| |
| |||||||
Log-Analyse und Auswertung: Ist mein PC noch verseucht oder bin ich clean?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.05.2013, 20:08
| #1 |
| |  Ist mein PC noch verseucht oder bin ich clean? Hallo Team, ich hab unseren alten XP-Rechner rausgekramt und hab den angeschmissen. Jetzt will ich den PC auf Vordermann bringen.  OTL: Code:
ATTFilter OTL logfile created on: 16.05.2013 16:53:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Sebastian\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,25 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 58,21% Memory free 1,48 Gb Paging File | 1,16 Gb Available in Paging File | 78,09% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Programme Drive C: | 55,89 Gb Total Space | 26,77 Gb Free Space | 47,90% Space Free | Partition Type: NTFS Drive D: | 46,87 Gb Total Space | 30,33 Gb Free Space | 64,71% Space Free | Partition Type: NTFS Drive E: | 9,02 Gb Total Space | 9,00 Gb Free Space | 99,79% Space Free | Partition Type: FAT32 Computer Name: DIDI | User Name: Sebastian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Sebastian\desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\WINDOWS\system32\msdmo.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (AIDA32Driver) -- C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\Rar$EXa0.577\aida32.sys File not found DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de/ IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de/ IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de/ IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de/ IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\URLSearchHook: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=B6C3E46B-3098-412A-8DC0-A3ADC66AB0AA IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.05.15 18:39:52 | 000,000,000 | ---D | M] [2013.05.15 18:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Extensions [2013.05.16 00:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\6j61qf8x.default\extensions [2013.05.16 00:18:58 | 000,870,680 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\6j61qf8x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.15 18:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.15 18:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.15 18:31:05 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.05.15 17:21:17 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (no name) - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found. O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\Toolbar\ShellBrowser: (no name) - {4596013B-6C31-408B-A266-DEAE5C086DC2} - No CLSID value found. O3 - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found. O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found O8 - Extra context menu item: Save YouTube Video - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm File not found O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_06\bin\npjpi141_06.dll File not found O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab (Reg Error: Key error.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1368655644421 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1_06-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4140E8F9-F1AA-4478-9293-C4FCA17769AF}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.16 16:52:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sebastian\Desktop\OTL.exe [2013.05.16 16:33:45 | 000,000,000 | ---D | C] -- C:\windows\LastGood [2013.05.16 16:30:06 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Sebastian\IETldCache [2013.05.16 12:56:01 | 000,000,000 | ---D | C] -- C:\windows\ie8updates [2013.05.16 12:55:01 | 000,000,000 | ---D | C] -- C:\windows\WBEM [2013.05.16 12:52:09 | 000,000,000 | -H-D | C] -- C:\windows\ie8 [2013.05.16 12:41:08 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\jsdbgui.dll [2013.05.16 12:39:20 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeeds.dll [2013.05.16 12:39:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeedsbs.dll [2013.05.16 12:39:17 | 002,005,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\iertutil.dll [2013.05.16 12:39:17 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\iedvtool.dll [2013.05.16 12:39:15 | 011,112,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ieframe.dll [2013.05.16 12:35:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Skype [2013.05.16 12:34:43 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2013.05.16 12:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2013.05.16 12:34:41 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2013.05.16 12:22:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2013.05.16 12:22:51 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2013.05.16 12:22:37 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll [2013.05.16 12:22:37 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll [2013.05.16 12:22:37 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2013.05.16 12:22:37 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javacpl.cpl [2013.05.16 12:22:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013.05.16 12:22:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe [2013.05.16 12:22:23 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [2013.05.16 12:21:37 | 000,000,000 | ---D | C] -- C:\Programme\Java [2013.05.16 12:17:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Sun [2013.05.16 12:14:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8 [2013.05.16 12:14:02 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer [2013.05.16 12:12:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\vlc [2013.05.16 12:11:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [2013.05.16 12:09:12 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN [2013.05.16 00:15:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.05.16 00:15:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Desktop\mbar [2013.05.16 00:10:03 | 000,018,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mucltui.dll.mui [2013.05.16 00:07:50 | 000,023,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltui.dll.mui [2013.05.16 00:07:49 | 000,015,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll.mui [2013.05.15 19:35:47 | 000,208,896 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvudisp.exe [2013.05.15 19:35:25 | 000,208,896 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\NVUNINST.EXE [2013.05.15 19:23:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Startmenü\Programme\WinRAR [2013.05.15 19:23:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\WinRAR [2013.05.15 19:23:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinRAR [2013.05.15 19:23:49 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR [2013.05.15 19:06:32 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sebastian\Desktop\TFC.exe [2013.05.15 18:34:52 | 000,000,000 | ---D | C] -- C:\windows\tmp [2013.05.15 18:31:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla [2013.05.15 18:31:02 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.05.15 17:49:10 | 000,000,000 | ---D | C] -- C:\windows\Prefetch [2013.05.15 17:42:25 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml6r.dll [2013.05.15 17:42:24 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml6.dll [2013.05.15 17:42:22 | 000,000,000 | ---D | C] -- C:\Programme\Messenger [2013.05.15 17:42:21 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpdxm.dll [2013.05.15 17:42:21 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpns.dll [2013.05.15 17:42:21 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpasf.dll [2013.05.15 17:42:21 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpband.dll [2013.05.15 17:42:20 | 004,874,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmp.dll [2013.05.15 17:42:20 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mpvis.dll [2013.05.15 17:42:20 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msaud32.acm [2013.05.15 17:42:20 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmerror.dll [2013.05.15 17:42:20 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\windows\System32\dllcache\sl_anet.acm [2013.05.15 17:42:19 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\migrate.exe [2013.05.15 17:42:19 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mp4sdmod.dll [2013.05.15 17:42:19 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mp43dmod.dll [2013.05.15 17:42:19 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\windows\System32\dllcache\l3codeca.acm [2013.05.15 17:42:16 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpcdll.dll [2013.05.15 17:42:13 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll [2013.05.15 17:42:12 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3ui.dll [2013.05.15 17:42:12 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroles.dll [2013.05.15 17:42:12 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3cfg.dll [2013.05.15 17:42:12 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3msm.dll [2013.05.15 17:42:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpqec.dll [2013.05.15 17:42:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3gpclnt.dll [2013.05.15 17:42:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dimsroam.dll [2013.05.15 17:42:12 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsprx4.dll [2013.05.15 17:42:11 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapp3hst.dll [2013.05.15 17:42:11 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapphost.dll [2013.05.15 17:42:11 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappgnui.dll [2013.05.15 17:42:11 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapqec.dll [2013.05.15 17:42:10 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcex.dll [2013.05.15 17:42:10 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\microsoft.managementconsole.dll [2013.05.15 17:42:10 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcfxcommon.dll [2013.05.15 17:42:10 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\l2gpstore.dll [2013.05.15 17:42:10 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcperf.exe [2013.05.15 17:42:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdpash.dll [2013.05.15 17:42:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdnepr.dll [2013.05.15 17:42:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdiultn.dll [2013.05.15 17:42:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdbhc.dll [2013.05.15 17:42:09 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napmontr.dll [2013.05.15 17:42:09 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napstat.exe [2013.05.15 17:42:09 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssha.dll [2013.05.15 17:42:09 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msshavmsg.dll [2013.05.15 17:42:09 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napipsec.dll [2013.05.15 17:42:08 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\photometadatahandler.dll [2013.05.15 17:42:08 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rhttpaa.dll [2013.05.15 17:42:08 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qagent.dll [2013.05.15 17:42:08 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qcliprov.dll [2013.05.15 17:42:08 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupn.exe [2013.05.15 17:42:07 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll [2013.05.15 17:42:06 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\windowscodecsext.dll [2013.05.15 17:42:06 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmphoto.dll [2013.05.15 17:42:06 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanapi.dll [2013.05.15 17:42:05 | 000,000,000 | ---D | C] -- C:\windows\System32\de-de [2013.05.15 17:42:03 | 000,000,000 | ---D | C] -- C:\Programme\msn [2013.05.15 17:42:02 | 000,000,000 | ---D | C] -- C:\windows\l2schemas [2013.05.15 17:42:02 | 000,000,000 | ---D | C] -- C:\windows\System32\de [2013.05.15 17:39:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\custsat.dll [2013.05.15 17:39:01 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dlimport.exe [2013.05.15 17:39:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\asferror.dll [2013.05.15 17:38:58 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mpg4ds32.ax [2013.05.15 17:38:58 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mpg4dmod.dll [2013.05.15 17:38:58 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msadds32.ax [2013.05.15 17:38:58 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mplay32.exe [2013.05.15 17:38:58 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mplayer2.exe [2013.05.15 17:38:57 | 000,847,898 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msdxm.ocx [2013.05.15 17:38:57 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\npdrmv2.dll [2013.05.15 17:38:57 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msscds32.ax [2013.05.15 17:38:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\npwmsdrm.dll [2013.05.15 17:38:57 | 000,004,126 