| |
| |||||||
Log-Analyse und Auswertung: System Care Antivirus - OTL log beigefügtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.05.2013, 19:14
| #31 |
 |  System Care Antivirus - OTL log beigefügt neues OTL-log: Code:
ATTFilter OTL logfile created on: 30.05.2013 19:43:41 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,48 Mb Total Physical Memory | 396,88 Mb Available Physical Memory | 38,78% Memory free 1,65 Gb Paging File | 1,02 Gb Available in Paging File | 61,42% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 208,45 Gb Total Space | 88,62 Gb Free Space | 42,51% Space Free | Partition Type: NTFS Drive D: | 24,42 Gb Total Space | 24,33 Gb Free Space | 99,61% Space Free | Partition Type: NTFS Drive M: | 2737,39 Gb Total Space | 2373,54 Gb Free Space | 86,71% Space Free | Partition Type: NTFS Computer Name: COMPUTER2 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia) PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia) PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation) PRC - C:\Programme\FileHippo.com\UpdateChecker.exe (FileHippo.com) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\UltraVNC\winvnc.exe (UltraVNC) PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe () PRC - C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) PRC - C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) PRC - C:\Programme\Calling-Us\bin\callrun.exe (media21.de) PRC - C:\Programme\Calling-Us\bin\callice.exe (media21.de) PRC - C:\Programme\Calling-Us\bin\callclient.exe (media21.de) PRC - C:\WINDOWS\system32\nisvcloc.exe (National Instruments Corp.) PRC - C:\Programme\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.) PRC - C:\WINDOWS\system32\lktsrv.exe (National Instruments, Inc.) PRC - C:\WINDOWS\system32\lkads.exe (National Instruments, Inc.) PRC - C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. ) PRC - C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc. ) ========== Modules (No Company Name) ========== MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll () MOD - C:\Programme\Minilyrics\MiniLyrics.dll () MOD - C:\Programme\Minilyrics\WmpLyrics.dll () MOD - C:\WINDOWS\system32\KSXPPI32.dll () MOD - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () MOD - C:\WINDOWS\system32\vpnapi.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Desktop Messenger\8876480\6.1.0.155-8876480L\Program\bwfiles.dll () MOD - C:\Programme\Desktop Messenger\8876480\6.1.0.155-8876480L\Program\clntutil.dll () MOD - C:\Programme\Desktop Messenger\8876480\Program\BWfiles-8876480.dll () MOD - C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe () MOD - C:\Programme\Desktop Messenger\8876480\Program\SyncExt.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\AC3Filter\ac3filter.ax () MOD - C:\Programme\WS_FTP Pro\nsftpch.dll () MOD - C:\Programme\WS_FTP Pro\wsftplib.dll () MOD - C:\Programme\WS_FTP Pro\wshosts.dll () MOD - C:\Programme\WS_FTP Pro\libeay32.dll () MOD - C:\Programme\WS_FTP Pro\ssleay32.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies) SRV - (m21callrunsrv) -- C:\Programme\Calling-Us\bin\callice.exe (media21.de) SRV - (niSvcLoc) -- C:\WINDOWS\system32\nisvcloc.exe (National Instruments Corp.) SRV - (NIDomainService) -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.) SRV - (lkTimeSync) -- C:\WINDOWS\system32\lktsrv.exe (National Instruments, Inc.) SRV - (lkClassAds) -- C:\WINDOWS\system32\lkads.exe (National Instruments, Inc.) SRV - (NILM License Manager) -- C:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation) SRV - (LkCitadelServer) -- C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf_x86.sys (Secunia) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdbus) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (flashusb) -- C:\WINDOWS\system32\drivers\flashusb.sys (Danish Wireless Design A/S) DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (ksaud) -- C:\WINDOWS\system32\drivers\ksaud.sys (Creative Technology Ltd.) DRV - (ksaudfl) -- C:\WINDOWS\system32\drivers\ksaudfl.sys (Creative) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (cvintdrv) -- C:\WINDOWS\System32\drivers\cvintdrv.sys () DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (nvnforce) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation) DRV - (nvax) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation) DRV - (PhTVTune) -- C:\WINDOWS\system32\drivers\PhTVTune.sys (Philips Semiconductors) DRV - (Cap7134) -- C:\WINDOWS\system32\drivers\Cap7134.sys (Philips Semiconductors) DRV - (vobiw) -- C:\WINDOWS\System32\drivers\vobIW.sys (VOB Computersysteme GmbH) DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation) DRV - (cdrdrv) -- C:\WINDOWS\System32\drivers\Cdrdrv.sys (VOB Computersysteme GmbH) DRV - (ElgTaDrv) -- C:\WINDOWS\system32\drivers\ElgTaDrv.sys (elmeg Kommunikationstechnik) DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems) DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.sys (Logitech) DRV - (l8042pr2) -- C:\WINDOWS\system32\drivers\L8042Pr2.sys (Logitech) DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS (Logitech) DRV - (LKbdFlt2) -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys (Logitech) DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech Inc. ) DRV - (vobcom) -- C:\WINDOWS\System32\drivers\vobcom.sys (VOB Computersysteme GmbH) DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM GmbH) DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-606747145-583907252-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://192.168.0.1/ IE - HKU\S-1-5-21-606747145-583907252-682003330-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-606747145-583907252-682003330-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-606747145-583907252-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.05.24 17:44:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.05.27 22:23:30 | 000,000,000 | ---D | M] [2008.08.27 19:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.12.10 10:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\2usf7nlo.default\extensions [2013.03.01 21:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions [2011.11.24 23:44:12 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} [2008.08.27 22:00:29 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E} [2008.12.08 16:31:03 | 000,000,000 | ---D | M] (Firefox 2, the theme, reloaded) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13} [2009.10.27 23:34:40 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0} [2011.11.24 23:44:11 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.11.24 23:45:55 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\foxyproxy@eric.h.jung [2009.05.14 16:07:33 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\moveplayer@movenetworks.com [2013.03.01 21:43:24 | 000,185,839 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\stealthyextension@gmail.com.xpi [2011.11.24 23:44:11 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2011.11.24 23:44:31 | 000,627,675 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2008.08.27 22:00:29 | 000,672,102 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\tmp-2.xpi [2013.05.27 22:26:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.24 17:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.24 17:56:52 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2006.01.23 10:32:04 | 000,020,992 | ---- | M] (National Instruments) -- C:\Programme\mozilla firefox\plugins\NPLV80Win32.dll [2007.02.08 10:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Programme\mozilla firefox\plugins\NPLV82Win32.dll O1 HOSTS File: ([2013.05.24 20:19:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Creative KSRun Persistence Module] C:\WINDOWS\System32\KSRun.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [EM_EXEC] C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. ) O4 - HKLM..\Run: [Module Loader] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation) O4 - HKLM..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc. ) O4 - HKU\S-1-5-21-606747145-583907252-682003330-1005..\Run: [FileHippo.com] C:\Programme\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKU\S-1-5-21-606747145-583907252-682003330-1005..\Run: [LDM] C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraVNC Server.lnk = C:\Programme\UltraVNC\winvnc.exe (UltraVNC) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Calling-Us Client.lnk = C:\Programme\Calling-Us\bin\callclient.exe (media21.de) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Kassel.LNK = C:\Programme\Cisco Systems\VPN Client\ipsecdialer.exe (Cisco Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-606747145-583907252-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369405616843 (MUWebControl Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB7BC0B5-F68A-42D0-9A2F-71AAEC405E93}: NameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.03.05 18:41:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\Shell - "" = AutoRun O33 - MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\Shell\AutoRun\command - "" = I:\DTVP_Launcher.exe O33 - MountPoints2\{8e4fd8c5-cb63-11dd-80e0-00e018c0dee3}\Shell\AutoRun\command - "" = I:\Menu.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.30 18:29:23 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe [2013.05.30 17:52:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro [2013.05.30 17:29:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Sun [2013.05.30 11:22:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WinZip Courier [2013.05.29 09:25:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZipEC [2013.05.29 09:25:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\assembly [2013.05.29 09:24:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WinZip [2013.05.28 20:33:59 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2013.05.28 20:33:45 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013.05.28 20:33:44 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.05.28 20:33:37 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.05.28 20:33:37 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.05.28 20:33:37 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.05.27 22:56:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2013.05.27 22:14:32 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.05.27 22:14:32 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.05.26 14:47:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira [2013.05.26 14:06:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2013.05.26 14:04:13 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2013.05.26 14:03:51 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2013.05.26 14:03:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.05.26 