| |
| |||||||
Log-Analyse und Auswertung: Wie bekomme ich "dirtydecrypt.exe" wieder los?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.07.2013, 07:21
| #1 |
| |  Wie bekomme ich "dirtydecrypt.exe" wieder los? Hallo, ich habe mir den "dirtydecrypt.exe" Trojaner eingefangen. Wenn ich z. B. eine gespeicherte Word-Datei öffne, erhalte ich folgende Meldung: File is encrypted This file can be decrypted using the program DirtyDecrypt.exe Press CTRL+ALT+D to run DirtyDecrypt.exe If DirtyDecrypt.exe not opened сheck the paths: C:\Program Files (x86)\Dirty\DirtyDecrypt.exe C:\Program Files\Dirty\DirtyDecrypt.exe C:\Users\[YOUR USER]\AppData\Roaming\Dirty\DirtyDecrypt.exe C:\Documents and Settings\[YOUR USER]\Application Data\Dirty\DirtyDecrypt.exe C:\Documents and Settings\[YOUR USER]\Local Settings\Application Data\Dirty\DirtyDecrypt.exe Ich habe bereits mit dem OTL Tool folgende Files erstellt: OTL Datei:OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.07.2013 17:56:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Champ\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 894,48 Mb Total Physical Memory | 345,73 Mb Available Physical Memory | 38,65% Memory free 2,12 Gb Paging File | 1,47 Gb Available in Paging File | 69,48% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 279,46 Gb Total Space | 208,97 Gb Free Space | 74,78% Space Free | Partition Type: NTFS Computer Name: XXXXXX| User Name: XXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Champ\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\apps\CCF_Reputation\fsorsp.exe (F-Secure Corporation) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation) PRC - C:\Programme\F-Secure\fshoster32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation) PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\WINDOWS\system32\slserv.exe (Smart Link) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\NewSoft\Smart Start UP\PnPDetect.exe (NewSoft Technology Corporation) PRC - C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe (AOL LLC) PRC - C:\Programme\Gemeinsame Dateien\aol\1194104839\ee\aolsoftware.exe (America Online, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\agent.exe (InstallShield Software Corporation) PRC - C:\Programme\FreePDF\FreePDFA.exe (shbox) PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.) PRC - C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\F-Secure\apps\ComputerSecurity\Spam Control\fsas.dll () MOD - C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll () MOD - C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fm4av.dll () MOD - \\?\c:\programme\f-secure\apps\computersecurity\hips\fsumi.dll () MOD - C:\WINDOWS\WinSxS\x86_F-Secure.Qt462_2e112a926211c0a3_4.6.482.65_x-ww_a8ee95a1\QtMultimediaKit1.dll () MOD - C:\Programme\F-Secure\daas2.dll () MOD - C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\strres.eng () MOD - C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng () MOD - C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fsavhres.eng () MOD - C:\WINDOWS\system32\mpg2splt.ax () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\Sonic\Media Suite\RecordNow! Plus\shlext.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\u32Spy.dll () ========== Services (SafeList) ========== SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (FSORSPClient) -- C:\Programme\F-Secure\apps\CCF_Reputation\fsorsp.exe (F-Secure Corporation) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (fshoster) -- C:\Programme\F-Secure\fshoster32.exe (F-Secure Corporation) SRV - (FSMA) -- C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link) SRV - (AOL ACS) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe (AOL LLC) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (PsShutdownSvc) -- C:\WINDOWS\system32\PSSDNSVC.EXE (Systems Internals) SRV - (WmcCds) -- c:\Programme\Windows Media Connect\mswmccds.exe (Microsoft Corporation) SRV - (WmcCdsLs) -- C:\Programme\Windows Media Connect\mswmcls.exe (Microsoft Corporation) SRV - (WANMiniportService) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (InCDRm) -- system32\drivers\InCDRm.sys File not found DRV - (InCDPass) -- system32\drivers\InCDPass.sys File not found DRV - (InCDFs) -- system32\drivers\InCDFs.sys File not found DRV - (Changer) -- File not found DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys () DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys (F-Secure Corporation) DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (fsni) -- C:\Programme\F-Secure\apps\CCF_Scanning\fsnixp32.sys (F-Secure Corporation) DRV - (fsnitdi) -- C:\Programme\F-Secure\apps\CCF_Scanning\fsnitdi32.sys (F-Secure Corporation) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin) DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG) DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link) DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link) DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link) DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link) DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link) DRV - (RecAgent) -- C:\WINDOWS\system32\drivers\RecAgent.sys (Smart Link) DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link) DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation ) DRV - (Cinemsup) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions) DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {4DC00217-5676-4C15-9BAA-F7F3758A39A3} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{4DC00217-5676-4C15-9BAA-F7F3758A39A3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yakumo.de IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yakumo.de IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yakumo.de IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yakumo.de IE - HKU\S-1-5-21-2384998777-4088281372-565200509-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.com/ IE - HKU\S-1-5-21-2384998777-4088281372-565200509-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2384998777-4088281372-565200509-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2384998777-4088281372-565200509-1006\..