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msdxmlc.dll [2013.05.15 17:38:56 | 002,973,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmploc.dll [2013.05.15 17:38:56 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmstream.dll [2013.05.15 17:38:56 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\unregmp2.exe [2013.05.15 17:38:56 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\shmedia.dll [2013.05.15 17:38:56 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmsdmoe.dll [2013.05.15 17:38:56 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpshell.dll [2013.05.15 17:38:56 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmplayer.exe [2013.05.15 17:38:56 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpui.dll [2013.05.15 17:38:56 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpcore.dll [2013.05.15 17:38:56 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpcd.dll [2013.05.15 17:38:56 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmp.ocx [2013.05.15 17:38:55 | 000,278,559 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmv8ds32.ax [2013.05.15 17:38:55 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmvds32.ax [2013.05.15 17:36:42 | 000,000,000 | ---D | C] -- C:\windows\network diagnostic [2013.05.15 17:30:05 | 000,000,000 | -H-D | C] -- C:\windows\$NtServicePackUninstall$ ========== Files - Modified Within 30 Days ========== [2013.05.16 16:52:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sebastian\Desktop\OTL.exe [2013.05.16 16:27:14 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat [2013.05.16 16:27:12 | 001,766,704 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013.05.16 12:57:53 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK [2013.05.16 12:35:27 | 000,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat [2013.05.16 12:34:43 | 000,001,870 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2013.05.16 12:22:02 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [2013.05.16 12:21:56 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2013.05.16 12:21:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013.05.16 12:21:55 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll [2013.05.16 12:21:55 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll [2013.05.16 12:21:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe [2013.05.16 12:21:55 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javacpl.cpl [2013.05.16 12:16:25 | 000,000,173 | ---- | M] () -- C:\windows\RtlRack.ini [2013.05.16 12:11:51 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2013.05.16 01:09:40 | 000,035,840 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.15 19:48:47 | 000,000,000 | ---- | M] () -- C:\boot.ini [2013.05.15 19:06:33 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sebastian\Desktop\TFC.exe [2013.05.15 18:31:07 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.05.15 18:15:51 | 000,000,261 | ---- | M] () -- C:\prefs.js [2013.05.15 17:56:22 | 000,463,150 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.05.15 17:56:22 | 000,442,880 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.05.15 17:56:22 | 000,087,386 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.05.15 17:56:22 | 000,072,574 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.05.15 17:51:39 | 000,316,640 | ---- | M] () -- C:\windows\WMSysPr9.prx [2013.05.15 17:49:51 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl [2013.05.15 17:36:14 | 000,251,712 | RHS- | M] () -- C:\ntldr [2013.05.15 16:51:53 | 000,628,743 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Desktop\adwcleaner_2.3.0.0.exe [2013.04.17 00:16:49 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mshtml.dll [2013.04.17 00:16:49 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\urlmon.dll [2013.04.17 00:16:49 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wininet.dll [2013.04.17 00:16:49 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\vgx.dll [2013.04.17 00:16:49 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2013.04.17 00:16:49 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeeds.dll [2013.04.17 00:16:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mstime.dll [2013.04.17 00:16:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mstime.dll [2013.04.17 00:16:49 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\jsdbgui.dll [2013.04.17 00:16:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\occache.dll [2013.04.17 00:16:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll [2013.04.17 00:16:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\url.dll [2013.04.17 00:16:49 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mshtmled.dll [2013.04.17 00:16:49 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2013.04.17 00:16:49 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeedsbs.dll [2013.04.17 00:16:49 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll [2013.04.17 00:16:49 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\licmgr10.dll [2013.04.17 00:16:49 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2013.04.17 00:16:49 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\jsproxy.dll [2013.04.17 00:16:48 | 011,112,960 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ieframe.dll [2013.04.17 00:16:48 | 002,005,504 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iertutil.dll [2013.04.17 00:16:48 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2013.04.17 00:16:48 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\inetcpl.cpl [2013.04.17 00:16:48 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iedvtool.dll [2013.04.17 00:16:48 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2013.04.17 00:16:48 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iedkcs32.dll [2013.04.17 00:16:48 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2013.04.17 00:16:48 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iepeers.dll ========== Files Created - No Company Name ========== [2013.05.16 12:34:43 | 000,001,870 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2013.05.16 12:11:51 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2013.05.15 19:48:47 | 000,000,000 | ---- | C] () -- C:\boot.ini [2013.05.15 19:35:47 | 000,089,258 | ---- | C] () -- C:\windows\System32\nvapps.xml [2013.05.15 19:35:47 | 000,017,056 | ---- | C] () -- C:\windows\System32\nvdisp.nvu [2013.05.15 18:31:07 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.05.15 18:31:06 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2013.05.15 