| |
| |||||||
Log-Analyse und Auswertung: OTL Script dringend benötigt - danke!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.07.2013, 15:35
| #1 |
| |  OTL Script dringend benötigt - danke! Hallo lieber Schrauber (oder ein anderer Helfer :-)) - bin neu hier  Ich helfe gerade meinem Schwager mit seinem FBI Laptop, habe auch schon alles verfolgt was ich über den Trojaner hier gelesen habe. Nun habe ich auch schon die OTL Datei. Könnte mir jemand die FixDatei erarbeiten .... VIELEN DANK!!!! ########## OTL logfile created on: 7/22/2013 10:48:19 AM - Run OTLPE by OldTimer - Version 3.1.30.1 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 111.78 Gb Total Space | 60.89 Gb Free Space | 54.47% Space Free | Partition Type: NTFS Drive D: | 3.74 Gb Total Space | 2.32 Gb Free Space | 61.91% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO Current User Name: SYSTEM Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - [2013/07/02 20:44:43 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/06/18 01:36:30 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto] -- C:\Programme\BringMeSports_1c\bar\1.bin\1cbarsvc.exe -- (BringMeSports_1cService) SRV - [2013/06/11 23:51:54 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/28 12:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/01/27 06:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/02/07 09:13:40 | 000,866,920 | ---- | M] (Fortinet Inc.) [Auto] -- C:\WINDOWS\system32\FortiSSLVPNdaemon.exe -- (FortiSslvpnDaemon) SRV - [2011/07/20 00:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011/04/28 06:20:24 | 000,175,104 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto] -- C:\WINDOWS\System32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server) SRV - [2011/03/08 05:09:49 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Programme\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011/03/04 01:18:11 | 000,136,176 | ---- | M] (Google Inc.) [On_Demand] -- C:\Programme\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update-Dienst (gupdatem) SRV - [2011/03/04 01:18:11 | 000,136,176 | ---- | M] (Google Inc.) [Auto] -- C:\Programme\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate) SRV - [2010/05/08 07:48:36 | 000,229,376 | ---- | M] () [Auto] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe -- (DCService.exe) SRV - [2009/10/28 15:21:14 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Programme\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/08/28 14:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/08/21 04:27:24 | 000,102,400 | ---- | M] (Wireless Service) [Auto] -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService) SRV - [2009/07/07 15:10:14 | 000,151,552 | ---- | M] () [Auto] -- C:\WINDOWS\system32\ANIWConnService.exe -- (ANIWConnService) SRV - [2009/05/14 11:48:08 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12) SRV - [2009/05/14 11:48:06 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12) SRV - [2008/12/12 06:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/06/12 06:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) [Auto] -- C:\Programme\Fingerprint Sensor\AtService.exe -- (ATService) SRV - [2008/06/09 04:06:44 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto] -- C:\QUALCOMM\QDLService\QDLService.exe -- (QDLService) SRV - [2008/06/02 14:38:36 | 002,058,776 | R--- | M] (Intel Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\UNS\UNS.EXE -- (UNS) Intel(R) SRV - [2008/06/02 14:38:30 | 000,174,616 | R--- | M] (Intel Corporation) [Auto] -- C:\Programme\Intel\AMT\LMS.EXE -- (LMS) Intel(R) SRV - [2008/05/12 08:55:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) [Auto] -- C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2008/04/16 02:18:34 | 000,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Programme\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex) SRV - [2008/04/08 08:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2008/04/03 05:33:26 | 000,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx) SRV - [2008/03/24 01:35:22 | 000,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - [2007/12/11 06:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007/05/15 10:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto] -- C:\Programme\ActivIdentity\ActivClient\accoca.exe -- (accoca) SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2004/10/21 21:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2013/01/20 10:59:04 | 000,195,296 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter) DRV - [2010/04/09 09:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010/03/25 04:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010/03/20 05:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010/03/20 04:28:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009/08/26 16:41:08 | 000,049,920 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412) DRV - [2009/08/26 16:41:04 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2009/08/03 