14:01:36 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2013.05.26 13:59:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Apple Computer [2013.05.25 18:41:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2013.05.25 18:40:53 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2013.05.25 18:40:47 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013.05.25 18:40:47 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013.05.25 18:40:47 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2013.05.25 18:40:26 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2013.05.25 18:40:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2013.05.24 20:27:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.05.24 20:02:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.05.24 20:02:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.05.24 20:02:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.05.24 20:02:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.05.24 20:01:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.24 20:01:46 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos [2013.05.24 20:01:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.05.24 18:00:04 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll [2013.05.24 17:43:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime [2013.05.24 17:41:40 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2013.05.24 17:30:01 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2013.05.24 17:02:20 | 000,000,000 | ---D | C] -- C:\Programme\Wireshark [2013.05.24 16:49:15 | 000,000,000 | ---D | C] -- C:\Programme\FileHippo.com [2013.05.24 16:48:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Secunia PSI [2013.05.24 16:48:14 | 000,000,000 | ---D | C] -- C:\Programme\Secunia [2013.05.24 16:44:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage [2013.05.23 22:35:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.05.20 22:48:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2013.05.20 22:47:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.05.20 22:47:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.05.20 22:47:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.05.20 22:47:02 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.05.20 19:41:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2013.05.20 18:25:20 | 000,000,000 | ---D | C] -- C:\_OTL [2013.05.01 03:59:12 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2013.05.01 03:59:12 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts ========== Files - Modified Within 30 Days ========== [2013.05.30 19:34:36 | 000,000,037 | ---- | M] () -- C:\WINDOWS\iTouch.ini [2013.05.30 19:32:17 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.05.30 18:35:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.30 18:29:23 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe [2013.05.30 12:47:22 | 000,022,526 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\fehler.JPG [2013.05.30 11:25:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.30 11:20:41 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft Office Outlook 2003.lnk [2013.05.29 09:34:18 | 000,001,558 | ---- | M] () -- C:\WINDOWS\XI420Ke.INI [2013.05.28 20:32:53 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.05.28 20:32:42 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll [2013.05.28 20:32:42 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013.05.28 20:32:42 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.05.28 20:32:42 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.05.28 20:32:42 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.05.28 20:32:42 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013.05.27 22:41:23 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2013.05.27 22:38:49 | 000,196,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.27 22:14:32 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.05.27 22:14:32 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.05.25 17:49:44 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013.05.25 17:49:44 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013.05.25 17:49:44 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2013.05.25 17:49:44 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2013.05.24 20:19:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.05.24 17:30:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.05.24 16:48:20 | 000,000,725 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk [2013.05.21 21:43:08 | 000,002,409 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\VPN Client.lnk [2013.05.17 21:49:16 | 000,463,954 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.17 21:49:16 | 000,445,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.17 21:49:16 | 000,072,984 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.17 21:49:15 | 000,086,674 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.17 21:46:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.05.11 13:26:40 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft Office Excel 2003.lnk [2013.05.11 13:25:26 | 000,001,820 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Default.rdp [2013.05.07 06:27:17 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2013.05.04 13:18:59 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft Office Word 