 2002\start.pdf PDF/Exploit.Gen trojan F:\docs\The Best Of Fine Woodworking_The Taunton Press 2002\The Best Of Fine Woodworking_The Taunton Press 2002\The Best Of Fine Woodworking_The Taunton Press 2002 PDF/Exploit.Gen trojan F:\Installs\vlc-2.0.0-win32.exe Win32/StartPage.OPH trojan Gruß Pete |
02.01.2013, 12:23 | #10 |
/// TB-Ausbilder | GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich Hi Pete, wir versuchen zuerst, die Sache mit der Firewall zu reparieren. Schritt 1 Downloade dir bitte ESET services repair von hier und speichere es auf den Desktop.
Schritt 2 Downloade dir bitte Farbar's Service Scanner und speichere es auf den Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
02.01.2013, 21:00 | #11 |
| GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich Guten Abend, beide Schritte durch geführt. Trotz Neujahrsschwächeln geschafft Code:
ATTFilter Farbar Service Scanner Version: 23-12-2012 Ran by Sönke (administrator) on 02-01-2013 at 20:54:47 Running from "C:\Dokumente und Einstellungen\Sönke\Desktop" Microsoft Windows XP Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is OK. The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. winmgmt Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist. Checking LEGACY_winmgmt: ATTENTION!=====> Unable to open LEGACY_winmgmt\0000 registry key. The key does not exist. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. winmgmt Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist. Checking LEGACY_winmgmt: ATTENTION!=====> Unable to open LEGACY_winmgmt\0000 registry key. The key does not exist. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll [2008-04-14 13:00] - [2008-04-14 13:00] - 0127488 ____A (Microsoft Corporation) C29A1C9B75BA38FA37F8C44405DEC360 C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll [2008-04-14 13:00] - [2009-04-20 18:17] - 0045568 ____A (Microsoft Corporation) 407F3227AC618FD1CA54B335B083DE07 C:\WINDOWS\system32\ipnathlp.dll [2008-04-14 13:00] - [2008-04-14 13:00] - 0334336 ____A (Microsoft Corporation) CAD058D5F8B889A87CA3EB3CF624DCEF C:\WINDOWS\system32\netman.dll [2008-04-14 13:00] - [2008-04-14 13:00] - 0198144 ____A (Microsoft Corporation) E6D88F1F6745BF00B57E7855A2AB696C C:\WINDOWS\system32\wbem\WMIsvc.dll [2012-07-15 12:59] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729 C:\WINDOWS\system32\srsvc.dll [2012-07-15 13:01] - [2008-04-14 13:00] - 0171520 ____A (Microsoft Corporation) FE77A85495065F3AD59C5C65B6C54182 C:\WINDOWS\system32\Drivers\sr.sys [2012-07-15 13:01] - [2008-04-14 13:00] - 0073472 ____A (Microsoft Corporation) 50FA898F8C032796D3B1B9951BB5A90F C:\WINDOWS\system32\wscsvc.dll [2008-04-14 13:00] - [2008-04-14 13:00] - 0080896 ____A (Microsoft Corporation) 300B3E84FAF1A5C1F791C159BA28035D C:\WINDOWS\system32\wbem\WMIsvc.dll [2012-07-15 12:59] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729 C:\WINDOWS\system32\wuauserv.dll [2012-07-15 13:01] - [2008-04-14 13:00] - 0006656 ____A (Microsoft Corporation) 7B4FE05202AA6BF9F4DFD0E6A0D8A085 C:\WINDOWS\system32\qmgr.dll [2012-07-15 13:01] - [2008-04-14 13:00] - 0409088 ____A (Microsoft Corporation) D6F603772A789BB3228F310D650B8BD1 C:\WINDOWS\system32\es.dll [2008-04-14 13:00] - [2008-07-07 21:26] - 0253952 ____A (Microsoft Corporation) AF4F6B5739D18CA7972AB53E091CBC74 C:\WINDOWS\system32\cryptsvc.dll [2008-04-14 13:00] - [2008-04-14 13:00] - 0062464 ____A (Microsoft Corporation) 611F824E5C703A5A899F84C5F1699E4D C:\WINDOWS\system32\svchost.exe [2008-04-14 13:00] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4FBC75B74479C7A6F829E0CA19DF3366 C:\WINDOWS\system32\rpcss.dll [2008-04-14 13:00] - [2009-02-09 11:51] - 0401408 ____A (Microsoft Corporation) 3127AFBF2C1ED0AB14A1BBB7AAECB85B C:\WINDOWS\system32\services.exe [2008-04-14 13:00] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) A3EDBE9053889FB24AB22492472B39DC Extra List: ======= Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 0x0700000004000000010000000200000003000000050000000600000007000000 IpSec Tag value is correct. **** End of log **** |
03.01.2013, 00:20 | #12 | ||
/// TB-Ausbilder | GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich Hi Pete, das war jetzt leider nicht übermässig erfolgreich. Wir versuchen's nochmals auf eine andere Art und kümmern uns dabei auch noch um die Funde von ESET. Hinweise: Zitat:
Zitat:
Schritt 1
Code:
ATTFilter :reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "DisplayName"="Windows-Verwaltungsinstrumentation" "DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00 "DependOnGroup"=hex(7):00,00 "ObjectName"="LocalSystem" "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,02,00,00,00,03,00,03,\ 00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00 "Description"="Bietet eine standardm„áige Schnittstelle und Objektmodell zum Zugreifen auf Verwaltungsinformationen ber das Betriebssystem, Ger„te, Anwendungen und Dienste. Die meiste Windows-basierte Software kann nicht ordnungsgem„á ausgefhrt werden, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, k”nnen die Dienste, die von diesem Dienst ausschlieálich abh„ngig sind, nicht mehr gestartet werden." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,\ 00,6c,00,6c,00,00,00 "ServiceMain"="ServiceMain" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\Enum] "0"="Root\\LEGACY_WINMGMT\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINMGMT] "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINMGMT\0000] "Service"="winmgmt" "Legacy"=dword:00000001 "ConfigFlags"=dword:00000000 "Class"="LegacyDriver" "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}" "DeviceDesc"="Windows Management Instrumentation" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINMGMT\0000\Control] "ActiveService"="winmgmt" :files F:\docs\market\Books - rapid\Stock books 056\Forex\Forex_BrainTrading_system\Braintrading.exe F:\docs\The Best Of Fine Woodworking_The Taunton Press 2002\The Best Of Fine Woodworking_The Taunton Press 2002\start.pdf F:\Installs\vlc-2.0.0-win32.exe :Commands [emptytemp]
Schritt 2
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
03.01.2013, 09:39 | #13 |
| GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich Moin moin, hier die zwei logs: OTL Code:
ATTFilter All processes killed ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\\"Type"|dword:00000020 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\\"Start"|dword:00000002 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\\"ErrorControl"|dword:00000000 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\\"ImagePath"|hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\\"DisplayName"|"Windows-Verwaltungsinstrumentation" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\\"DependOnService"|hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\\"DependOnGroup"|hex(7):00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\\"ObjectName"|"LocalSystem" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\\"FailureActions"|hex:80,51,01,00,00,00,00,00,00,00,00,00,02,00,00,00,03,00,03,00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\\"Description"|"Bietet eine standardm„áige Schnittstelle und Objektmodell zum Zugreifen auf Verwaltungsinformationen ber das Betriebssystem, Ger„te, Anwendungen und Dienste. Die meiste Windows-basierte Software kann nicht ordnungsgem„á ausgefhrt werden, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, k”nnen die Dienste, die von diesem Dienst ausschlieálich abh„ngig sind, nicht mehr gestartet werden." /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\Parameters\\"ServiceMain"|"ServiceMain" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\Security\\"Security"|hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\Enum\\"0"|"Root\\LEGACY_WINMGMT\\0000" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\Enum\\"Count"|dword:00000001 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\Enum\\"NextInstance"|dword:00000001 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINMGMT\\"NextInstance"|dword:00000001 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINMGMT\0000\\"Service"|"winmgmt" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINMGMT\0000\\"Legacy"|dword:00000001 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINMGMT\0000\\"ConfigFlags"|dword:00000000 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINMGMT\0000\\"Class"|"LegacyDriver" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINMGMT\0000\\"ClassGUID"|"{8ECC055D-047F-11D1-A537-0000F8753ED1}" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINMGMT\0000\\"DeviceDesc"|"Windows Management Instrumentation" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINMGMT\0000\Control\\"ActiveService"|"winmgmt" /E : value set successfully! ========== FILES ========== File move failed. F:\docs\market\Books - rapid\Stock books 056\Forex\Forex_BrainTrading_system\Braintrading.exe scheduled to be moved on reboot. File\Folder F:\docs\The Best Of Fine Woodworking_The Taunton Press 2002\The Best Of Fine Woodworking_The Taunton Press 2002\start.pdf not found. F:\Installs\vlc-2.0.0-win32.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Sönke ->Temp folder emptied: 3826928 bytes ->Temporary Internet Files folder emptied: 2346170 bytes ->FireFox cache emptied: 4767494 bytes ->Flash cache emptied: 1049 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 34780 bytes RecycleBin emptied: 4087669368 bytes Total Files Cleaned = 3.909,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01032013_085137 Files\Folders moved on Reboot... File\Folder F:\docs\market\Books - rapid\Stock books 056\Forex\Forex_BrainTrading_system\Braintrading.exe not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... Log von FSS Code:
ATTFilter Farbar Service Scanner Version: 23-12-2012 Ran by Sönke (administrator) on 03-01-2013 at 08:57:53 Running from "C:\Dokumente und Einstellungen\Sönke\Desktop" Microsoft Windows XP Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll [2008-04-14 13:00] - [2008-04-14 13:00] - 0127488 ____A (Microsoft Corporation) C29A1C9B75BA38FA37F8C44405DEC360 C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll [2008-04-14 13:00] - [2009-04-20 18:17] - 0045568 ____A (Microsoft Corporation) 407F3227AC618FD1CA54B335B083DE07 C:\WINDOWS\system32\ipnathlp.dll [2008-04-14 13:00] - [2008-04-14 13:00] - 0334336 ____A (Microsoft Corporation) CAD058D5F8B889A87CA3EB3CF624DCEF C:\WINDOWS\system32\netman.dll [2008-04-14 13:00] - [2008-04-14 13:00] - 0198144 ____A (Microsoft Corporation) E6D88F1F6745BF00B57E7855A2AB696C C:\WINDOWS\system32\wbem\WMIsvc.dll [2012-07-15 12:59] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729 C:\WINDOWS\system32\srsvc.dll [2012-07-15 13:01] - [2008-04-14 13:00] - 0171520 ____A (Microsoft Corporation) FE77A85495065F3AD59C5C65B6C54182 C:\WINDOWS\system32\Drivers\sr.sys [2012-07-15 13:01] - [2008-04-14 13:00] - 0073472 ____A (Microsoft Corporation) 50FA898F8C032796D3B1B9951BB5A90F C:\WINDOWS\system32\wscsvc.dll [2008-04-14 13:00] - [2008-04-14 13:00] - 0080896 ____A (Microsoft Corporation) 300B3E84FAF1A5C1F791C159BA28035D C:\WINDOWS\system32\wbem\WMIsvc.dll [2012-07-15 12:59] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729 C:\WINDOWS\system32\wuauserv.dll [2012-07-15 13:01] - [2008-04-14 13:00] - 0006656 ____A (Microsoft Corporation) 7B4FE05202AA6BF9F4DFD0E6A0D8A085 C:\WINDOWS\system32\qmgr.dll [2012-07-15 13:01] - [2008-04-14 13:00] - 0409088 ____A (Microsoft Corporation) D6F603772A789BB3228F310D650B8BD1 C:\WINDOWS\system32\es.dll [2008-04-14 13:00] - [2008-07-07 21:26] - 0253952 ____A (Microsoft Corporation) AF4F6B5739D18CA7972AB53E091CBC74 C:\WINDOWS\system32\cryptsvc.dll [2008-04-14 13:00] - [2008-04-14 13:00] - 0062464 ____A (Microsoft Corporation) 611F824E5C703A5A899F84C5F1699E4D C:\WINDOWS\system32\svchost.exe [2008-04-14 13:00] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4FBC75B74479C7A6F829E0CA19DF3366 C:\WINDOWS\system32\rpcss.dll [2008-04-14 13:00] - [2009-02-09 11:51] - 0401408 ____A (Microsoft Corporation) 3127AFBF2C1ED0AB14A1BBB7AAECB85B C:\WINDOWS\system32\services.exe [2008-04-14 13:00] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) A3EDBE9053889FB24AB22492472B39DC Extra List: ======= Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 0x0700000004000000010000000200000003000000050000000600000007000000 IpSec Tag value is correct. **** End of log **** |
03.01.2013, 12:58 | #14 |
/// TB-Ausbilder | GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich Hi, das sieht jetzt besser aus. Läuft die Firewall nun wieder? Gibts sonst noch Probleme? Wir müssen noch veraltete Softwareversionen updaten. Schritt 1 Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall BitTorrent. Diese Programme erlauben es dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und dies ist auch ein Grund, warum sich Malware so schnell verbreitet. Du kannst niemals wissen, woher die heruntergeladenen Dateien stammen und was wirklich drin ist. Auch eine Überprüfung durch ein Antivirenprogramm ist nur bedingt aussagekräftig. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstösst. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service, wie zum Beispiel zum Downloaden von Linux Distributionen oder Open Office. Denoch würde ich dir empfehlen, diese Art von Software nicht weiterhin zu verwenden und sie über Start --> Systemsteuerung --> Softwarezu deinstallieren. Bitte gib Bescheid, wenn du eines der gelisteten Programme nicht finden kannst. Schritt 2 Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.
Schritt 3 Deinstalliere bitte deine aktuelle Version von Adobe Reader über Start --> Systemsteuerung --> Software --> Adobe Readerund lade dir die neue Version von hier herunter. Entferne bei der Installation den Haken für den McAfee SecurityScan bzw. Google Chrome. Schritt 4 Starte bitte OTL.exe. Unter Extra Registrierung wähle bitte: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
03.01.2013, 20:56 | #15 |
| GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich Guten Abend, Firewall ist aktiv. bittorrent deinstalliert. Java 7 Update 10 installiert, altes Java deinstalliert, temporäre Dateien gelöscht. Adobe Reader deinstalliert, neuer Adobe Reader installiert. Plugin Check für alle up to date. OTL - Log Code:
ATTFilter OTL logfile created on: 03.01.2013 20:39:17 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\*****\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 80,11% Memory free 5,32 Gb Paging File | 4,69 Gb Available in Paging File | 88,08% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 46,60 Gb Total Space | 34,07 Gb Free Space | 73,11% Space Free | Partition Type: NTFS Drive D: | 3,03 Gb Total Space | 3,02 Gb Free Space | 99,46% Space Free | Partition Type: NTFS Drive E: | 104,40 Gb Total Space | 100,61 Gb Free Space | 96,38% Space Free | Partition Type: NTFS Drive F: | 507,81 Gb Total Space | 45,57 Gb Free Space | 8,97% Space Free | Partition Type: NTFS Drive G: | 1005,85 Gb Total Space | 849,87 Gb Free Space | 84,49% Space Free | Partition Type: NTFS Drive H: | 195,32 Gb Total Space | 195,25 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Drive I: | 2,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: T-14D6CA48631E4 | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.31 11:31:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Desktop\OTL.exe PRC - [2012.12.05 16:33:12 | 000,916,960 | ---- | M] (Mozilla Corporation) -- E:\Tools\Firefox\firefox.exe PRC - [2012.11.28 10:33:11 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.11.01 18:56:20 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2012.09.10 09:17:48 | 000,436,728 | ---- | M] (TomTom) -- C:\Programme\MyTomTom 3\MyTomTomSA.exe PRC - [2012.08.08 17:11:10 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Tools\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Tools\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Tools\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Tools\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.02.10 05:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- E:\Office\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- E:\Office\program\soffice.bin PRC - [2010.11.17 02:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.08.29 16:06:10 | 001,077,248 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe ========== Modules (No Company Name) ========== MOD - [2012.12.05 16:33:11 | 002,397,152 | ---- | M] () -- E:\Tools\Firefox\mozjs.dll MOD - [2012.11.01 18:57:10 | 000,100,248 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2012.11.01 18:56:20 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2012.09.10 09:17:56 | 000,025,592 | ---- | M] () -- C:\Programme\MyTomTom 3\DeviceDetection.dll MOD - [2012.09.10 09:17:52 | 000,254,968 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterProxy.dll MOD - [2012.09.10 09:17:50 | 000,073,720 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterBase.dll MOD - [2012.07.26 07:46:31 | 000,985,088 | ---- | M] () -- E:\Office\program\libxml2.dll MOD - [2012.04.16 22:11:02 | 000,398,288 | ---- | M] () -- E:\Tools\Avira\AntiVir Desktop\sqlite3.dll MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Services (SafeList) ========== SRV - [2012.12.12 11:35:06 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.05 16:33:11 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.28 10:33:11 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Tools\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Tools\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.10 05:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2009.12.15 13:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- G:\Games\RPG\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.10.10 23:02:31 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.01.17 13:45:58 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2011.01.14 08:06:40 | 000,277,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2010.12.10 06:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010.12.10 06:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010.11.02 12:36:26 | 006,188,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009.11.18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.03 21:52:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: E:\Tools\Firefox\components [2012.12.05 16:33:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: E:\Tools\Firefox\plugins [2013.01.03 20:26:21 | 000,000,000 | ---D | M] [2012.07.15 15:10:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Extensions [2012.10.23 07:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\5vypdmku.default\extensions O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] E:\Tools\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Programme\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - Startup: C:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = E:\Office\program\quickstart.