|
Plagegeister aller Art und deren Bekämpfung: Your Protection immer noch da?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.05.2010, 11:58 | #46 |
| Your Protection immer noch da?Code:
ATTFilter OTL Extras logfile created on: 06.05.2010 12:36:45 - Run 3 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\FreshOne\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,00 Mb Total Physical Memory | 195,00 Mb Available Physical Memory | 38,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 91,47 Gb Total Space | 50,56 Gb Free Space | 55,28% Space Free | Partition Type: NTFS Drive D: | 91,89 Gb Total Space | 75,99 Gb Free Space | 82,70% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SEPPL Current User Name: FreshOne Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "12154:TCP" = 12154:TCP:*:Enabled:BitComet 12154 TCP "12154:UDP" = 12154:UDP:*:Enabled:BitComet 12154 UDP "21526:TCP" = 21526:TCP:*:Enabled:BitComet 21526 TCP "21526:UDP" = 21526:UDP:*:Enabled:BitComet 21526 UDP "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "12415:TCP" = 12415:TCP:*:Enabled:BitComet 12415 TCP "12415:UDP" = 12415:UDP:*:Enabled:BitComet 12415 UDP "58386:TCP" = 58386:TCP:*:Enabled:Pando Media Booster "58386:UDP" = 58386:UDP:*:Enabled:Pando Media Booster ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC) "C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC) "C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found "C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found "C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found "C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\ccapp.exe" = %windir%\system32\unst.exe:*:Enabled:System Process -- File not found "C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC) "C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC) "C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper -- (Microsoft Corporation) "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon) "%windir%\explorer.exe" = %windir%\explorer.exe:*:Enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine -- () "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon) "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1 "{1E460998-5C2C-4ACF-A9AA-3629BD9C06C2}" = Samsung PC Studio "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2) "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0 "{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3 "{51FD8515-2F15-4E6D-A93C-BC6988AEC29A}" = Sony Media Manager 2.3 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0 "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{572F2464-AB8F-4D1C-B934-FD133E6B7CA2}" = Philips GoGear Digital Audio Player "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69D598A7-A9C5-4396-8C92-39465FF2C874}" = Philips SPC530NC Webcam "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04 "{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}" = Nokia PC Suite "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works "{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver "{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax "{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver "{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D3E3F224-704C-4873-BA3E-0B8D3D4C59E8}" = Samsung PC Studio 3 "{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer "{DE54F85C-DB65-4691-B15D-1EF9149F0FD6}" = MangaBrowser for SHONEN JUMP 40th "{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM) "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}" = Philips VLounge "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go "{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone "0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1) "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) "55D5CDE7F2833CC4A2AAF96249CE79DDFC71E592" = Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA (05/07/2008 1.0.5.12) "6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) "65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) "9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "AOL Deinstallation" = AOL Deinstallation "AOLCoach de" = AOL Coach Version 1.0(Build:20040201.2 de) "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1) "C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8) "CCleaner" = CCleaner "Defraggler" = Defraggler "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "ESET Online Scanner" = ESET Online Scanner v3 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "F83654168F2669A249A823C6255ACB1405E1E04E" = Windows-Treiberpaket - Philips (SPC530) Image (05/21/2008 1.01.3.6650) "FA64675F2B582DB559A1BE34C9F1F0208D44A7FE" = Windows-Treiberpaket - Philips USB (05/21/2008 1.01.3.6650) "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free Studio_is1" = Free Studio version 4.2 "Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1 "Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 2.8 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "Icy Tower v1.3.1_is1" = Icy Tower v1.3.1 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3 "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker Gold "Killzone 2 Screensaver" = Killzone 2 Screensaver "LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "MPE" = MyPhoneExplorer "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "Philips Intelligent Agent_is1" = Philips Intelligent Agent "RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts) "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Uninstall_is1" = Uninstall 1.0.0.1 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGTK-2_is1" = GTK+ 2.10.13 runtime environment "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 25.04.2010 15:06:01 | Computer Name = SEPPL | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung mbam.exe, Version 1.45.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 25.04.2010 15:12:28 | Computer Name = SEPPL | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung mbam.exe, Version 1.45.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 27.04.2010 12:41:31 | Computer Name = SEPPL | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 01.05.2010 07:07:25 | Computer Name = SEPPL | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung mbam.exe, Version 1.45.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 02.05.2010 11:01:31 | Computer Name = SEPPL | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 03.05.2010 06:03:06 | Computer Name = SEPPL | Source = Google Update | ID = 20 Description = Error - 03.05.2010 07:03:06 | Computer Name = SEPPL | Source = Google Update | ID = 20 Description = Error - 04.05.2010 16:36:01 | Computer Name = SEPPL | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung javara.exe, Version 1.15.0.1745, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b. Error - 04.05.2010 16:40:02 | Computer Name = SEPPL | Source = MsiInstaller | ID = 10005 Description = Produkt: Java(TM) 6 Update 7 -- Interner Fehler 2753. RegUtils Error - 04.05.2010 16:49:50 | Computer Name = SEPPL | Source = MsiInstaller | ID = 10005 Description = Produkt: Java(TM) 6 Update 7 -- Interner Fehler 2753. RegUtils [ System Events ] Error - 05.05.2010 07:15:08 | Computer Name = SEPPL | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Verwaltungsservice vom CryproStorage-System. Error - 05.05.2010 07:15:08 | Computer Name = SEPPL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Verwaltungsservice vom CryproStorage-System" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 05.05.2010 09:51:39 | Computer Name = SEPPL | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Verwaltungsservice vom CryproStorage-System. Error - 05.05.2010 09:51:39 | Computer Name = SEPPL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Verwaltungsservice vom CryproStorage-System" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 05.05.2010 15:18:44 | Computer Name = SEPPL | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Verwaltungsservice vom CryproStorage-System. Error - 05.05.2010 15:18:44 | Computer Name = SEPPL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Verwaltungsservice vom CryproStorage-System" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 05.05.2010 17:13:31 | Computer Name = SEPPL | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Verwaltungsservice vom CryproStorage-System. Error - 05.05.2010 17:13:31 | Computer Name = SEPPL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Verwaltungsservice vom CryproStorage-System" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 06.05.2010 04:46:34 | Computer Name = SEPPL | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Verwaltungsservice vom CryproStorage-System. Error - 06.05.2010 04:46:34 | Computer Name = SEPPL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Verwaltungsservice vom CryproStorage-System" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > |
06.05.2010, 12:02 | #47 |
| Your Protection immer noch da? Eset gibt mir keinen LOG ich habe es 1 Stunde und 50 Min durchlaufen lassen Ergebnis 0..Infiziertes.