2003.lnk [2013.05.01 03:59:12 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2013.05.01 03:59:12 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts ========== Files Created - No Company Name ========== [2013.05.30 12:47:21 | 000,022,526 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\fehler.JPG [2013.05.27 22:23:30 | 000,002,299 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk [2013.05.27 22:14:34 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.05.24 20:02:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.05.24 20:02:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.05.24 20:02:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.05.24 20:02:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.05.24 20:02:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.05.24 17:30:05 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.05.24 17:03:24 | 000,001,471 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Wireshark.lnk [2013.05.24 16:49:28 | 000,001,602 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Update Checker.lnk [2013.05.24 16:48:20 | 000,000,725 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk [2013.05.24 16:48:20 | 000,000,688 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Secunia PSI.lnk [2013.05.20 20:29:50 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraVNC Server.lnk [2012.02.06 00:11:54 | 000,029,518 | R--- | C] () -- C:\WINDOWS\System32\ksaud.ini [2012.02.06 00:11:35 | 000,190,976 | R--- | C] () -- C:\WINDOWS\System32\KSXPPI32.dll [2012.02.06 00:11:35 | 000,033,120 | R--- | C] () -- C:\WINDOWS\System32\kschimp.ini [2012.02.06 00:11:35 | 000,000,029 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2012.01.09 21:01:20 | 000,010,599 | ---- | C] () -- C:\Dokumente und Einstellungen\***\solar_elster_2048.pfx [2011.12.23 11:30:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011.10.10 21:30:51 | 000,000,001 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.SIG_PINSTATUS_VOREINSTELLUNG [2011.10.10 21:30:51 | 000,000,001 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.SIG_DIALOG_VOREINSTELLUNG [2011.03.26 14:21:30 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\winscp.rnd [2010.12.05 17:51:32 | 000,000,640 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene DateienCH 37_12_5_16_51.PLT [2010.12.05 17:51:27 | 002,181,120 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene DateienCH 37_12_5_16_51.0000.mpg [2009.12.20 01:26:32 | 524,681,216 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene DateienCH 37_12_19_23_27.0003.mpg [2009.12.20 01:07:00 | 629,297,152 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene DateienCH 37_12_19_23_27.0002.mpg [2009.12.20 00:47:27 | 629,475,328 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene DateienCH 37_12_19_23_27.0001.mpg [2009.12.20 00:27:55 | 629,454,848 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene DateienCH 37_12_19_23_27.0000.mpg [2008.10.22 09:11:17 | 000,010,231 | ---- | C] () -- C:\Dokumente und Einstellungen\***\******_***m_elster_2048.pfx [2008.05.07 23:52:09 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.03.11 22:37:23 | 000,000,000 | ---- | C] () -- C:\Programme\error.dat [2008.03.06 00:59:11 | 000,092,160 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2008.04.11 16:00:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.05.26 14:06:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2009.05.13 10:24:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2011.04.29 20:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2011.05.08 14:21:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2008.06.16 23:44:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2013.05.30 18:29:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro [2010.02.04 20:32:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir [2008.08.01 11:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\National Instruments [2012.02.05 15:49:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Native Instruments [2011.12.04 12:37:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2008.03.30 18:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2009.03.30 00:51:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STAMPIT [2013.05.27 22:57:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2013.05.29 09:25:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZipEC [2012.10.19 18:34:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Calling-Us [2008.12.30 15:37:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Calling-Us [2013.03.09 14:54:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\BOM [2010.01.18 22:04:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CadSoft [2009.01.14 14:05:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Calling-Us [2009.06.24 21:57:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ComCenter [2009.01.21 21:43:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DeepBurner [2012.02.08 19:28:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\e-academy Inc [2011.12.05 19:07:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FileZilla [2008.07.02 09:01:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ [2008.09.27 12:31:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite [2011.12.01 12:59:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\LEGO Company [2011.04.26 