05:57:38 | 000,724,736 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Drt2870.sys -- (rt2870) DRV - [2009/07/21 10:53:06 | 000,036,384 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pppop.sys -- (pppop) DRV - [2009/07/13 04:13:52 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp) DRV - [2009/05/18 09:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/03/05 08:35:58 | 000,252,032 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC) DRV - [2009/02/25 21:01:12 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2009/02/09 13:10:04 | 000,029,411 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO) DRV - [2008/07/29 04:46:00 | 006,023,456 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2008/07/01 05:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC) DRV - [2008/06/24 09:55:12 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008/06/20 12:04:34 | 000,225,696 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2008/06/12 08:40:50 | 000,477,696 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2008/06/09 04:06:42 | 000,112,640 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qcusbnethp.sys -- (qcusbnethp) DRV - [2008/06/09 04:06:42 | 000,103,680 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qcusbserhp.sys -- (qcusbserhp) DRV - [2008/06/09 04:06:42 | 000,005,248 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qcfilterhp.sys -- (QCFilterhp) DRV - [2008/05/27 10:34:38 | 000,338,944 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2008/05/23 07:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2008/05/23 07:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008/05/14 04:08:16 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2008/05/14 04:08:14 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2008/04/28 09:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008/04/28 00:14:54 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/04/14 08:00:00 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008/04/14 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2008/04/14 08:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec) DRV - [2008/04/14 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock) DRV - [2008/04/13 18:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008/04/07 23:00:00 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20) DRV - [2008/03/28 06:14:02 | 000,024,064 | R--- | M] (Sonic Focus, Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO) DRV - [2008/03/27 07:42:00 | 000,244,368 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R) DRV - [2008/03/26 10:12:56 | 000,040,832 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2008/02/29 10:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007/12/18 06:46:34 | 000,044,800 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2007/11/08 04:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302) DRV - [2007/07/13 06:26:12 | 000,094,976 | R--- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio) DRV - [2007/06/20 22:40:02 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K) DRV - [2007/06/18 11:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\ghareha_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^YL^xdm157^YY^de&ptb=F3E9EECA-52A4-4D3F-B9D9-82776461F007&si=38885 IE - HKU\ghareha_ON_C\..\URLSearchHook: {06b5b051-1d05-443d-822f-39ab0d05f018} - Reg Error: Key error. File not found IE - HKU\ghareha_ON_C\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Programme\ooVoo_Video_Chat\prxtbooV2.dll (Conduit Ltd.) IE - HKU\ghareha_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\ghareha_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\1cffxtbr@BringMeSports_1c.com: C:\Programme\BringMeSports_1c\bar\1.bin [2013/06/18 01:36:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013/07/02 20:43:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013/07/02 20:43:57 | 000,000,000 | ---D | M] [2013/07/02 20:43:33 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2013/07/02 20:43:37 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/07/02 20:43:32 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\browser\extensions [2013/07/02 20:44:45 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011/03/08 05:09:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Search Assistant BHO) - {002d1ba6-4766-4d7d-82b8-f49439c66f97} - C:\Programme\BringMeSports_1c\bar\1.bin\1cSrcAs.dll (MindSpark) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Programme\ooVoo_Video_Chat\prxtbooV2.dll (Conduit Ltd.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (Toolbar BHO) - {f653d037-97fa-4755-98c1-7f382eeb59a7} - C:\Programme\BringMeSports_1c\bar\1.bin\1cbar.dll (MindSpark) O3 - HKLM\..\Toolbar: (BringMeSports) - {cc53bd19-7b23-43b0-ab7c-0e06c708cced} - C:\Programme\BringMeSports_1c\bar\1.bin\1cbar.dll (MindSpark) O3 - HKLM\..\Toolbar: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Programme\ooVoo_Video_Chat\prxtbooV2.dll (Conduit Ltd.) O3 - HKU\ghareha_ON_C\..