__________________Brauchst du diesen Log unbedingt? Habe es 2 mal gemacht nichts im ESET ORDNER. Code:
ATTFilter OTL logfile created on: 06.05.2010 12:36:45 - Run 3 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\FreshOne\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,00 Mb Total Physical Memory | 195,00 Mb Available Physical Memory | 38,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 91,47 Gb Total Space | 50,56 Gb Free Space | 55,28% Space Free | Partition Type: NTFS Drive D: | 91,89 Gb Total Space | 75,99 Gb Free Space | 82,70% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SEPPL Current User Name: FreshOne Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.05.03 17:17:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\FreshOne\Desktop\OTL.exe PRC - [2010.04.03 19:30:43 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.09.30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2008.11.24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008.11.24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2007.07.18 16:52:26 | 000,070,144 | ---- | M] (AlcaTech) -- C:\WINDOWS\system32\mmrtkrnl.exe PRC - [2007.06.19 17:17:39 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007.01.22 17:22:38 | 000,118,784 | ---- | M] (NVIDIA) -- C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe PRC - [2006.11.03 10:56:14 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe PRC - [2004.10.07 17:53:06 | 000,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NvMixer\NvMixerTray.exe PRC - [2003.08.27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe ========== Modules (SafeList) ========== MOD - [2010.05.03 17:17:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\FreshOne\Desktop\OTL.exe MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2006.05.03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll ========== Win32 Services (SafeList) ========== SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.02.10 22:59:00 | 003,654,060 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv) SRV - [2009.08.28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009.05.27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR2) SQL Server (SONY_MEDIAMGR2) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008.11.24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008.11.24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008.11.24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008.08.07 11:17:30 | 000,575,488 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.01.22 17:22:38 | 000,118,784 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS) SRV - [2005.11.15 13:02:04 | 000,061,440 | ---- | M] (T-Online International AG, Marmiko IT-Solutions GmbH) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl) SRV - [2005.11.01 12:30:46 | 000,172,032 | ---- | M] (T-Systems International GmbH) [Disabled | Stopped] -- C:\Programme\T-Online\DSL-Manager\TODslSvc.exe -- (TODslService) SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.08.27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW) ========== Driver Services (SafeList) ========== DRV - [2010.04.11 16:36:12 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utm3otux.sys -- (utm3otux) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.08.05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2009.07.23 21:07:40 | 000,006,528 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jumi.sys -- (jumi) DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.11.03 17:22:09 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.hs -- (LVUVC) Logitech QuickCam E3500(UVC) DRV - [2008.11.01 20:44:57 | 000,021,672 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2008.11.01 20:44:57 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2008.10.30 14:41:05 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.10.07 14:33:00 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008.06.06 09:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.21 15:30:28 | 000,486,912 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC530.sys -- (SPC530) DRV - [2008.05.21 15:30:28 | 000,007,680 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC530m.sys -- (SPC530m) DRV - [2008.05.07 12:40:04 | 000,088,704 | R--- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\phaudlwr.sys -- (phaudlwr) DRV - [2008.05.07 07:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2008.05.07 07:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.07 07:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.07.18 16:52:38 | 000,094,528 | ---- | M] (AlcaTech) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mmrtkrnl.sys -- (MMRTKRNL) DRV - [2007.05.02 12:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007.05.02 12:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007.05.02 12:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2007.03.29 17:33:54 | 000,134,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cam1690.sys -- (CAM1690) DRV - [2007.02.15 14:14:28 | 000,019,840 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec) DRV - [2007.01.22 17:23:20 | 000,006,912 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev) DRV - [2006.10.21 11:56:24 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32) DRV - [2006.09.18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) DRV - [2006.09.18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2006.09.18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) DRV - [2006.09.18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) DRV - [2006.09.18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm) DRV - [2006.09.18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl) DRV - [2006.09.18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2006.07.20 15:20:09 | 000,027,219 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor) DRV - [2006.07.20 15:20:02 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2006.07.19 05:37:26 | 000,324,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\eengine\eectrl.sys -- (eeCtrl) DRV - [2006.03.13 18:35:28 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex) DRV - [2006.03.13 18:35:26 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt) DRV - [2006.03.13 18:35:20 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm) DRV - [2006.03.13 18:35:18 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2006.03.13 18:35:12 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2005.02.11 19:11:32 | 000,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvcchflt.sys -- (nvcchflt) DRV - [2005.02.11 19:11:02 | 000,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2005.01.15 22:57:40 | 000,006,912 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2004.11.15 23:44:42 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2004.11.15 23:44:38 | 000,033,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2004.10.15 05:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb) DRV - [2004.09.10 20:02:12 | 000,412,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM) DRV - [2004.09.10 19:58:52 | 000,052,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM) DRV - [2004.03.01 17:03:34 | 000,016,896 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5) DRV - [2003.01.10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2000.10.15 19:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\DSL-Manager\Pcandis5.sys -- (PCANDIS5) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60441&qkw=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.16 11:06:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.04 22:48:26 | 000,000,000 | ---D | M] [2008.11.17 22:14:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FreshOne\Anwendungsdaten\Mozilla\Extensions [2010.05.05 23:35:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FreshOne\Anwendungsdaten\Mozilla\Firefox\Profiles\i39la197.default\extensions [2009.09.03 16:12:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\FreshOne\Anwendungsdaten\Mozilla\Firefox\Profiles\i39la197.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.24 11:43:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\FreshOne\Anwendungsdaten\Mozilla\Firefox\Profiles\i39la197.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.05 23:35:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2006.09.07 13:13:00 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.05.04 22:48:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2008.11.11 09:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Programme\Mozilla Firefox\plugins\npBitCometAgent.dll [2006.09.20 03:13:22 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll [2010.05.04 22:48:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2009.02.15 21:46:41 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll [2009.10.30 13:50:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\crawlersrch.xml [2009.10.30 13:50:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.10.30 13:50:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.10.30 13:50:38 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.10.30 13:50:38 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.04.24 11:03:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [fssui] C:\Programme\Windows Live\Family Safety\fsui.exe (Microsoft Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVIDIA nTune] C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVMixerTray] C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [Realtime Audio Engine] C:\WINDOWS\System32\mmrtkrnl.exe (AlcaTech) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\FreshOne\Startmenü\Programme\Autostart\Ubisoft register.lnk = C:\Programme\Ubisoft\Register\schedule.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/binary/MJSS.cab69309.cab () O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} hxxp://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} hxxp://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer) O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\FreshOne\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\FreshOne\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.01.15 22:52:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.05 13:21:46 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2010.05.04 22:48:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.05.04 22:48:26 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.05.04 22:48:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.05.04 22:48:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.05.04 22:48:26 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.05.04 22:48:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.05.04 22:46:41 | 000,922,400 | ---- | C] (Sun Microsystems, Inc.) -- C:\Dokumente und Einstellungen\FreshOne\Desktop\jre-6u20-windows-i586-iftw-rv.exe [2010.05.04 22:33:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FreshOne\Desktop\Neuer Ordner [2010.05.04 22:05:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.05.04 22:05:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.05.04 