19:37:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mabii [2009.01.23 18:15:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mathsoft [2008.07.31 11:11:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\National Instruments [2011.04.27 09:49:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Poqaja [2009.08.28 11:05:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PV Design Tool [2011.07.30 15:37:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\R-TT [2008.08.12 20:30:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Radmin [2011.12.03 23:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Samsung [2009.06.01 14:12:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScanSoft [2009.01.11 22:38:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teledat [2008.06.05 15:12:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\uTorrent [2008.12.04 19:10:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Wireshark [2008.12.25 19:06:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Calling-Us ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.05.2013 19:43:41 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,48 Mb Total Physical Memory | 396,88 Mb Available Physical Memory | 38,78% Memory free
1,65 Gb Paging File | 1,02 Gb Available in Paging File | 61,42% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 208,45 Gb Total Space | 88,62 Gb Free Space | 42,51% Space Free | Partition Type: NTFS
Drive D: | 24,42 Gb Total Space | 24,33 Gb Free Space | 99,61% Space Free | Partition Type: NTFS
Drive M: | 2737,39 Gb Total Space | 2373,54 Gb Free Space | 86,71% Space Free | Partition Type: NTFS
Computer Name: COMPUTER2 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-606747145-583907252-682003330-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:backWeb-8876480 -- ()
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE" = C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word -- (Microsoft Corporation)
"C:\Programme\WS_FTP Pro\wsftppro.exe" = C:\Programme\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Programme\Calling-Us\bin\callclient.exe" = C:\Programme\Calling-Us\bin\callclient.exe:*:Enabled:callclient -- (media21.de)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Programme\Windows Media Player\wmplayer.exe" = C:\Programme\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Programme\Synology\Assistant\DSAssistant.exe" = C:\Programme\Synology\Assistant\DSAssistant.exe:*:Enabled:DSAssistant -- ()
"C:\Programme\Cisco Systems\VPN Client\vpngui.exe" = C:\Programme\Cisco Systems\VPN Client\vpngui.exe:*:Enabled:vpngui.exe -- (Cisco Systems, Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\UltraVNC\winvnc.exe" = C:\Programme\UltraVNC\winvnc.exe:*:Enabled:VNC server for Win32 -- (UltraVNC)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICQM\icq.exe" = C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICQM\icq.exe:*:Enabled:ICQ
"C:\Programme\UltraVNC\vncviewer.exe" = C:\Programme\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0087583F-1ED8-4A92-88A4-D49DCD56FC6B}" = NI Circuit Design Suite 10 Core
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{047DB692-BBD4-4768-91CC-ABD418B494B8}" = NI USI 1.4.1
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}" = Sound Blaster X-Fi Surround 5.1
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14 Help
"{25F138F7-89D9-4836-A9F5-642DEA06564C}" = NI LabWindows/CVI 8.1 Run-Time Engine
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{414C1019-21ED-479A-A2F0-1F2383674BD1}" = Brother DCP-7025
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{5535426F-E814-4B34-9B36-726E9DBEB7A7}" = NI Logos 4.7
"{57700DD3-0C10-4CE6-95BA-630284EE2CB1}" = NI License Manager
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.42 .1
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63CFD835-FF50-4F8B-91CD-5662A8C640F8}" = Photo Transport
"{63E921D9-799A-44F9-A742-DE3DC968AFEF}" = Microsoft .NET Framework SDK (German) 1.1
"{682ABE6A-2CCE-4C6C-AA82-0FE5AB8033F3}" = Sunny Design
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D2737AE-8898-4BE1-AE46-555B7DB540A8}" = NI MDF Support
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{6FADAF5C-C9AC-49E5-8B14-7021F91EF0B5}" = NI LabVIEW Run-Time Engine 8.0.1
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{78231F18-FD98-4B03-A932-DE9329594D08}" = NI TDMS
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7998C54B-5D31-48A6-93D1-72C73FFFC043}" = NI Circuit Design Suite Support and Upgrade Utility
"{7A2FD295-38D2-4AAF-BF41-2C95EBB96126}" = Moorhuhn Kart 2 XXL
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8c166c68-277c-41dd-890e-317b12fff7cf}.sdb" = Calling-Us Compatibility System
"{8EAC192B-1E5B-4276-A2D8-59A303ECD2DE}" = Visual J# .NET Redistributable 1.1- German Language Pack
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{927AE974-7B5B-463B-A672-D3B048664D6B}" = T-Concept XI420
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{946BA398-5A53-454E-8D39-1C02959C1727}" = AAVUpdateManager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BFAA820A-C7D8-42AE-A3BA-CE118F3F0802}" = NI Service Locator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE0FCA1-4E95-11D4-9875-00105ACE7734}" = Logitech-Handbuch
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}" = WinZip 17.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D6FAEBB1-90E0-4CF8-9A41-9087E6789D11}" = NI EULA Depot