\SearchScopes\{4DC00217-5676-4C15-9BAA-F7F3758A39A3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2384998777-4088281372-565200509-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_deDE359 IE - HKU\S-1-5-21-2384998777-4088281372-565200509-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.05.09 14:28:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.06.30 09:47:40 | 000,000,000 | ---D | M] [2009.09.12 16:34:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Champ\Anwendungsdaten\Mozilla\Extensions [2012.11.01 10:02:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Champ\Anwendungsdaten\Mozilla\Firefox\Profiles\8ovd1kw1.default\extensions [2010.01.20 18:35:49 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Dokumente und Einstellungen\Champ\Anwendungsdaten\Mozilla\Firefox\Profiles\8ovd1kw1.default\extensions\firefox@tvunetworks.com [2013.05.09 14:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.09 14:28:58 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2013.05.09 14:28:47 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.05.09 14:28:47 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.05.09 14:28:47 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.05.09 14:28:47 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2013.05.09 14:28:47 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.05.09 14:28:47 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programme\Xi\NetXfer\NXToolBar.dll (Xi) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-2384998777-4088281372-565200509-1006\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe (AOL LLC) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [FreePDFAssistent] C:\Programme\FreePDF\FreePDFA.exe (shbox) O4 - HKLM..\Run: [F-Secure Hoster (666)] C:\Programme\F-Secure\fshoster32.exe (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\aol\1194104839\ee\aolsoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PE2CKFNT SE] C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe () O4 - HKLM..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Smart Start UP] C:\Programme\NewSoft\Smart Start UP\PnPDetect.exe (NewSoft Technology Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe () O4 - HKU\S-1-5-21-2384998777-4088281372-565200509-1006..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-2384998777-4088281372-565200509-1006..\Run: [DirtyDecrypt] "\\?\C:\Dokumente und Einstellungen\Champ\Anwendungsdaten\Dirty\DirtyDecrypt.exe" /hide File not found O4 - HKU\S-1-5-21-2384998777-4088281372-565200509-1006..\Run: [QezriJgu] c:\dokume~1\champ\lokale~1\temp\0.08716367382355761.bfg File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe (America Online, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Photo Express Calendar Checker SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2384998777-4088281372-565200509-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O8 - Extra context menu item: Alles mit NetXfer herunterladen - C:\Programme\Xi\NetXfer\NXAddList.html () O8 - Extra context menu item: Herunterladen mit NetXfer - C:\Programme\Xi\NetXfer\NXAddLink.html () O15 - HKU\S-1-5-21-2384998777-4088281372-565200509-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{139D4A44-536A-4CE5-A0BB-F37AB36A3502}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77470660-DDC7-4D74-AC27-636A22E17BED}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\dokume~1\champ\lokale~1\temp\0.08716367382355761.bfg) - File not found O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.01.18 21:30:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{1b0eaa2e-be6e-11db-9065-00038a000015}\Shell\AutoRun\command - "" = I:\JDSecure\Windows\JDSecure31.exe O33 - MountPoints2\{65ccb9b0-ffa4-11e0-928e-001f3f0691d7}\Shell - "" = AutoRun O33 - MountPoints2\{65ccb9b0-ffa4-11e0-928e-001f3f0691d7}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{65ccb9b0-ffa4-11e0-928e-001f3f0691d7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.04 17:55:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Champ\Desktop\OTL.exe [2013.07.04 17:24:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Champ\Lokale Einstellungen\Anwendungsdaten\Sun [2013.07.04 17:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Champ\Desktop\Famlienfotos Schwarze 07-2013 [2013.07.03 07:07:51 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Champ\Recent [2013.06.30 09:47:59 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2013.06.30 09:47:40 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013.06.30 09:47:40 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.06.30 09:47:34 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.06.30 09:47:34 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.06.30 09:47:34 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.06.30 09:28:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2013.06.30 09:28:31 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2013.06.30 09:24:11 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys [2013.06.30 09:22:27 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Champ\PrivacIE [2013.06.30 09:22:27 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Champ\IECompatCache [2013.06.30 09:16:40 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Champ\IETldCache [2013.06.30 02:31:56 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2013.06.30 02:30:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2013.06.30 02:30:33 | 002,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2013.06.30 02:30:33 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2013.06.30 02:30:33 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2013.06.30 02:30:32 | 011,112,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2013.06.30 02:30:32 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2013.06.30 02:30:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2013.06.30 02:29:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2013.06.30 02:01:53 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2013.06.30 01:59:33 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2013.06.30 01:59:32 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2013.06.30 01:58:34 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2013.06.30 01:58:03 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2013.06.30 01:57:30 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2013.06.30 01:51:00 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2013.06.30 01:50:15 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll [2013.06.30 01:50:15 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll [2013.06.30 01:49:20 | 000,290,560 