22:05:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.04 22:03:33 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\FreshOne\Eigene Dateien\mbam-setup.exe [2010.05.04 12:34:02 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\FreshOne\IECompatCache [2010.05.04 12:33:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\FreshOne\PrivacIE [2010.05.04 12:30:31 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\FreshOne\IETldCache [2010.05.04 12:27:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010.05.04 12:25:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.05.04 12:21:10 | 017,010,016 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\FreshOne\Desktop\IE8-WindowsXP-x86-DEU.exe [2010.05.03 22:27:21 | 000,000,000 | ---D | C] -- C:\_OTL [2010.05.03 17:17:28 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\FreshOne\Desktop\OTL.exe [2010.05.01 19:21:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FreshOne\Anwendungsdaten\InstallShield [2010.04.24 16:53:27 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\FreshOne\Desktop\Logs [2010.04.24 16:31:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\FreshOne\Recent [2010.04.24 11:21:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.04.24 10:42:11 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.04.24 10:40:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.04.24 10:40:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.04.24 10:40:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.04.24 10:40:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.04.23 13:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010.04.23 13:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FreshOne\Anwendungsdaten\Avira [2010.04.22 14:28:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010.04.22 14:21:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.04.22 14:21:05 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.04.22 14:21:05 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.04.22 14:21:05 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.04.22 14:21:05 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.04.22 14:21:05 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.04.22 14:21:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.04.17 19:48:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs [2010.04.16 11:51:46 | 000,000,000 | ---D | C] -- C:\Programme\Jumi [2010.04.10 13:57:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.04.10 13:19:10 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.04.08 23:10:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FreshOne\Anwendungsdaten\Malwarebytes [2010.04.08 20:11:25 | 083,704,128 | ---- | C] (Emsi Software GmbH ) -- C:\Dokumente und Einstellungen\FreshOne\Eigene Dateien\a2FreeSetup27.exe [2010.04.08 19:17:43 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler [2010.04.08 18:20:53 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.04.08 16:51:17 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\FreshOne\Desktop\Anti Virus [2010.04.08 02:36:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2008.11.03 18:38:40 | 000,486,912 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SPC530.sys [2008.11.03 18:38:40 | 000,007,680 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SPC530m.sys [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.06 12:23:33 | 000,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.05.06 12:23:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.06 12:23:02 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.05.06 12:03:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.05.06 10:45:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.06 10:45:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.06 10:45:25 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys [2010.05.06 00:12:26 | 010,747,904 | -H-- | M] () -- C:\Dokumente und Einstellungen\FreshOne\NTUSER.DAT [2010.05.06 00:12:26 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\FreshOne\ntuser.ini [2010.05.05 23:23:40 | 001,702,089 | ---- | M] () -- C:\Dokumente und Einstellungen\FreshOne\Desktop\Foto022.jpg [2010.05.05 23:23:37 | 001,716,732 | ---- | M] () -- C:\Dokumente und Einstellungen\FreshOne\Desktop\Foto024.jpg [2010.05.05 23:22:21 | 001,946,140 | ---- | M] () -- C:\Dokumente und Einstellungen\FreshOne\Desktop\Foto004.jpg [2010.05.05 13:21:20 | 002,672,312 | ---- | M] () -- C:\Dokumente und Einstellungen\FreshOne\Desktop\esetsmartinstaller_enu.exe [2010.05.04 22:48:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.05.04 22:48:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.05.04 22:48:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.05.04 22:48:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.05.04 22:48:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.05.04 22:46:41 | 000,922,400 | ---- | M] (Sun Microsystems, Inc.) -- C:\Dokumente und Einstellungen\FreshOne\Desktop\jre-6u20-windows-i586-iftw-rv.exe [2010.05.04 22:05:28 | 000,000,680 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.04 22:03:40 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\FreshOne\Eigene Dateien\mbam-setup.exe [2010.05.04 12:39:48 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.05.04 12:21:34 | 017,010,016 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\FreshOne\Desktop\IE8-WindowsXP-x86-DEU.exe [2010.05.03 22:27:34 | 001,216,760 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.05.03 22:27:34 | 000,511,310 