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DD541310-3901-404D-8ADF-E15A92AF5DA5}" = NI Circuit Design Suite 10 Pro
"{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}" = Mathcad 14
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8991297-B702-44AA-ABAA-02C12045D8E9}" = NI Uninstaller
"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14 Resource Center
"{F0BA5720-E189-11D4-9EA1-0050BAE317E1}" = PowerVCR II
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"BAHN384r3a_is1" = BAHN 3.84r3a
"Biet-O-Matic v2.12.7" = Biet-O-Matic v2.12.7
"Bridge Builder" = Bridge Builder
"Bridge Construction Set Demo" = Bridge Construction Set Demo
"Calling-Us" = Calling-Us MAX 2007 (Rev. 2)
"CCleaner" = CCleaner (remove only)
"Cool Edit 2000" = Cool Edit 2000
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Electronics_Workbench_V5" = Electronics Workbench V5.12
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileHippo.com" = FileHippo.com Update Checker
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download version 2.10.28
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"InstantCD/DVD" = InstantCD/DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiniLyrics" = Minilyrics(remove only)
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"New LEGO Digital Designer" = LEGO Digital Designer
"NI Uninstaller" = National Instruments-Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Phoner_is1" = Phoner 2.26
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"PV Design Tool 1.0.3.9" = PV Design Tool 1.0.3.9 1.0.3.9
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"R-Studio 5.4NSIS" = R-Studio 5.4
"Schnaeppchen-Tool.de" = Schnaeppchen-Tool.de
"Secunia PSI" = Secunia PSI (3.0.0.7009)
"Sunny Design DE" = Sunny Design DE
"Sunny Design Update 1.48.0" = Sunny Design Update 1.48.0
"Sunny Design Update 1.49.0" = Sunny Design Update 1.49.0
"Synology Assistant" = Synology Assistant (remove only)
"SysInfo" = Creative Systeminformationen
"Train Simulator 1.0" = Microsoft Train Simulator
"Tunatic" = Tunatic
"Ultravnc2_is1" = UltraVNC 1.0.9.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"UnrealTournament" = Unreal Tournament
"VLC media player" = VLC media player 2.0.6
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"Wireshark" = Wireshark 1.6.15 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zusi - Der Zugsimulator DEMO_is1" = Zusi 2.3 DEMO
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-606747145-583907252-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dr. DivX 2.0 OSS" = Dr. DivX 2.0 OSS
"e0c143f1d5b5e1b8" = RapidShare Manager
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.05.2013 12:31:56 | Computer Name = COMPUTER2 | Source = Avira AntiVir | ID = 4122
Description =
Error - 24.05.2013 15:06:41 | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung psi.exe, Version 3.0.0.7009, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 25.05.2013 06:19:19 | Computer Name = COMPUTER2 | Source = COM+ | ID = 135763
Description = Transaktionen, die zur Unterstützung von Transaktionskomponenten erforderlich
sind, konnten von der Laufzeitumgebung nicht initialisiert werden. Stellen Sie
sicher, dass MS DTC ausgeführt wird.(DtcGetTransactionManagerEx(): hr = 0x8004d01
Error - 25.05.2013 10:40:37 | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 21.0.0.4879, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 26.05.2013 07:58:17 | Computer Name = COMPUTER2 | Source = MsiInstaller | ID = 10005
Description = Produkt: Apple Application Support -- Es ist bereits eine neuere Version
von auf diesem Computer installiert.
Error - 27.05.2013 16:33:14 | Computer Name = COMPUTER2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 msi1e5.tmp, P2 1.0.0.0, P3 513eda28, P4 mscorlib,
P5 2.0.0.0, P6 5040540e, P7 3451, P8 119, P9 system.io.directorynotfound, P10 NIL.
Error - 27.05.2013 16:33:56 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung qtraxinstaller.exe, Version 0.0.0.0, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.6293, Fehleradresse 0x00012fd3.
Error - 29.05.2013 03:25:10 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung smapp.exe, Version 2.2.0.24, fehlgeschlagenes
Modul smanager.dll, Version 2.2.0.24, Fehleradresse 0x0000239e.
Error - 29.05.2013 03:27:03 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung smapp.exe, Version 2.2.0.24, fehlgeschlagenes
Modul smanager.dll, Version 2.2.0.24, Fehleradresse 0x0000239e.
Error - 29.05.2013 03:29:42 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung smapp.exe, Version 2.2.0.24, fehlgeschlagenes
Modul smanager.dll, Version 2.2.0.24, Fehleradresse 0x0000239e.
[ System Events ]
Error - 30.05.2013 12:01:49 | Computer Name = COMPUTER2 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 30.05.2013 12:06:41 | Computer Name = COMPUTER2 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 30.05.2013 12:06:41 | Computer Name = COMPUTER2 | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 30.05.2013 12:38:50 | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
Error - 30.05.2013 12:38:50 | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 30.05.2013 12:39:19 | Computer Name = COMPUTER2 | Source = Srv | ID = 2000
Description = Der Aufruf eines Systemdienstes durch den Serverdienst ist unerwartet
fehlgeschlagen.