\Toolbar\WebBrowser: (ooVoo Video Chat Toolbar) - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - C:\Programme\ooVoo_Video_Chat\prxtbooV2.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [3170 Scan2PC] C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe () O4 - HKLM..\Run: [3180 Scan2PC] C:\WINDOWS\Twain_32\Samsung\CLX3180\Scan2pc.exe () O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation) O4 - HKLM..\Run: [accrdsub] C:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service) O4 - HKLM..\Run: [BringMeSports Search Scope Monitor] C:\Programme\BringMeSports_1c\bar\1.bin\1cSrchMn.exe (MindSpark) O4 - HKLM..\Run: [BringMeSports_1c Browser Plugin Loader] C:\Programme\BringMeSports_1c\bar\1.bin\1cbrmon.exe (VER_COMPANY_NAME) O4 - HKLM..\Run: [CLX3180_Scan2Pc] C:\WINDOWS\twain_32\Samsung\CLX3180\Scan2Pc.exe () O4 - HKLM..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] C:\Programme\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.) O4 - HKLM..\Run: [googletalk] C:\Programme\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [picon] C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) O4 - HKLM..\Run: [QlbCtrl.exe] C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [VMonitorVMUVC] C:\Programme\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation) O4 - HKLM..\Run: [WZCSLDR2] C:\Programme\D-Link\DWL-G122_DWA-110\WZCSLDR2.exe File not found O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\ghareha_ON_C..\Run: [Skype] C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\ghareha_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\ghareha_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\ghareha_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\ghareha\Anwendungsdaten\cache.dat) - C:\Dokumente und Einstellungen\ghareha\Anwendungsdaten\cache.dat () O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity) O20 - Winlogon\Notify\acunlock: DllName - C:\Programme\ActivIdentity\ActivClient\acunlock.dll - C:\Programme\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/10/28 10:07:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{bd0856a9-ab80-11e0-ab0b-f4bc807eb82f}\Shell - "" = AutoRun O33 - MountPoints2\{bd0856a9-ab80-11e0-ab0b-f4bc807eb82f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bd0856a9-ab80-11e0-ab0b-f4bc807eb82f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{d9e1fdee-3cc0-11e0-aad8-0022fad9651e}\Shell - "" = AutoRun O33 - MountPoints2\{d9e1fdee-3cc0-11e0-aad8-0022fad9651e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d9e1fdee-3cc0-11e0-aad8-0022fad9651e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{d9e1fdf1-3cc0-11e0-aad8-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{d9e1fdf1-3cc0-11e0-aad8-00a0c6000000}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d9e1fdf1-3cc0-11e0-aad8-00a0c6000000}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{ddcd40ca-7d3a-11e0-aaf0-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{ddcd40ca-7d3a-11e0-aaf0-00a0c6000000}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ddcd40ca-7d3a-11e0-aaf0-00a0c6000000}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{ddcd40cd-7d3a-11e0-aaf0-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{ddcd40cd-7d3a-11e0-aaf0-00a0c6000000}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ddcd40cd-7d3a-11e0-aaf0-00a0c6000000}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/07/22 07:37:41 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft [2013/07/22 07:35:52 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp [2013/07/22 07:35:51 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies [2013/07/22 07:35:51 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent [2013/07/22 07:35:51 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures [2013/07/22 07:35:51 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music [2013/07/22 07:35:51 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents [2013/07/22 07:35:51 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites [2013/07/22 07:35:51 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates [2013/07/22 07:35:51 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu [2013/07/22 07:35:51 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo [2013/07/22 07:35:51 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood [2013/07/22 07:35:51 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood [2013/07/22 07:35:51 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos [2013/07/22 07:35:51 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft [2013/07/22 07:35:51 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings [2013/07/22 07:35:51 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop [2013/07/22 07:35:51 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data [2013/07/17 21:54:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT [2013/07/02 20:43:32 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013/07/02 07:24:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ghareha\Eigene