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.05.03 22:27:34 | 000,492,578 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.05.03 22:27:34 | 000,105,524 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.05.03 22:27:34 | 000,091,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.05.03 17:17:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\FreshOne\Desktop\OTL.exe [2010.05.03 16:11:23 | 000,000,256 | ---- | M] () -- C:\WINDOWS\system.ini [2010.05.03 15:58:27 | 003,926,394 | R--- | M] () -- C:\Dokumente und Einstellungen\FreshOne\Desktop\ComboFix.exe [2010.05.02 20:25:26 | 000,001,325 | ---- | M] () -- C:\Dokumente und Einstellungen\FreshOne\Desktop\Some Shit.lnk [2010.05.01 18:04:45 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2010.04.30 13:22:47 | 000,015,312 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010.04.24 11:03:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.04.24 10:42:22 | 000,000,460 | RHS- | M] () -- C:\boot.ini [2010.04.23 14:45:43 | 000,001,470 | ---- | M] () -- C:\Dokumente und Einstellungen\FreshOne\Anwendungsdaten\wklnhst.dat [2010.04.22 13:49:46 | 000,054,624 | ---- | M] () -- C:\WINDOWS\System32\1c616.sys [2010.04.22 13:49:43 | 002,335,270 | ---- | M] () -- C:\WINDOWS\System32\b9915.mht [2010.04.11 16:36:12 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utm3otux.sys [2010.04.11 12:00:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.04.08 20:11:33 | 083,704,128 | ---- | M] (Emsi Software GmbH ) -- C:\Dokumente und Einstellungen\FreshOne\Eigene Dateien\a2FreeSetup27.exe [2010.04.08 19:12:24 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.04.08 17:06:46 | 000,001,081 | ---- | M] () -- C:\WINDOWS\win.ini [2010.04.08 17:06:46 | 000,000,389 | ---- | M] () -- C:\Boot.bak [2010.04.08 00:12:08 | 042,341,360 | ---- | M] () -- C:\Dokumente und Einstellungen\FreshOne\Eigene Dateien\avira_antivir_personal10_de.exe [2010.04.06 17:58:35 | 000,001,378 | ---- | M] () -- C:\Dokumente und Einstellungen\FreshOne\Desktop\Ardit´s Master Music VK.lnk [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.05 23:22:54 | 001,702,089 | ---- | C] () -- C:\Dokumente und Einstellungen\FreshOne\Desktop\Foto022.jpg [2010.05.05 23:22:51 | 001,716,732 | ---- | C] () -- C:\Dokumente und Einstellungen\FreshOne\Desktop\Foto024.jpg [2010.05.05 23:21:50 | 001,946,140 | ---- | C] () -- C:\Dokumente und Einstellungen\FreshOne\Desktop\Foto004.jpg [2010.05.05 13:21:17 | 002,672,312 | ---- | C] () -- C:\Dokumente und Einstellungen\FreshOne\Desktop\esetsmartinstaller_enu.exe [2010.05.04 22:05:28 | 000,000,680 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.04 12:27:02 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010.05.03 15:55:45 | 003,926,394 | R--- | C] () -- C:\Dokumente und Einstellungen\FreshOne\Desktop\ComboFix.exe [2010.04.25 10:18:48 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\oodbs.lor [2010.04.24 23:08:15 | 000,001,582 | ---- | C] () -- C:\Dokumente und Einstellungen\FreshOne\Desktop\Mozilla Firefox.lnk [2010.04.24 10:42:22 | 000,000,389 | ---- | C] () -- C:\Boot.bak [2010.04.24 10:42:14 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.04.24 10:40:49 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.04.24 10:40:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.04.24 10:40:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.04.24 10:40:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.04.24 10:40:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.04.22 13:49:46 | 000,054,624 | ---- | C] () -- C:\WINDOWS\System32\1c616.sys [2010.04.22 13:49:43 | 002,335,270 | ---- | C] () -- C:\WINDOWS\System32\b9915.mht [2010.04.10 16:11:37 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utm3otux.sys [2010.04.08 00:11:50 | 042,341,360 | ---- | C] () -- C:\Dokumente und Einstellungen\FreshOne\Eigene Dateien\avira_antivir_personal10_de.exe [2010.04.06 18:17:29 | 000,001,325 | ---- | C] () -- C:\Dokumente und Einstellungen\FreshOne\Desktop\Some Shit.lnk [2010.04.06 17:56:56 | 000,001,378 | ---- | C] () -- C:\Dokumente und Einstellungen\FreshOne\Desktop\Ardit´s Master Music VK.lnk [2010.01.21 20:50:29 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Multimedia manager.INI [2009.10.28 03:02:56 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI [2009.09.14 12:40:46 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\coodest.dll [2009.07.09 16:39:07 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll [2009.07.09 16:39:07 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll [2008.11.14 17:50:28 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll [2008.11.14 17:50:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2008.11.07 23:33:46 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll [2008.10.30 14:10:06 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2008.10.07 14:33:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008.10.07 14:33:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008.10.07 14:33:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008.10.07 14:33:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008.10.07 14:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.06.11 10:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.06.11 10:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.06.11 10:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008.06.05 09:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.03.29 17:23:21 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2008.03.08 