Error - 30.05.2013 12:39:19 | Computer Name = COMPUTER2 | Source = Srv | ID = 2000
Description = Der Aufruf eines Systemdienstes durch den Serverdienst ist unerwartet
fehlgeschlagen.
Error - 30.05.2013 12:39:25 | Computer Name = COMPUTER2 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "iPod
Service" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
Error - 30.05.2013 12:39:25 | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst iPod-Dienst.
Error - 30.05.2013 12:39:25 | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
< End of report >
|
|
30.05.2013, 20:23
| #32 |
| /// Malware-holic   | System Care Antivirus - OTL log beigefügt Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O33 - MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\Shell - "" = AutoRun
O33 - MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\Shell\AutoRun\command - "" = I:\DTVP_Launcher.exe
O33 - MountPoints2\{8e4fd8c5-cb63-11dd-80e0-00e018c0dee3}\Shell\AutoRun\command - "" = I:\Menu.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
:files
:Commands
[emptytemp]
bitte teste, ob es im Firefox, internet explorer, und sonstigen evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt. Teste wie pc und programme allgemein laufen.
__________________ |
|
30.05.2013, 21:06
| #33 | |
| | System Care Antivirus - OTL log beigefügt Hab ich gemacht.
__________________Das sieht mir nach dem Kingston-USB Stick aus, der beim Einstecken diesen "Launcher" öffnet. Zitat:
Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85bbc178-c322-11e0-87ed-00e018c0dee3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85bbc178-c322-11e0-87ed-00e018c0dee3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85bbc178-c322-11e0-87ed-00e018c0dee3}\ not found.
File I:\DTVP_Launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e4fd8c5-cb63-11dd-80e0-00e018c0dee3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e4fd8c5-cb63-11dd-80e0-00e018c0dee3}\ not found.
File I:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\LaunchU3.exe -a not found.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 4742716 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82322 bytes
User: ***
->Temp folder emptied: 98956641 bytes
->Temporary Internet Files folder emptied: 18485286 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 2255 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 181410 bytes
Total Files Cleaned = 117,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05302013_213609
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Ich achte immer drauf, dass ich nie eine Toolbar mitinstalliere. Es ist auch keine Vorhanden. Auch sonst sind mir beim Browser keine Ungereimtheiten aufgefallen. Mir fällt allerdings auf, dass der Rechner relativ langsam war und seit den ganzen Bereinigungen schon merklich träger ist (Prozessorlast ist dauernd hoch). Das Windows-logo beim Booten bleibt auch länger stehen als vorher. |
|
30.05.2013, 21:09
| #34 |
| /// Malware-holic | System Care Antivirus - OTL log beigefügt Hi, dann lass die o33 einträge. kannst du mal Malwarebytes eddestalieren? gibts ne Besserung?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.05.2013, 21:44
| #35 |
| | System Care Antivirus - OTL log beigefügt leider immer noch langsam |
|
30.05.2013, 21:58
| #36 |
| /// Malware-holic | System Care Antivirus - OTL log beigefügt öffne mal ccleaner, extras, autostartliste, windows, als text speichern und posten
__________________ --> System Care Antivirus - OTL log beigefügt |
|
30.05.2013, 22:23
| #37 |
| | System Care Antivirus - OTL log beigefügt Finde da keine Exportmöglichkeit. :-( Stehen aber ein paar Einträge von Adobe, Quicktime, Realtime, Java, itunes auf aktiviert. Itunes benutze ich nicht, die Pfade von Adobe, Java und Real sind alt. |
|
30.05.2013, 22:24
| #38 |
| /// Malware-holic | System Care Antivirus - OTL log beigefügt da gibts n schalter, als textdatei speichernb
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.05.2013, 22:56
| #39 |