Dateien\Readiris [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\ghareha\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\ghareha\Eigene Dateien\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/22 10:41:17 | 004,194,304 | -H-- | M] () -- C:\Dokumente und Einstellungen\ghareha\NTUSER.DAT [2013/07/22 07:59:14 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk [2013/07/22 00:24:26 | 000,262,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT [2013/07/22 00:24:26 | 000,262,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT [2013/07/22 00:24:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/07/22 00:24:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2013/07/21 07:51:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/07/21 07:38:42 | 000,000,376 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013/07/21 07:37:11 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/07/21 07:27:23 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\ghareha\ntuser.ini [2013/07/21 07:17:59 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\ghareha\Anwendungsdaten\cache.ini [2013/07/21 07:16:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/07/21 07:16:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/07/21 07:14:54 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/07/21 07:13:05 | 000,490,326 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013/07/21 07:13:05 | 000,436,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/07/21 07:13:05 | 000,095,052 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013/07/21 07:13:05 | 000,068,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/07/21 07:13:02 | 001,104,438 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2013/07/21 06:11:59 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME [2013/07/16 22:02:11 | 000,375,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/07/16 03:55:12 | 000,001,879 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/07/08 13:24:19 | 004,029,319 | ---- | M] () -- C:\Dokumente und Einstellungen\ghareha\Desktop\introduction_Erber.pptx [2013/07/08 13:08:43 | 005,653,576 | ---- | M] () -- C:\Dokumente und Einstellungen\ghareha\Desktop\DR. Erber.pptx [2013/07/08 13:05:02 | 001,089,850 | ---- | M] () -- C:\Dokumente und Einstellungen\ghareha\Desktop\Remodulin Agreement-KFSHRC.pdf [2013/07/02 20:44:12 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini [2013/06/29 10:17:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\ghareha\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\ghareha\Eigene Dateien\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/22 07:35:52 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk [2013/07/22 07:35:52 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk [2013/07/22 07:35:52 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk [2013/07/22 07:35:52 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk [2013/07/22 07:35:52 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk [2013/07/22 07:35:52 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk [2013/07/22 07:35:52 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk [2013/07/22 07:35:52 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk [2013/07/22 07:35:52 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk [2013/07/22 07:35:52 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk [2013/07/22 07:35:52 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk [2013/07/22 07:35:52 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk [2013/07/22 07:35:52 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk [2013/07/22 07:35:52 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk [2013/07/22 07:35:52 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk [2013/07/22 07:35:52 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk [2013/07/22 07:35:52 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk [2013/07/18 11:54:51 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\ghareha\Anwendungsdaten\cache.ini [2013/07/08 13:22:44 | 004,029,319 | ---- | C] () -- C:\Dokumente und Einstellungen\ghareha\Desktop\introduction_Erber.pptx [2013/07/08 13:05:02 | 001,089,850 | ---- | C] () -- C:\Dokumente und Einstellungen\ghareha\Desktop\Remodulin Agreement-KFSHRC.pdf [2013/07/07 08:11:57 | 005,653,576 | ---- | C] () -- C:\Dokumente und Einstellungen\ghareha\Desktop\DR. Erber.pptx [2012/03/29 03:05:22 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Filzip.ini [2012/03/07 03:43:43 | 000,012,055 | ---- | C] () -- C:\Dokumente und Einstellungen\ghareha\Anwendungsdaten\SmarThruOptions.xml [2012/03/07 03:43:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\Readiris.ini [2012/03/07 03:42:58 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll [2012/03/07 03:33:20 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\sst2cl3.dll [2012/02/20 04:02:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/11/04 08:10:57 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll [2011/11/04 08:10:57 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\aIPH.dll [2011/11/04 08:10:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AQCKGen.dll [2011/11/04 08:10:57 | 000,045,115 | ---- | C] () -- C:\WINDOWS\System32\ANICtl.dll [2011/11/04 08:10:35 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ANIOApi.dll [2011/11/04 08:10:35 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANIO64.sys [2011/11/04 08:10:35 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANIO.sys [2011/11/04 08:09:52 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll [2011/09/20 14:49:45 | 000,008,704 | ---- | C] () -- C:\Dokumente und Einstellungen\ghareha\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/07/11 05:37:31 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\administrator\Lokale Einstellungen\Anwendungsdaten\QSwitch.txt [2011/07/11 05:37:31 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\administrator\Lokale Einstellungen\Anwendungsdaten\DSwitch.txt [2011/07/11 05:37:31 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\administrator\Lokale Einstellungen\Anwendungsdaten\AtStart.txt [2010/10/31 04:20:16 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll [2010/10/31 04:20:16 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll [2010/10/31 04:20:16 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll [2010/10/31 04:20:16 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll [2010/10/31 04:20:16 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll [2010/10/31 04:12:10 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sst1cl3.dll [2010/10/31 03:01:03 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\ghareha\Lokale Einstellungen\Anwendungsdaten\FnF4.txt [2010/10/29 10:14:57 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010/10/29 09:59:54 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini [2010/10/29 09:38:37 | 000,000,321 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini [2010/10/29 09:38:34 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI [2010/10/29 09:26:56 | 000,119,965 | ---- | C] () -- C:\WINDOWS\cgmxp32.ini [2010/10/28 11:27:51 | 000,015,123 | ---- | C] () -- C:\WINDOWS\cfgall.ini [2010/10/28 11:07:21 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\ghareha\Lokale Einstellungen\Anwendungsdaten\QSwitch.txt [2010/10/28 11:07:21 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\ghareha\Lokale Einstellungen\Anwendungsdaten\DSwitch.txt [2010/10/28 11:07:21 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\ghareha\Lokale Einstellungen\Anwendungsdaten\AtStart.txt [2010/10/28 10:54:58 | 000,000,571 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI [2010/10/28 10:50:30 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4973.dll [2008/05/26 16:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008/05/26 16:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008/05/26 16:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008/05/12 08:51:50 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2008/04/14 08:00:00 | 000,101,376 | ---- | C] () -- C:\Dokumente und Einstellungen\ghareha\Anwendungsdaten\cache.dat [2006/04/26 08:54:16 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\inetwh32.dll [2005/04/03 18:30:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\scardsyn.dll [2005/02/17 06:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005/02/17 06:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [1998/05/06 23:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll ========== LOP Check ========== [2011/07/11 05:37:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\administrator\Anwendungsdaten\Windows Desktop Search [2013/06/18 01:36:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ghareha\Anwendungsdaten\BringMeSports_1c [2013/07/21 07:15:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ghareha\Anwendungsdaten\Dropbox [2011/07/27 07:05:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ghareha\Anwendungsdaten\ooVoo Details [2012/12/04 13:36:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ghareha\Anwendungsdaten\OpenCandy [2013/06/07 19:29:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ghareha\Anwendungsdaten\PriceGong [2012/10/04 10:27:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ghareha\Anwendungsdaten\TeamViewer [2010/10/29 09:58:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ghareha\Anwendungsdaten\Windows Desktop Search [2011/03/07 09:16:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ghareha\Anwendungsdaten\Windows Search ========== Purity Check ========== < End of report > ############### |
| Themen zu OTL Script dringend benötigt - danke! |
| 7-zip, bonjour, desktop, dringend, einstellungen, error, explorer, flash player, focus, homepage, launch, mindspark, monitor.exe, oovoo video chat toolbar, plug-in, pum.disabled.securitycenter, registry, software, trojan.agent.rnd, trojan.spyeyes, trojaner, windows, windows xp |
Baum-Darstellung