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2013.06.30 01:48:56 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys [2013.06.30 01:48:56 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys [2013.06.30 01:48:32 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys [2013.06.30 01:48:24 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys [2013.06.30 01:48:07 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys [2013.06.30 01:47:09 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll [2013.06.30 01:45:34 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2013.06.30 01:44:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\F-Secure [2013.06.30 01:44:29 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll [2013.06.30 01:43:50 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2013.06.30 01:43:46 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys [2013.06.30 01:40:58 | 002,195,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2013.06.30 01:40:58 | 002,152,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2013.06.30 01:40:58 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2013.06.30 01:40:57 | 002,072,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2013.06.30 01:40:00 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys [2013.06.30 01:39:19 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe [2013.06.30 01:39:16 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll [2013.06.30 01:28:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\F-Secure [2013.06.30 01:28:33 | 000,000,000 | ---D | C] -- C:\Programme\F-Secure [2013.06.30 01:19:35 | 001,371,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll [2013.06.30 01:19:35 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll [2013.06.30 01:19:35 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll [2013.06.30 01:19:32 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll [2013.06.30 01:19:31 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll [2013.06.30 01:19:31 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll [2013.06.30 01:19:31 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll [2013.06.30 01:19:31 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll [2013.06.30 01:19:31 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax [2013.06.30 01:19:31 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax [2013.06.30 01:19:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll [2013.06.30 01:19:30 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll [2013.06.30 01:19:30 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll [2013.06.30 01:19:30 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll [2013.06.30 01:19:30 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll [2013.06.30 01:19:30 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll [2013.06.30 01:19:30 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll [2013.06.30 01:19:30 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll [2013.06.30 01:19:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll [2013.06.30 01:19:30 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll [2013.06.30 01:19:30 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll [2013.06.30 01:19:29 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll [2013.06.30 01:19:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll [2013.06.30 01:19:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll [2013.06.30 01:19:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll [2013.06.30 01:19:27 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll [2013.06.30 01:19:27 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll [2013.06.30 01:19:27 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll [2013.06.30 01:19:27 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll [2013.06.30 01:19:27 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll [2013.06.30 01:19:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe [2013.06.30 01:19:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll [2013.06.30 01:19:26 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll [2013.06.30 01:19:26 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll [2013.06.30 01:19:26 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll [2013.06.30 01:19:26 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe [2013.06.30 01:19:26 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll [2013.06.30 01:19:26 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll [2013.06.30 01:19:26 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll [2013.06.30 01:19:25 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll [2013.06.30 01:19:25 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll [2013.06.30 01:19:25 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll [2013.06.30 01:19:25 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll [2013.06.30 01:19:25 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll [2013.06.30 01:19:24 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe [2013.06.30 01:19:23 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll [2013.06.30 01:19:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax [2013.06.30 01:19:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe [2013.06.30 01:19:22 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll [2013.06.30 01:19:21 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll [2013.06.30 01:19:21 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll [2013.06.30 01:19:20 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe [2013.06.30 01:19:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-de [2013.06.30 01:19:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2013.06.30 01:19:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de [2013.06.30 01:19:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2013.06.30 01:16:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles [2013.06.30 01:14:16 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll [2013.06.30 01:14:16 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll [2013.06.30 01:14:16 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll [2013.06.30 01:14:16 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll [2013.06.30 01:14:16 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll [2013.06.30 01:14:16 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll [2013.06.30 01:14:16 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll [2013.06.30 01:14:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2013.06.30 01:14:15 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys [2013.06.30 01:14:15 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys [2013.06.30 01:14:15 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys [2013.06.30 01:14:15 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys [2013.06.30 01:14:15 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys [2013.06.30 01:14:15 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys [2013.06.30 01:14:15 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys [2013.06.30 01:14:14 | 000,327,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys [2013.06.30 01:14:14 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys [2013.06.30 01:14:14 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys [2013.06.30 01:14:14 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys [2013.06.30 01:14:14 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys [2013.06.30 01:14:14 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys [2013.06.30 01:14:14 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys [2013.06.30 01:14:14 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys [2013.06.30 01:14:14 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys [2013.06.30 01:14:14 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys [2013.06.30 01:14:14 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys [2013.06.30 01:14:13 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys [2013.06.30 01:14:13 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys [2013.06.30 01:14:13 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys [2013.06.30 01:14:13 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys [2013.06.30 01:14:13 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll [2013.06.30 01:14:13 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll [2013.06.30 01:14:13 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll [2013.06.30 01:14:13 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll [2013.06.30 01:14:13 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll [2013.06.30 01:14:12 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll [2013.06.30 01:14:11 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys [2013.06.30 01:14:11 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys [2013.06.30 01:14:10 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys [2013.06.30 01:14:10 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys [2013.06.30 01:14:10 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys [2013.06.30 01:14:10 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys [2013.06.30 01:14:10 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll [2013.06.30 01:14:09 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys [2013.06.30 01:14:09 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys [2013.06.30 01:14:09 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys [2013.06.30 01:14:09 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys [2013.06.30 01:14:09 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys [2013.06.30 01:14:09 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll [2013.06.30 01:14:09 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys [2013.06.30 01:09:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2013.06.30 01:09:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome [2013.06.29 20:28:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure [2013.06.29 19:09:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.04 17:55:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Champ\Desktop\OTL.exe [2013.07.04 17:54:21 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2013.07.04 17:18:28 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.07.04 17:18:23 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.07.04 17:18:23 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.07.04 17:10:46 | 000,000,660 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI [2013.07.04 17:09:44 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.07.04 17:09:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.07.03 07:08:48 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.06.30 10:07:30 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.06.30 09:47:08 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.06.30 09:47:02 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.06.30 09:47:02 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.06.30 09:47:02 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013.06.30 09:47:01 | 000,391,330 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.06.30 09:47:01 | 000,380,486 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.06.30 09:47:01 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.06.30 09:47:01 | 000,063,778 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.06.30 09:47:01 | 000,052,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.06.30 09:47:00 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013.06.30 09:47:00 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013.06.30 09:28:39 | 000,000,659 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2013.06.30 01:58:14 | 000,044,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2013.06.30 01:46:36 | 000,019,406 | ---- | M] () -- C:\WINDOWS\prodsett_copy.ini [2013.06.30 01:28:56 | 000,001,704 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\F-Secure.lnk [2013.06.30 01:25:26 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2013.06.30 01:13:40 | 000,251,712 | RHS- | M] () -- C:\ntldr [2013.06.30 01:06:17 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce751d42e5e6ac.job [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.30 09:39:18 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2013.06.30 09:28:39 | 000,000,659 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2013.06.30 01:47:25 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2013.06.30 01:46:36 | 000,019,406 | ---- | C] () -- C:\WINDOWS\prodsett_copy.ini [2013.06.30 01:39:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2013.06.30 01:39:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2013.06.30 01:28:56 | 000,001,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\F-Secure.lnk [2013.06.30 01:14:13 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2013.06.30 01:14:12 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2013.06.30 01:14:11 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2013.06.30 01:06:17 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce751d42e5e6ac.job [2006.08.17 10:23:09 | 000,000,074 | ---- | C] () -- C:\Dokumente und Einstellungen\Champ\default.pls [2005.12.23 14:31:58 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\Champ\RefEdit.exd [2005.12.03 09:59:32 | 000,051,712 | ---- | C] () -- C:\Dokumente und Einstellungen\Champ\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.11.26 12:21:45 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Champ\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2005.01.18 21:42:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.06.23 07:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\bvhBBKAN [2013.06.24 18:35:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dirty [2005.10.25 11:29:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech [2013.06.23 07:12:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.NIRVANA\Anwendungsdaten\bvhBBKAN [2013.06.29 22:42:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.NIRVANA\Anwendungsdaten\Dirty [2005.10.25 11:29:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.NIRVANA\Anwendungsdaten\Leadertech [2009.06.06 17:19:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2013.06.30 01:54:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure [2009.06.24 16:46:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Newsoft [2009.06.06 17:22:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL [2005.10.25 14:25:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2013.05.15 15:57:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Champ\Anwendungsdaten\bvhBBKAN [2007.01.06 17:52:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Champ\Anwendungsdaten\CDZilla [2013.06.29 22:43:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Champ\Anwendungsdaten\Dirty [2009.10.15 08:43:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Champ\Anwendungsdaten\EPSON [2005.10.25 11:29:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Champ\Anwendungsdaten\Leadertech [2012.11.03 17:18:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Champ\Anwendungsdaten\Ovryw [2012.12.11 13:04:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Champ\Anwendungsdaten\Owaq [2007.09.02 09:44:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Champ\Anwendungsdaten\SmartSurfer [2007.09.02 09:45:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Champ\Anwendungsdaten\WEBDE [2009.12.27 16:53:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Champ\Anwendungsdaten\Xi [2012.12.11 13:34:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Champ\Anwendungsdaten\Zeyxq [2005.10.25 11:29:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Leadertech ========== Purity Check ========== < End of report > SOWIE die EXTRAS - Datei:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.07.2013 17:56:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Champ\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
894,48 Mb Total Physical Memory | 345,73 Mb Available Physical Memory | 38,65% Memory free
2,12 Gb Paging File | 1,47 Gb Available in Paging File | 69,48% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 279,46 Gb Total Space | 208,97 Gb Free Space | 74,78% Space Free | Partition Type: NTFS
Computer Name: NIRVANA | User Name: Champ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-2778-5BED-8199-52EB14D8D22F}" = F-Secure CCF Reputation
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD}" = QuickTime
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26792CA7-D87A-4DBE-896B-C2F66B344511}" = Sonic CinePlayer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2C9241DC-E141-4BB9-99F2-0BC54D81862F}" = Smart Start UP
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50B9EFAD-9AD3-4E6A-A9B7-1C02669D4907}" = Online Safety 2.77.1170.803
"{60E971B7-51A0-48CA-8687-C6B8F094A409}" = Sonic Simple Backup
"{658FDBCA-B7A1-43E4-A849-9F0812473331}" = Computer Security 12.77.100.0 (release)
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6D4E3662-A321-4D98-84B8-934229348575}" = F-Secure Network CCF 1.02.128
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82A4A6D5-DC7D-4D0C-8E0A-EC61A24D7F2E}" = DruckStudio ArtEdition
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B298BB58-D68C-48C5-BC79-5E7EBB2FC922}" = F-Secure
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C7E1449D-7638-6832-426D-589655951031}" = Nero 7 Demo
"{CAF7A270-55D5-455F-B0D1-6C51EADC1C3A}" = Presto! Mr. Photo 4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E36439A3-5F71-45B7-B515-7C79AF6A64B8}" = F-Secure CCF Scanning 1.23.124.8831 (release)
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AFPL Ghostscript 8.11" = AFPL Ghostscript 8.11
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"AOL Deinstallation" = AOL Deinstallation
"AOL YGP Screensaver" = AOL Meine Fotos Bildschirmschoner
"AOLCoach de" = AOL Coach Version 1.0(Build:20040229.1 de)
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"CloneDVD2OEM" = CloneDVD2OEM
"ConfigManager" = ELSA Configuration Manager
"DIVXCodec" = DivX Codec 3d release
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch
"FreePDF" = FreePDF 2.11
"F-Secure ServiceEnabler 666" = F-Secure
"HijackThis" = HijackThis 1.98.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD}" = QuickTime
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Kalender" = TKexe Kalender
"Messer_is1" = Messer v0.992
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MJuiceWinamp" = Mjuice Components
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetXfer Vista(x86) (Multilingual)_is1" = NetXfer 2.89.502
"RealPlayer 6.0" = RealPlayer Basic
"ST6UNST #1" = CoverPro
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Sudden Strike - Resource War" = Sudden Strike - Resource War
"TVUPlayer" = TVUPlayer 2.5.2.2
"Ulead Photo Express 2.0 SE" = Ulead Photo Express 2.0 SE
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp (remove only)
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.06.2011 03:27:19 | Computer Name = NIRVANA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul mshtml.dll, Version 6.0.2900.2769, Fehleradresse 0x001d5f43.