18:15:51 | 000,000,261 | ---- | C] () -- C:\prefs.js [2013.05.15 18:10:49 | 003,932,214 | ---- | C] () -- C:\windows\FrameShow Wallpaper.BMP [2013.05.15 17:42:21 | 000,660,224 | ---- | C] () -- C:\windows\System32\dllcache\wmplayer.chm [2013.05.15 17:42:21 | 000,354,468 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud1.wav [2013.05.15 17:42:21 | 000,343,204 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud7.wav [2013.05.15 17:42:21 | 000,343,204 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud6.wav [2013.05.15 17:42:21 | 000,172,196 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud9.wav [2013.05.15 17:42:21 | 000,172,196 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud8.wav [2013.05.15 17:42:21 | 000,172,196 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud3.wav [2013.05.15 17:42:21 | 000,086,196 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud5.wav [2013.05.15 17:42:21 | 000,086,180 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud4.wav [2013.05.15 17:42:21 | 000,086,180 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud2.wav [2013.05.15 17:42:21 | 000,076,456 | ---- | C] () -- C:\windows\System32\dllcache\wmplayer.adm [2013.05.15 17:42:21 | 000,058,216 | ---- | C] () -- C:\windows\System32\dllcache\wmp.inf [2013.05.15 17:42:21 | 000,026,141 | ---- | C] () -- C:\windows\System32\dllcache\wmplay.chm [2013.05.15 17:42:21 | 000,010,457 | ---- | C] () -- C:\windows\System32\dllcache\wmptour.hta [2013.05.15 17:42:21 | 000,001,771 | ---- | C] () -- C:\windows\System32\dllcache\wmptour.css [2013.05.15 17:42:21 | 000,001,730 | ---- | C] () -- C:\windows\System32\dllcache\wmpocm.inf [2013.05.15 17:42:21 | 000,000,420 | ---- | C] () -- C:\windows\System32\dllcache\wmploc.js [2013.05.15 17:42:20 | 000,572,557 | ---- | C] () -- C:\windows\System32\dllcache\rtuner.wmv [2013.05.15 17:42:20 | 000,375,519 | ---- | C] () -- C:\windows\System32\dllcache\nuskin.wmv [2013.05.15 17:42:20 | 000,300,969 | ---- | C] () -- C:\windows\System32\dllcache\viz.wmv [2013.05.15 17:42:20 | 000,084,531 | ---- | C] () -- C:\windows\System32\dllcache\plyr_err.chm [2013.05.15 17:42:20 | 000,066,132 | ---- | C] () -- C:\windows\System32\dllcache\revert.wmz [2013.05.15 17:42:20 | 000,036,610 | ---- | C] () -- C:\windows\System32\dllcache\mplayer2.inf [2013.05.15 17:42:20 | 000,034,554 | ---- | C] () -- C:\windows\System32\dllcache\wmdm.inf [2013.05.15 17:42:20 | 000,023,829 | ---- | C] () -- C:\windows\System32\dllcache\tourbg.gif [2013.05.15 17:42:20 | 000,022,060 | ---- | C] () -- C:\windows\System32\dllcache\npds.zip [2013.05.15 17:42:20 | 000,017,489 | ---- | C] () -- C:\windows\System32\dllcache\videobg.gif [2013.05.15 17:42:20 | 000,013,540 | ---- | C] () -- C:\windows\System32\dllcache\wmfsdk.inf [2013.05.15 17:42:20 | 000,008,677 | ---- | C] () -- C:\windows\System32\dllcache\wm7.gif [2013.05.15 17:42:20 | 000,007,892 | ---- | C] () -- C:\windows\System32\dllcache\wm9.gif [2013.05.15 17:42:20 | 000,007,636 | ---- | C] () -- C:\windows\System32\dllcache\wm2.gif [2013.05.15 17:42:20 | 000,007,369 | ---- | C] () -- C:\windows\System32\dllcache\wm4.gif [2013.05.15 17:42:20 | 000,006,241 | ---- | C] () -- C:\windows\System32\dllcache\wm3.gif [2013.05.15 17:42:20 | 000,006,060 | ---- | C] () -- C:\windows\System32\dllcache\wm6.gif [2013.05.15 17:42:20 | 000,005,789 | ---- | C] () -- C:\windows\System32\dllcache\wm1.gif [2013.05.15 17:42:20 | 000,005,290 | ---- | C] () -- C:\windows\System32\dllcache\vidsamp.gif [2013.05.15 17:42:20 | 000,004,193 | ---- | C] () -- C:\windows\System32\dllcache\wm8.gif [2013.05.15 17:42:20 | 000,003,187 | ---- | C] () -- C:\windows\System32\dllcache\tour.js [2013.05.15 17:42:20 | 000,002,778 | ---- | C] () -- C:\windows\System32\dllcache\mplogoh.gif [2013.05.15 17:42:20 | 000,002,545 | ---- | C] () -- C:\windows\System32\dllcache\mplogo.gif [2013.05.15 17:42:20 | 000,002,477 | ---- | C] () -- C:\windows\System32\dllcache\wm5.gif [2013.05.15 17:42:20 | 000,002,469 | ---- | C] () -- C:\windows\System32\dllcache\tplay.gif [2013.05.15 17:42:20 | 000,002,450 | ---- | C] () -- C:\windows\System32\dllcache\tpause.gif [2013.05.15 17:42:20 | 000,002,375 | ---- | C] () -- C:\windows\System32\dllcache\tplayh.gif [2013.05.15 17:42:20 | 000,002,371 | ---- | C] () -- C:\windows\System32\dllcache\tpauseh.gif [2013.05.15 17:42:20 | 000,001,810 | ---- | C] () -- C:\windows\System32\dllcache\skins.inf [2013.05.15 17:42:20 | 000,001,476 | ---- | C] () -- C:\windows\System32\dllcache\plylst5.wpl [2013.05.15 17:42:20 | 000,001,471 | ---- | C] () -- C:\windows\System32\dllcache\plylst6.wpl [2013.05.15 17:42:20 | 000,001,471 | ---- | C] () -- C:\windows\System32\dllcache\plylst12.wpl [2013.05.15 17:42:20 | 000,001,469 | ---- | C] () -- C:\windows\System32\dllcache\plylst3.wpl [2013.05.15 17:42:20 | 000,001,467 | ---- | C] () -- C:\windows\System32\dllcache\plylst4.wpl [2013.05.15 17:42:20 | 000,001,398 | ---- | C] () -- C:\windows\System32\dllcache\taon.gif [2013.05.15 17:42:20 | 000,001,380 | ---- | C] () -- C:\windows\System32\dllcache\taonh.gif [2013.05.15 17:42:20 | 000,001,380 | ---- | C] () -- C:\windows\System32\dllcache\taoff.gif [2013.05.15 17:42:20 | 000,001,367 | ---- | C] () -- C:\windows\System32\dllcache\taoffh.gif [2013.05.15 17:42:20 | 000,001,261 | ---- | C] () -- C:\windows\System32\dllcache\plylst1.wpl [2013.05.15 17:42:20 | 000,001,148 | ---- | C] () -- C:\windows\System32\dllcache\snd.htm [2013.05.15 17:42:20 | 000,001,055 | ---- | C] () -- C:\windows\System32\dllcache\plylst2.wpl [2013.05.15 17:42:20 | 000,001,047 | ---- | C] () -- C:\windows\System32\dllcache\plylst7.wpl [2013.05.15 17:42:20 | 000,001,038 | ---- | C] () -- C:\windows\System32\dllcache\plylst8.wpl [2013.05.15 17:42:20 | 000,000,807 | ---- | C] () -- C:\windows\System32\dllcache\plylst11.wpl [2013.05.15 17:42:20 | 000,000,800 | ---- | C] () -- C:\windows\System32\dllcache\plylst10.wpl [2013.05.15 17:42:20 | 000,000,782 | ---- | C] () -- C:\windows\System32\dllcache\plylst9.wpl [2013.05.15 17:42:20 | 000,000,779 | ---- | C] () -- C:\windows\System32\dllcache\plylst13.wpl [2013.05.15 17:42:20 | 000,000,778 | ---- | C] () -- C:\windows\System32\dllcache\plylst14.wpl [2013.05.15 17:42:20 | 000,000,725 | ---- | C] () -- C:\windows\System32\dllcache\plylst15.wpl [2013.05.15 17:42:20 | 000,000,403 | ---- | C] () -- C:\windows\System32\dllcache\npdrmv2.zip [2013.05.15 17:42:19 | 000,457,607 | ---- | C] () -- C:\windows\System32\dllcache\mdlib.wmv [2013.05.15 17:42:19 | 000,381,425 | ---- | C] () -- C:\windows\System32\dllcache\copycd.wmv [2013.05.15 17:42:19 | 000,184,109 | ---- | C] () -- C:\windows\System32\dllcache\compact.wmz [2013.05.15 17:42:19 | 000,009,585 | ---- | C] () -- C:\windows\System32\dllcache\controls.css [2013.05.15 17:42:19 | 000,008,298 | ---- | C] () -- C:\windows\System32\dllcache\contents.htm [2013.05.15 17:42:19 | 000,006,878 | ---- | C] () -- C:\windows\System32\dllcache\controls.js [2013.05.15 17:42:19 | 000,005,971 | ---- | C] () -- C:\windows\System32\dllcache\events.js [2013.05.15 17:42:19 | 000,000,999 | ---- | C] () -- C:\windows\System32\dllcache\bktrh.gif [2013.05.15 17:42:19 | 000,000,773 | ---- | C] () -- C:\windows\System32\dllcache\cnth.gif [2013.05.15 17:42:19 | 000,000,773 | ---- | C] () -- C:\windows\System32\dllcache\cnt.gif [2013.05.15 17:42:19 | 000,000,772 | ---- | C] () -- C:\windows\System32\dllcache\cntd.gif [2013.05.15 17:42:19 | 000,000,760 | ---- | C] () -- C:\windows\System32\dllcache\cloapph.gif [2013.05.15 17:42:19 | 000,000,717 | ---- | C] () -- C:\windows\System32\dllcache\cloapp.gif [2013.05.15 17:35:07 | 000,001,374 | ---- | C] () -- C:\windows\imsins.BAK [2013.05.15 16:51:52 | 000,628,743 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Desktop\adwcleaner_2.3.0.0.exe [2010.05.07 21:23:50 | 000,010,698 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\.recently-used.xbel [2009.02.23 16:12:19 | 000,004,220 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak [2009.02.23 16:12:19 | 000,002,953 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2009.02.23 16:12:19 | 000,001,919 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2008.12.11 22:07:45 | 000,000,093 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.SimImages [2008.04.14 20:39:44 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2008.03.09 00:26:16 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2007.01.15 22:17:59 | 000,035,840 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.01.12 21:58:25 | 000,000,822 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\.plugin141_06.trace [2006.10.18 19:23:17 | 000,001,391 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2006.09.30 17:59:10 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html ========== ZeroAccess Check ========== [2008.01.16 16:18:29 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2008.04.14 07:52:12 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2006.09.30 16:49:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo [2006.10.19 09:05:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BOONTY [2007.02.01 07:13:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\exit tick tons active [2013.05.15 18:46:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2009.08.08 22:13:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GoldWave [2008.03.07 15:09:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM [2008.03.07 10:55:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail [2008.10.06 19:25:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Innovative Solutions [2007.05.24 11:44:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2009.03.03 19:08:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2010.02.19 20:33:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OpenFM [2007.05.24 12:10:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2009.03.06 11:19:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager [2008.11.07 17:47:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2009.02.28 15:12:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2009.12.07 15:52:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL [2006.09.26 12:28:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2007.05.16 11:00:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VManager [2009.02.28 15:11:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2006.12.19 20:44:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\.CannaPower [2006.11.06 15:11:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Alien Skin [2010.02.04 14:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Ashampoo [2006.11.25 13:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\BearShare [2008.12.03 17:34:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\DAEMON Tools [2008.04.27 22:05:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Dev-Cpp [2007.07.05 10:59:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\EPSON [2007.02.01 07:29:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\FiveAtomTool [2008.08.04 18:30:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\ICQ [2006.11.28 01:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\ICQ Toolbar [2006.09.24 20:19:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\ICQLite [2009.09.21 16:38:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\MAGIX [2007.05.20 15:59:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mayspies [2007.10.18 16:21:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\MusicIP [2008.11.15 12:52:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Nowe Gadu-Gadu [2008.04.13 22:36:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Panasonic [2007.05.26 13:27:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\PC Suite [2009.02.23 15:35:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\PhotoFrameShow [2009.02.25 15:21:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Spyware Terminator [2007.01.15 17:19:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Steinberg [2009.05.10 15:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\TeamViewer [2009.02.28 15:12:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\TuneUp Software [2006.09.26 15:29:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Ulead Systems [2008.11.21 16:27:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\EFSoftware [2007.12.08 23:34:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\EPSON [2010.05.07 21:23:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\gtk-2.0 [2007.03.06 12:40:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\EPSON [2009.03.15 15:21:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\GMX [2009.03.27 17:57:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\gtk-2.0 [2009.04.08 14:03:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\ICQ [2006.12.04 20:07:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\ICQLite [2009.02.03 11:49:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\InterTrust [2007.05.18 12:53:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\Mayspies ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 489 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF @Alternate Data Stream - 120 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C95B63DA @Alternate Data Stream - 113 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:06FE92BD < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.05.2013 16:53:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Sebastian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,25 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 58,21% Memory free