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10) O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{245F58A0-26A6-4A5D-B4D4-6C81745F00A5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.07.15 13:03:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008.01.08 08:08:11 | 000,000,000 | R--D | M] - I:\Autorun -- [ UDF ] O32 - AutoRun File - [2007.09.17 19:48:04 | 000,263,744 | R--- | M] (Firaxis Games) - I:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2007.09.20 03:18:35 | 000,006,276 | R--- | M] () - I:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.03 20:26:10 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe [2013.01.03 20:26:10 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2013.01.03 19:50:23 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.01.03 19:50:23 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.01.03 19:50:23 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.01.03 19:49:51 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.01.02 20:49:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop\CC Support [2013.01.02 18:03:43 | 000,697,911 | ---- | C] (Farbar) -- C:\Dokumente und Einstellungen\*****\Desktop\FSS.exe [2012.12.31 18:26:11 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.12.31 11:46:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Desktop\OTL.exe [2012.12.31 04:25:30 | 000,000,000 | ---D | C] -- C:\_OTL [2012.12.29 23:26:29 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll [2012.12.29 23:23:17 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll [2012.12.29 23:23:17 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll [2012.12.29 23:23:17 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll [2012.12.29 23:23:17 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll [2012.12.29 23:23:16 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll [2012.12.29 23:23:16 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll [2012.12.29 23:23:15 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll [2012.12.29 23:23:15 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll [2012.12.29 23:23:14 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll [2012.12.29 23:23:13 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll [2012.12.29 23:23:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll [2012.12.29 23:23:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll [2012.12.29 23:23:11 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll [2012.12.29 23:23:11 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll [2012.12.29 23:23:10 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll [2012.12.29 23:23:10 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll [2012.12.29 23:23:10 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll [2012.12.29 23:23:10 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll [2012.12.29 23:23:10 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll [2012.12.29 23:23:09 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll [2012.12.29 23:23:09 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll [2012.12.29 23:23:09 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll [2012.12.29 23:23:09 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll [2012.12.29 23:23:08 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll [2012.12.29 23:23:08 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll [2012.12.29 23:23:08 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll [2012.12.29 23:23:07 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll [2012.12.29 23:23:07 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll [2012.12.29 23:23:07 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll [2012.12.29 23:23:06 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll [2012.12.29 23:23:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll [2012.12.29 23:23:06 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll [2012.12.29 23:23:06 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll [2012.12.29 23:23:05 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll [2012.12.29 23:23:05 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll [2012.12.29 23:23:05 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll [2012.12.29 23:23:05 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll [2012.12.29 23:23:04 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll [2012.12.29 23:23:04 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll [2012.12.29 23:23:04 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll [2012.12.29 23:23:04 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll [2012.12.29 23:23:03 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll [2012.12.29 23:22:10 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\dotNetFx35setup.exe [2012.12.29 23:22:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Star Vault [2012.12.23 13:27:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Downloads [2012.12.23 13:27:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\TomTom [2012.12.23 13:27:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Startmenü\Programme\TomTom [2012.12.23 13:27:21 | 000,000,000 | ---D | C] -- C:\Programme\TomTom International B.V [2012.12.23 13:27:14 | 000,000,000 | ---D | C] -- C:\Programme\MyTomTom 3 [2012.12.21 01:06:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\Birth of the Empires [2012.12.21 01:06:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Birth of the Empires Alpha 6.1 [2012.12.20 09:59:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Recuva [2012.12.20 09:58:59 | 000,000,000 | ---D | C] -- C:\Programme\Recuva [2012.12.15 20:51:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\The Walking Dead [2012.12.15 20:51:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\R.G. Mechanics [2012.12.15 20:36:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\Telltale Games [2012.12.15 20:35:53 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll [2012.12.15 20:35:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs [2012.12.10 22:27:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\Bioshock [2012.12.10 22:27:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Bioshock [2012.12.10 22:09:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\SecuROM [2012.12.10 21:31:52 | 000,108,144 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll [2012.12.09 01:49:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Application Data ========== Files - Modified Within 30 Days ========== [2013.01.03 20:35:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.03 20:26:21 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk [2013.01.03 20:19:59 | 000,013,730 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.03 20:19:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.03 19:49:51 | 000,492,418 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.03 19:49:51 | 000,472,714 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.03 19:49:51 | 000,090,676 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.03 19:49:51 | 000,075,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.02 21:56:31 | 000,070,656 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.02 18:04:53 | 004,009,167 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Desktop\ServicesRepair.exe [2013.01.02 18:03:44 | 000,697,911 | ---- | M] (Farbar) -- C:\Dokumente und Einstellungen\*****\Desktop\FSS.exe [2012.12.31 18:15:35 | 000,000,615 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.31 11:31:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Desktop\OTL.exe [2012.12.30 13:00:05 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.12.29 23:22:10 | 000,000,810 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mortal Online.lnk [2012.12.23 13:28:57 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.12.21 19:48:20 | 000,125,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.12.12 11:35:06 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.12.12 11:35:06 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.12.10 21:31:52 | 000,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll ========== Files Created - No Company Name ========== [2013.01.03 20:26:21 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk [2013.01.03 20:26:21 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk [2013.01.02 18:03:33 | 004,009,167 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Desktop\ServicesRepair.exe [2012.12.31 18:15:35 | 000,000,615 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.30 13:00:05 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.12.29 23:22:10 | 000,000,810 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mortal Online.lnk [2012.11.24 14:08:07 | 000,393,256 | ---- | C] () -- C:\WINDOWS\System32\CNQ4809N.DAT [2012.08.03 21:54:43 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012.08.03 21:42:31 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012.08.03 21:42:31 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2012.07.22 10:03:36 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll [2012.07.22 10:03:36 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll [2012.07.16 10:08:00 | 000,070,656 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.15 17:57:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.07.15 14:57:37 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2012.07.15 14:46:26 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2012.07.15 14:46:24 | 000,031,155 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2012.07.15 14:46:23 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2012.07.15 13:15:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012.07.15 13:14:38 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.07.15 13:12:05 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012.07.15 13:12:05 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012.07.15 13:12:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012.07.15 13:11:54 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012.07.15 13:04:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.07.15 13:00:49 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2012.07.18 18:48:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Extra log Code:
ATTFilter OTL Extras logfile created on: 03.01.2013 20:39:17 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\*****\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 80,11% Memory free 5,32 Gb Paging File | 4,69 Gb Available in Paging File | 88,08% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 46,60 Gb Total Space | 34,07 Gb Free Space | 73,11% Space Free | Partition Type: NTFS Drive D: | 3,03 Gb Total Space | 3,02 Gb Free Space | 99,46% Space Free | Partition Type: NTFS Drive E: | 104,40 Gb Total Space | 100,61 Gb Free Space | 96,38% Space Free | Partition Type: NTFS Drive F: | 507,81 Gb Total Space | 45,57 Gb Free Space | 8,97% Space Free | Partition Type: NTFS Drive G: | 1005,85 Gb Total Space | 849,87 Gb Free Space | 84,49% Space Free | Partition Type: NTFS Drive H: | 195,32 Gb Total Space | 195,25 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Drive I: | 2,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: T-14D6CA48631E4 | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\Tools\Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [open] -- explorer.exe "%1" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "G:\Games\RPG\Dragon Age\bin_ship\daorigins.exe" = G:\Games\RPG\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age: Origins -- (BioWare) "G:\Games\RPG\Dragon Age\DAOriginsLauncher.exe" = G:\Games\RPG\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins-Launcher -- (BioWare) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation) "E:\Market\MetaTrader5\metatester.exe" = E:\Market\MetaTrader5\metatester.exe:*:Enabled:MetaTrader 5 Strategy Tester Agent -- (MetaQuotes Software Corp.) "G:\Games\Simulation\Utherverse VWW Client\Utherverse.exe" = G:\Games\Simulation\Utherverse VWW Client\Utherverse.exe:*:Enabled:Utherverse "E:\Media\Winamp\winamp.exe" = E:\Media\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.) "G:\Games\RPG\Dragon Age\bin_ship\daorigins.exe" = G:\Games\RPG\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age: Origins -- (BioWare) "C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temp\7zS0264\HPDiagnosticCoreUI.exe" = C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temp\7zS0264\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "G:\Games\Strategie\Birth of the Empires Alpha 6.1\BotE.exe" = G:\Games\Strategie\Birth of the Empires Alpha 6.1\BotE.exe:*:Enabled:Birth of the Empires -- (Sir Pustekuchen) "G:\Games\RPG\Mortal Online\Mortal Online Launcher.exe" = G:\Games\RPG\Mortal Online\Mortal Online Launcher.exe:*:Enabled:Mortal Online Launcher -- (Star Vault) "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{0A753859-207A-436C-BB49-B0A4FA72F91E}_is1" = Birth of the Empires 0.81 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809" = CanoScan LiDE 210 Scanner Driver "{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 10 "{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX "{4F75616F-49C7-4EA2-8725-7E1A7AB1949C}" = Nero InfoTool 11 Help (CHM) "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{64BEF779-5053-48AF-A3D8-B70EBC1C70E7}" = Nero 11 InfoTool "{69764F1C-55E1-4219-BDC5-299CD95FF004}_is1" = Mortal Online "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7911C404-9AFA-4BB2-B9B7-E47423D87528}" = Knights Of Honor "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A90E924E-1B35-44B0-978E-3F6F89FBC960}" = Nero InfoTool 11 "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1" = Stranded II 1.0.0.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F7311566-7EA9-4213-A7F8-E0C237EFAD16}" = UFO Extraterrestrials "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80 "Avira AntiVir Desktop" = Avira Free Antivirus "CanonSolutionMenuEX" = Canon Solution Menu EX "DAEMON Tools Lite" = DAEMON Tools Lite "DivX Setup" = DivX-Setup "ESET Online Scanner" = ESET Online Scanner v3 "ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09] "HP PrecisionScan LTX" = HP PrecisionScan LTX "ie8" = Windows Internet Explorer 8 "ImgBurn" = ImgBurn "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "MetaTrader 5" = MetaTrader 5 "Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "MyTomTom" = MyTomTom 3.2.0.802 "Recuva" = Recuva "The Walking Dead_R.G. Mechanics_is1" = The