| | System Care Antivirus - OTL log beigefügt Der war nicht da der Schalter. Secunia PSI war der Meinung CCleaner 2.x ist aktuell. Hab dann mal manuell gesucht. Und siehe da. In der 4er Version gibts auch den Button. Code:
ATTFilter Ja Startup User Kassel.LNK Cisco Systems, Inc. C:\Programme\Cisco Systems\VPN Client\ipsecdialer.exe
Ja Startup User Calling-Us Client.lnk media21.de C:\Programme\Calling-Us\bin\callclient.exe
Ja Startup Common UltraVNC Server.lnk UltraVNC C:\Programme\UltraVNC\winvnc.exe
Ja Startup Common Secunia PSI Tray.lnk Secunia C:\Programme\Secunia\PSI\psi_tray.exe
Ja HKLM:Run zBrowser Launcher Logitech Inc. C:\Programme\Logitech\iTouch\iTouch.exe
Ja HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
Ja HKLM:Run realsched RealNetworks, Inc. "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
Ja HKLM:Run QuickTime Task Apple Inc. "C:\Programme\QuickTime\QTTask.exe" -atboottime
Ja HKLM:Run PrnStatusMX Marvell Semiconductor, Inc. C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
Ja HKLM:Run Module Loader Creative Technology Ltd. C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun
Ja HKLM:Run iTunesHelper Apple Inc. "C:\Programme\iTunes\iTunesHelper.exe"
Ja HKLM:Run EM_EXEC Logitech Inc. C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
Ja HKLM:Run Creative KSRun Persistence Module RunDll32 KSRun.dll,RunDLLEntry
Ja HKLM:Run avgnt Avira Operations GmbH & Co. KG "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
Ja HKLM:Run APSDaemon Apple Inc. "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
Ja HKLM:Run Adobe Reader Speed Launcher "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Ja HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
Ja HKCU:Run LDM C:\Programme\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
Ja HKCU:Run FileHippo.com FileHippo.com "C:\Programme\FileHippo.com\UpdateChecker.exe" /background
Ja HKCU:Run ctfmon.exe Microsoft Corporation C:\WINDOWS\system32\ctfmon.exe
Nein HKLM:Run VolPanlu Creative Technology Ltd "C:\Programme\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r
Nein HKLM:Run SSBkgdupdate Scansoft, Inc. "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
Nein HKLM:Run RemoteAgent Cyberlink Corp. C:\Programme\CyberLink\PowerVCRII\RemoteAgent.exe
Nein HKLM:Run pptd40nt ScanSoft, Inc. C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
Nein HKLM:Run PDFPrint "C:\Programme\pdf24\PDFBackend.exe"
Nein HKLM:Run IW Controlcenter VOB Computersysteme GmbH C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
Nein HKLM:Run IndexSearch ScanSoft, Inc. C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
Nein HKLM:Run ICQLite "C:\Programme\ICQLite\ICQLite.exe" -minimize
Nein HKLM:Run DivXUpdate "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
Nein HKLM:Run CTAPR2 Creative Technology Ltd "C:\Programme\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\CTAPR2.exe" /r
Nein HKLM:Run carpserv Conexant Systems carpserv.exe
Nein HKLM:Run BrStDvPt Brother Industories, Ltd. C:\Programme\Brother\Brmfl04g\BrStDvPt.exe
Nein HKLM:Run brctrcen Brother Industries, Ltd. C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
Nein HKLM:Run backWeb-8876480 C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe
Nein HKLM:Run Agent CyberLink C:\Programme\CyberLink\PowerVCRII\Agent.exe
Nein HKCU:Run msmsgs Microsoft Corporation "C:\Programme\Messenger\msmsgs.exe" /background
Nein HKCU:Run icq C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICQM\icq.exe -CU
|
|
31.05.2013, 11:01
| #40 |
| /// Malware-holic | System Care Antivirus - OTL log beigefügt bUnter startup, würd ich alles deaktivieren außer: Common Secunia ansonsten alles außer: avgnt FileHippo Wenn was fehlt, kann mans reaktivieren, dann mal 2 neustarts machen und gucken wies läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu System Care Antivirus - OTL log beigefügt |
| ad-aware, antivir, antivirus, avira, bho, browser, canon, desktop, error, firefox, flash player, format, ftp, google, hijack, hijackthis, home, logfile, mozilla, national, object, plug-in, recuva, registry, rundll, scan, security, software, synology, system, system care, windows internet |
Textbox. 
Linear-Darstellung