1,48 Gb Paging File | 1,16 Gb Available in Paging File | 78,09% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 26,77 Gb Free Space | 47,90% Space Free | Partition Type: NTFS
Drive D: | 46,87 Gb Total Space | 30,33 Gb Free Space | 64,71% Space Free | Partition Type: NTFS
Drive E: | 9,02 Gb Total Space | 9,00 Gb Free Space | 99,79% Space Free | Partition Type: FAT32
Computer Name: DIDI | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-682003330-1770027372-1801674531-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\IncrediMail\bin\IncMail.exe" = C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
"C:\Programme\IncrediMail\bin\ImApp.exe" = C:\Programme\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail
"C:\Programme\TeamViewer\Version8\TeamViewer.exe" = C:\Programme\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.3
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{33D6723B-DE6B-4E86-A6BC-CD1F3E42DD26}" = OpenOffice.org 2.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones
"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Zweckform Assistent 2.5
"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7FD95AAD-BABD-42F7-8ABF-1ECE49B73114}" = STOIK Software Deformer v.2.0 Trial
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90850415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90AF0415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector Pro
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}" = SAMSUNG PC Studio 2.0.9
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F19D07BC-6240-49D3-BA5C-59B015DF8916}" = EPSON Easy Photo Print
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl
"Ashampoo Photo Illuminator 2" = Ashampoo Photo Illuminator 2
"CodInstl" = Intel A/V Codecs V2.0
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ie8" = Windows Internet Explorer 8
"InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Zweckform Assistent 2.5
"InstallShield_{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}" = SAMSUNG PC Studio 2.0.9
"LHTTSGED" = L&H TTS3000 Deutsch
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.6
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR 5.00 beta 3 (32-bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.05.2013 10:39:39 | Computer Name = DIDI | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.
Error - 15.05.2013 11:06:40 | Computer Name = DIDI | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 800706BA von Zeile 44 von d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor
Error - 15.05.2013 11:06:41 | Computer Name = DIDI | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.
Error - 15.05.2013 11:09:21 | Computer Name = DIDI | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 800706BA von Zeile 44 von d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor
Error - 15.05.2013 11:09:22 | Computer Name = DIDI | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.
Error - 15.05.2013 11:50:52 | Computer Name = DIDI | Source = WinMgmt | ID = 4
Description = .MOF.Datei C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF
konnte während der Wiederherstellung der Repositorydatei nicht geladen werden.
Error - 15.05.2013 11:50:52 | Computer Name = DIDI | Source = WinMgmt | ID = 4
Description = .MOF.Datei C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION
FOUNDATION\SERVICEMODEL.MOF konnte während der Wiederherstellung der Repositorydatei
nicht geladen werden.
Error - 15.05.2013 12:32:06 | Computer Name = DIDI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 21.0.0.4879, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.05.2013 18:12:17 | Computer Name = DIDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msconfig.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul mfc42u.dll, Version 6.2.8071.0, Fehleradresse 0x000040bc.
Error - 16.05.2013 06:27:49 | Computer Name = DIDI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 21.0.0.4879, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 15.05.2013 19:12:59 | Computer Name = DIDI | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sisagp
Error - 15.05.2013 19:13:02 | Computer Name = DIDI | Source = Print | ID = 23
Description = Der Drucker EPSON Stylus DX3800 Series konnte nicht initialisiert
werden, da der Treiber EPSON Stylus DX3800 Series nicht gefunden wurde.
Error - 15.05.2013 19:13:02 | Computer Name = DIDI | Source = Print | ID = 23
Description = Der Drucker Microsoft Office Document Image Writer konnte nicht initialisiert
werden, da der Treiber Microsoft Office Document Image Writer Driver nicht gefunden
wurde.
Error - 16.05.2013 05:59:24 | Computer Name = DIDI | Source = Print | ID = 23
Description = Der Drucker EPSON Stylus DX3800 Series konnte nicht initialisiert
werden, da der Treiber EPSON Stylus DX3800 Series nicht gefunden wurde.
Error - 16.05.2013 05:59:24 | Computer Name = DIDI | Source = Print | ID = 23
Description = Der Drucker Microsoft Office Document Image Writer konnte nicht initialisiert
werden, da der Treiber Microsoft Office Document Image Writer Driver nicht gefunden
wurde.
Error - 16.05.2013 06:27:49 | Computer Name = DIDI | Source = Service Control Manager | ID = 7031
Description = Der Dienst "TeamViewer 8" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt:
Starten Sie den Dienst neu..
Error - 16.05.2013 06:27:56 | Computer Name = DIDI | Source = Service Control Manager | ID = 7031
Description = Der Dienst "TeamViewer 8" wurde unerwartet beendet. Dies ist bereits
2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt:
Starten Sie den Dienst neu..
Error - 16.05.2013 06:28:03 | Computer Name = DIDI | Source = Service Control Manager | ID = 7034
Description = Dienst "TeamViewer 8" wurde unerwartet beendet. Dies ist bereits 3
Mal passiert.
Error - 16.05.2013 10:27:46 | Computer Name = DIDI | Source = Print | ID = 23
Description = Der Drucker EPSON Stylus DX3800 Series konnte nicht initialisiert
werden, da der Treiber EPSON Stylus DX3800 Series nicht gefunden wurde.