Walking Dead "Winamp" = Winamp "WinRAR archiver" = WinRAR 4.10 (32-Bit) "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Xvid Video Codec 1.3.2" = Xvid Video Codec ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete "BASE 5.1" = BASE 5.1 "FunnyGames - the_last_stand_-_union_city" = FunnyGames - The Last Stand - Union City ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 29.11.2012 09:15:21 | Computer Name = T-14D6CA48631E4 | Source = MsiInstaller | ID = 11316 Description = Product: Skype™ 5.10 -- Error 1316. A network error occurred while attempting to read from the file: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeSetup_5.8.0.156.msi Error - 29.11.2012 19:41:36 | Computer Name = T-14D6CA48631E4 | Source = MsiInstaller | ID = 11316 Description = Product: Skype™ 5.10 -- Error 1316. A network error occurred while attempting to read from the file: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeSetup_5.8.0.156.msi Error - 30.11.2012 06:51:07 | Computer Name = T-14D6CA48631E4 | Source = MsiInstaller | ID = 11316 Description = Product: Skype™ 5.10 -- Error 1316. A network error occurred while attempting to read from the file: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeSetup_5.8.0.156.msi Error - 30.11.2012 20:46:02 | Computer Name = T-14D6CA48631E4 | Source = MsiInstaller | ID = 11316 Description = Product: Skype™ 5.10 -- Error 1316. A network error occurred while attempting to read from the file: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeSetup_5.8.0.156.msi Error - 01.12.2012 11:36:19 | Computer Name = T-14D6CA48631E4 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung civ4beyondsword.exe, Version 3.1.9.0, fehlgeschlagenes Modul d3d9.dll, Version 5.3.2600.5512, Fehleradresse 0x00087676. Error - 01.12.2012 15:58:03 | Computer Name = T-14D6CA48631E4 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung civ4beyondsword.exe, Version 3.1.9.0, fehlgeschlagenes Modul d3d9.dll, Version 5.3.2600.5512, Fehleradresse 0x00087676. Error - 01.12.2012 22:00:29 | Computer Name = T-14D6CA48631E4 | Source = MsiInstaller | ID = 11316 Description = Product: Skype™ 5.10 -- Error 1316. A network error occurred while attempting to read from the file: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeSetup_5.8.0.156.msi Error - 02.12.2012 22:00:34 | Computer Name = T-14D6CA48631E4 | Source = MsiInstaller | ID = 11316 Description = Product: Skype™ 5.10 -- Error 1316. A network error occurred while attempting to read from the file: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeSetup_5.8.0.156.msi Error - 02.12.2012 23:26:08 | Computer Name = T-14D6CA48631E4 | Source = MsiInstaller | ID = 11316 Description = Product: Skype™ 5.10 -- Error 1316. A network error occurred while attempting to read from the file: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeSetup_5.8.0.156.msi Error - 29.12.2012 18:22:19 | Computer Name = T-14D6CA48631E4 | Source = MsiInstaller | ID = 1013 Description = Produkt: NVIDIA PhysX -- Installation terminated [ System Events ] Error - 30.12.2012 04:58:22 | Computer Name = T-14D6CA48631E4 | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 30.12.2012 05:03:38 | Computer Name = T-14D6CA48631E4 | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 31.12.2012 06:45:48 | Computer Name = T-14D6CA48631E4 | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 31.12.2012 06:45:51 | Computer Name = T-14D6CA48631E4 | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 31.12.2012 06:46:43 | Computer Name = T-14D6CA48631E4 | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 31.12.2012 06:50:40 | Computer Name = T-14D6CA48631E4 | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 31.12.2012 06:50:47 | Computer Name = T-14D6CA48631E4 | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 31.12.2012 06:51:00 | Computer Name = T-14D6CA48631E4 | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 03.01.2013 10:53:41 | Computer Name = T-14D6CA48631E4 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst auf Anwendungsebene. Error - 03.01.2013 10:53:41 | Computer Name = T-14D6CA48631E4 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > [/QUOTE] also ein Problem habe ich noch. Ich suche ein genügend großes Paddel um damit den Hintern meines Sohnes zu versohlen. Vielleicht nicht ganz die moderne Erziehungsmethode, aber so langsam ist mir danach |
Themen zu GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich |
7-zip, adobe, antivir, avira, bho, black, boot-cd, browser, desktop, einstellungen, error, firefox, flash player, format, helper, logfile, mozilla, nvidia update, plug-in, realtek, registry, runctf.lnk, rundll, scan, security, software, temp, trojaner, usb, visual studio, windows, windows internet, windows xp, zugänglich |