Error - 28.06.2011 04:24:05 | Computer Name = NIRVANA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mrstart.exe, Version 4.0.9.1000, fehlgeschlagenes
Modul mrstart.exe, Version 4.0.9.1000, Fehleradresse 0x0000b3e6.
Error - 25.07.2011 00:57:20 | Computer Name = NIRVANA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mrstart.exe, Version 4.0.9.1000, fehlgeschlagenes
Modul mrstart.exe, Version 4.0.9.1000, Fehleradresse 0x0000b3e6.
Error - 03.10.2011 04:22:32 | Computer Name = NIRVANA | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der Servername oder die Serveradresse konnte
nicht verarbeitet werden. .
Error - 27.10.2011 02:08:51 | Computer Name = NIRVANA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2527, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.2180, Fehleradresse 0x00018fea.
Error - 01.11.2011 04:56:39 | Computer Name = NIRVANA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul mshtml.dll, Version 6.0.2900.2769, Fehleradresse 0x00116ecb.
Error - 01.11.2011 04:56:56 | Computer Name = NIRVANA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul dbghelp.dll, Version 5.1.2600.2180, Fehleradresse 0x0001295d.
Error - 03.11.2011 05:46:57 | Computer Name = NIRVANA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mrstart.exe, Version 4.0.9.1000, fehlgeschlagenes
Modul mrstart.exe, Version 4.0.9.1000, Fehleradresse 0x0000b3e6.
Error - 04.11.2011 08:44:37 | Computer Name = NIRVANA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul mshtml.dll, Version 6.0.2900.2769, Fehleradresse 0x00116ecb.
Error - 04.11.2011 08:45:10 | Computer Name = NIRVANA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul dbghelp.dll, Version 5.1.2600.2180, Fehleradresse 0x0001295d.
[ System Events ]
Error - 29.06.2013 14:32:30 | Computer Name = NIRVANA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
Error - 29.06.2013 14:32:55 | Computer Name = NIRVANA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
Error - 29.06.2013 14:33:13 | Computer Name = NIRVANA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 29.06.2013 14:33:37 | Computer Name = NIRVANA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
Error - 29.06.2013 14:33:47 | Computer Name = NIRVANA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
Error - 29.06.2013 14:33:54 | Computer Name = NIRVANA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 29.06.2013 14:34:02 | Computer Name = NIRVANA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 29.06.2013 19:04:59 | Computer Name = NIRVANA | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
Error - 30.06.2013 03:18:26 | Computer Name = NIRVANA | Source = DCOM | ID = 10010
Description = Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 03.07.2013 00:53:27 | Computer Name = NIRVANA | Source = DCOM | ID = 10010
Description = Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
< End of report >
Was kann ich machen? Danke und viele Grüße !!! |
| Themen zu Wie bekomme ich "dirtydecrypt.exe" wieder los? |
| adobe flash player, audiograbber, dirtydecrypt.exe, firefox, flash player, hijackthis, iexplore.exe, js/adware.searchpage.a, js/logo.a, ntdll.dll, nvidia, plug-in, realtek, start up, temp, vista, win32/filecoder.bh, win32/filecoder.bh.gen, win32/injector.agqg, windows internet |
Baum-Darstellung