Error - 16.05.2013 10:27:46 | Computer Name = DIDI | Source = Print | ID = 23
Description = Der Drucker Microsoft Office Document Image Writer konnte nicht initialisiert
werden, da der Treiber Microsoft Office Document Image Writer Driver nicht gefunden
wurde.
< End of report >
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.15.11
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Sebastian :: DIDI [administrator]
16.05.2013 01:04:12
mbar-log-2013-05-16 (01-04-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26526
Time elapsed: 47 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKLM\SOFTWARE\CLASSES\APPID\{36DBC179-A19F-48F2-B16A-6A3E19B42A87} (Trojan.BHO) -> Delete on reboot.
HKCU\SOFTWARE\Bifrost (Bifrose.Trace) -> Delete on reboot.
HKLM\SOFTWARE\Bifrost (Bifrose.Trace) -> Delete on reboot.
HKLM\SOFTWARE\NetPumper (Adware.NetPumper) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 4
c:\Dokumente und Einstellungen\Michael\Anwendungsdaten\NetPumper (Adware.NetPumper) -> Delete on reboot.
c:\Dokumente und Einstellungen\Pati\Anwendungsdaten\NetPumper (Adware.NetPumper) -> Delete on reboot.
c:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\NetPumper (Adware.NetPumper) -> Delete on reboot.
c:\WINDOWS\system32\Bifrost (Backdoor.Bifrose) -> Delete on reboot.
Files Detected: 8
c:\Dokumente und Einstellungen\Michael\Anwendungsdaten\addon.dat (Malware.Trace) -> Delete on reboot.
c:\Dokumente und Einstellungen\Pati\Anwendungsdaten\addon.dat (Malware.Trace) -> Delete on reboot.
c:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\addon.dat (Malware.Trace) -> Delete on reboot.
c:\Dokumente und Einstellungen\Michael\Favoriten\Online Security Test.url (Rogue.Link) -> Delete on reboot.
c:\WINDOWS\Jimmy Neutron 2.dat (Trojan.Agent) -> Delete on reboot.
c:\Dokumente und Einstellungen\Michael\Anwendungsdaten\NetPumper\Michael.1.ini (Adware.NetPumper) -> Delete on reboot.
c:\Dokumente und Einstellungen\Michael\Anwendungsdaten\NetPumper\Michael.ini (Adware.NetPumper) -> Delete on reboot.
c:\WINDOWS\system32\Bifrost\klog.dat (Backdoor.Bifrose) -> Delete on reboot.
(end)
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-16 20:45:29
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3120023A rev.3.30 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\pxtdapog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\windows\system32\DRIVERS\nv4_mini.sys section is writeable [0xB921A360, 0x24BBAD, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Programme\Mozilla Firefox\firefox.exe[1320] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 01539CF0 C:\Programme\Mozilla Firefox\xul.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[1320] kernel32.dll!lstrlenW + 43 7C809ADC 7 Bytes JMP 01AE542B C:\Programme\Mozilla Firefox\xul.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[1320] kernel32.dll!MapViewOfFileEx + 6A 7C80B990 7 Bytes JMP 01AE5408 C:\Programme\Mozilla Firefox\xul.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[1320] kernel32.dll!ValidateLocale + B1E8 7C8449F8 7 Bytes JMP 0154369E C:\Programme\Mozilla Firefox\xul.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[1320] GDI32.dll!SetDIBitsToDevice + 209 77EF9E04 7 Bytes JMP 01AE5389 C:\Programme\Mozilla Firefox\xul.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOCC06.00.00.01WSSV A2528261AB2A310DF22EF71EEF7E9D0641A89100DD1462BF4E7BB807C2246E0ABA8A66D494B94EB7AE786C53018E16CF4CC60AEA4971FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB34529DB7CE019D40AA5CA6A0AC4980AC7933B8ADED0AC24BCE167F9214AFC6A71AAA07BD0EF3ECB3E79B9800FC3DA8A373AB1B1550D84BDCF3EF8AD1B7981FACFDC0B0E5ED0C508EABACBFA3C53FA2809D872B67148B7D6AC182597DE3FE4197745928A6F5497139EB0C37A39AC12D7EF3A88DD3D47AF53C7AA289E44D61CDA1EC441D9198F0957EE3A4E3ED4BF5501C1FB1FE495C5F2521554C4919DDA3B90B4B74D4787D31582FC500BE39DAF06FD83FE7CB7EAC58506A7E9F5B6F330ECF94E80327F17E1B299D3552557B81ACBCB96535D66C79678F6D14DC17059ECAAD07112C80DAA9A14A234DED4971AA86BFC797A79550ACF3D00429ED6834A5E9C52B03CDE051C29E539A1ACDCF9B76BFD40FCF7214A960C7538B45DA4EA2025FDBD074EC5CB83F4DAC639B8CB1BEB77D2C207BE86F4068112DE5E2D45B3321808B4A8BB29B38C9CD9860C76D4CE175C9C810FD86D91BC5634578F0AD3893A48A436E66685C3AC126A6FB885411D1EA9202772CE99A09B3B35BADD3DB1F2FE01D439892806BEE37BDBF1EBA49079
Reg HKLM\SOFTWARE\Classes\CLSID\{3BA74ADF-B72F-FD75-92F5-8BF4FC3976BE}\InprocServer32@ C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{3BA74ADF-B72F-FD75-92F5-8BF4FC3976BE}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{3BA74ADF-B72F-FD75-92F5-8BF4FC3976BE}\ProgID@ AcroIEHelper.AcroIEHlprObj.1
Reg HKLM\SOFTWARE\Classes\CLSID\{3BA74ADF-B72F-FD75-92F5-8BF4FC3976BE}\Programmable@
Reg HKLM\SOFTWARE\Classes\CLSID\{3BA74ADF-B72F-FD75-92F5-8BF4FC3976BE}\TypeLib@ {5F226421-415D-408D-9A09-0DCD94E25B48}
Reg HKLM\SOFTWARE\Classes\CLSID\{3BA74ADF-B72F-FD75-92F5-8BF4FC3976BE}\VersionIndependentProgID@ AcroIEHelper.AcroIEHlprObj
Reg HKLM\SOFTWARE\Classes\CLSID\{7A8B53A6-D68D-DCF7-D8D5-793E4C78375F}\AVIFile@ 7