19:27:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini [2008.02.08 19:40:29 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI [2008.02.08 19:38:20 | 000,058,776 | ---- | C] () -- C:\WINDOWS\System32\ijjiPlugin2.dll [2007.12.20 16:47:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.12.20 15:12:44 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\spacklsp.dll [2007.12.20 14:59:13 | 000,000,211 | ---- | C] () -- C:\WINDOWS\uno.ini [2007.12.20 14:59:08 | 000,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll [2007.12.20 14:59:08 | 000,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll [2007.12.20 14:59:08 | 000,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll [2007.10.23 18:22:28 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007.10.22 18:28:21 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2007.10.22 18:28:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2007.08.26 16:44:01 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2007.04.28 16:48:14 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll [2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2007.03.29 16:33:54 | 000,134,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\cam1690.sys [2007.03.28 19:26:10 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\cam1690.dll [2007.01.10 00:59:52 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll [2006.10.21 11:56:24 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys [2006.10.21 11:51:54 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2006.10.21 11:51:54 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2006.09.10 19:56:46 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Gnucleus.INI [2006.07.20 15:20:09 | 000,052,858 | ---- | C] () -- C:\WINDOWS\System32\interceptor.sys [2006.07.20 15:20:09 | 000,027,219 | ---- | C] () -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys [2006.07.06 13:01:43 | 000,002,278 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2006.07.05 13:49:17 | 000,000,391 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006.04.27 10:24:24 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll [2006.02.25 17:29:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini [2005.12.21 18:50:11 | 000,000,784 | ---- | C] () -- C:\WINDOWS\NTIWVEDT.INI [2005.12.04 18:55:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JCMkr32.INI [2005.11.17 18:29:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2005.09.09 19:18:10 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini [2005.08.26 19:17:39 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC64Euro.ini [2005.07.08 15:55:34 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ALAUNCH.INI [2005.06.21 22:37:42 | 000,045,568 | RHS- | C] () -- C:\WINDOWS\System32\cygz.dll [2005.01.16 20:50:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.01.15 22:57:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll [2005.01.15 22:57:05 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2005.01.15 22:57:05 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll [2005.01.15 22:54:48 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.01.15 22:50:22 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2003.12.31 15:25:23 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\ajnetmask.dll [2003.12.25 22:21:16 | 000,087,040 | ---- | C] () -- C:\WINDOWS\System32\TrayIcon12.dll [2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 498 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF @Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:888AFB86 @Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 101 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:661DFA1C < End of report > |
06.05.2010, 14:06 | #48 |
/// Selecta Jahrusso | Your Protection immer noch da? Logfile ist sauber
__________________Hier noch die letzten paar Schritte zur Säuberung Deines Rechners. Schritt 1 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software--> Adobe Reader und lade dir die neue Version von Hier herunter Als alternative würde ich dir den schlankeren Foxit Reader empfehlen Schritt 2 Combofix deinstallieren Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch auch dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 3 Tool CleanUp Starte bitte die OTL.exe. Klicke nun auf den CleanUp Button. Dies wird die meisten Tools und Logfiles entfernen. Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren. Schritt 4 Automatische Updates Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten. Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl und klicke auf OK. Stelle sicher das die automatischen Updates aktiviert sind. Schritt 5 Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
Schritt 6 Tipps für sicheres Surfen Das sind meine Vorschläge. Verwende einen alternativen Browser statt den IE. Ich empfehle Mozilla Firefox. Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
Don'ts
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ |
06.05.2010, 17:00 | #49 |
| Your Protection immer noch da? Okay habe nun alles gemacht Ich möchte mich bei dir herzlich bedanken das du dir Zeit genommen hast mein Problem zu lösen vielen vielen dank!!! Kannst es aus deinen Abos löschen. Mfg FastCore Trojaner-Board FTW!!!!!!!!!!!!!!! |
Themen zu Your Protection immer noch da? |
anti, anti malware, bytes, cleaner, error, fenster, forum, gelöscht, gen, gestoppt, hallo zusammen, hängt, maleware, malware, malware bytes, nicht mehr, norma, norman, programm, prozesse, scan, scannen, seite, seiten, tdss, tdsskiller, virus, zusammen |