Reg HKLM\SOFTWARE\Classes\CLSID\{7A8B53A6-D68D-DCF7-D8D5-793E4C78375F}\InprocServer@ avifile.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{7A8B53A6-D68D-DCF7-D8D5-793E4C78375F}\InprocServer32@ avifil32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{7A8B53A6-D68D-DCF7-D8D5-793E4C78375F}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\DefaultIcon@ C:\WINDOWS\System32\nvshell.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\InprocServer32@ C:\WINDOWS\System32\nvshell.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\shellex\ContextMenuHandlers\{1E9B04FB-F9E5-4718-997B-B8DA88302A47}
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\shellex\DropHandler
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\shellex\DropHandler@ {1CDB2949-8F65-4355-8456-263E7C208A5D}
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\shellex\ExtShellFolderViews
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\shellex\ExtShellFolderViews\{8BEBB290-52D0-11d0-B7F4-00C04FD706EC}
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\shellex\ExtShellFolderViews\{8BEBB290-52D0-11d0-B7F4-00C04FD706EC}@Attributes 1610612736
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\shellex\ExtShellFolderViews\{8BEBB290-52D0-11d0-B7F4-00C04FD706EC}@ISV {8BEBB290-52D0-11d0-B7F4-00C04FD706EC}
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\ShellFolder@WantsFORPARSING
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1be6-7578-4531fa0fa39f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1be6-7578-4531fa0fa39f}\InprocServer32@Class 0x57 0x10 0x30 0x30 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1be6-7578-4531fa0fa39f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1be6-7578-4531fa0fa39f}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2933-ccd3-2c31fa0fa39f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2933-ccd3-2c31fa0fa39f}\InprocServer32@Class 0xFA 0x2F 0x1D 0xDF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2933-ccd3-2c31fa0fa39f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2933-ccd3-2c31fa0fa39f}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3133-bf54-0c81fa0fa39f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3133-bf54-0c81fa0fa39f}\InprocServer32@Class 0x7C 0xB4 0x65 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3133-bf54-0c81fa0fa39f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3133-bf54-0c81fa0fa39f}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-353a-1d1c-c0c1fa0fa39f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-353a-1d1c-c0c1fa0fa39f}\InprocServer32@Class 0x2A 0xCA 0x4A 0xEB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-353a-1d1c-c0c1fa0fa39f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-353a-1d1c-c0c1fa0fa39f}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-62f1-de3c-1758fa0fa39f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-62f1-de3c-1758fa0fa39f}\InprocServer32@Class 0x92 0xF7 0x24 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-62f1-de3c-1758fa0fa39f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-62f1-de3c-1758fa0fa39f}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-a0fa-8d58-3155fa0fa39f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-a0fa-8d58-3155fa0fa39f}\InprocServer32@Class 0x32 0x39 0xD5 0xAC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-a0fa-8d58-3155fa0fa39f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-a0fa-8d58-3155fa0fa39f}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-f550-c992-af71fa0fa39f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-f550-c992-af71fa0fa39f}\InprocServer32@Class 0xF5 0xEF 0x31 0xF4 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-f550-c992-af71fa0fa39f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-f550-c992-af71fa0fa39f}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C5593E1D-880D-37FC-1F20-F5B689B30C92}\InprocServer32@ C:\WINDOWS\System32\wbem\dsprov.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{C5593E1D-880D-37FC-1F20-F5B689B30C92}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\InprocServer32@ C:\PROGRA~1\EPSON\CREATI~1\Common\Module\EpInet.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\InprocServer32@ThreadingModel Free
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\ProgID@ EpInet.PxFile.1
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\TypeLib@ {254BE3F2-4B82-412C-B6AB-CC3BC551FBF4}
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\VersionIndependentProgID@ EpInet.PxFile
---- Files - GMER 2.1 ----
File C:\Programme\MSXML 4.0 0 bytes
 |
|
16.05.2013, 22:18
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ist mein PC noch verseucht oder bin ich clean? Hallo,
__________________Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Code:
ATTFilter c:\WINDOWS\system32\Bifrost\klog.dat (Backdoor.Bifrose) -> Delete on reboot.
 Lesestoff:Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
__________________ |
|
| Themen zu Ist mein PC noch verseucht oder bin ich clean? |
| adware.netpumper, backdoor.bifrose, bifrose.trace, bifrost, einstellungen, error, explorer, klog.dat, malware.trace, microsoft, mozilla, ntdll.dll, plug-in, realtek, registry, remote control, rogue.link, rundll, software, spyware, trojan.agent, trojan.bho, unerwarteter fehler, windows internet, xp-rechner |
Linear-Darstellung
