| |
| |||||||
Log-Analyse und Auswertung: AV findet ftpsteal[1], frame[1] in ordner content.ie5. Lassen sich nicht entfernen!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.04.2010, 08:19
| #1 |
 | ![AV findet ftpsteal[1], frame[1] in ordner content.ie5. Lassen sich nicht entfernen! - Standard](images/icons/icon1.gif){kind=icon} AV findet ftpsteal[1], frame[1] in ordner content.ie5. Lassen sich nicht entfernen! Hallo! Seit vorgestern findet Antivir bei mir nach jedem Hochfahren 3 Viren z.B. ftpsteal[1], frame[1] im Unterordner content.ie5. >Diese lassen sich mit Antivir9 nicht löschen oder in die Quarantäne verschieben. Die Warnung kommt sofort wieder. Ich habe mich schon vorher schlau gemacht und einige Tips befolgt, aber nichts hat geholfen  Habe HijackThis laufen lassen und die Einträge gefixt, die ich als schädlich im Internet aufgeschnappt habe. Der Ordner content.ie5 in diversen "temp oder temp. internetfiles-Ordnern" ließ sich normal nicht löschen. Also hab ich sämtliche Ordner manuell im abgesicherten Modus gelöscht, was auch ohne Probleme ging. Antivir hat im nächsten Suchlauf nichts gefunden. Heute Morgen, beim Hochfahren waren die Fehlermeldungen wieder da. Hier mein logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:50:09, on 16.04.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 SP2 (7.00.6000.20861) Boot mode: Normal Running processes: E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\Ati2evxx.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\Programme\Lavasoft\Ad-Aware\AAWService.exe E:\WINDOWS\system32\Ati2evxx.exe E:\WINDOWS\system32\spoolsv.exe E:\Programme\Avira\AntiVir Desktop\sched.exe E:\Programme\iTunes\iTunesHelper.exe E:\Programme\Avira\AntiVir Desktop\avgnt.exe E:\Programme\SyncroSoft\Pos\H2O\cledx.exe E:\WINDOWS\system32\ctfmon.exe E:\WINDOWS\system32\svchost.exe E:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe E:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe E:\Programme\Avira\AntiVir Desktop\avguard.exe E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe E:\Programme\Bonjour\mDNSResponder.exe E:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe E:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe E:\WINDOWS\system32\svchost.exe E:\Programme\TeamViewer\Version5\TeamViewer_Service.exe E:\Programme\TeamViewer\Version5\TeamViewer.exe E:\Programme\iPod\bin\iPodService.exe E:\Programme\Internet Explorer\iexplore.exe E:\WINDOWS\explorer.exe E:\Programme\Mozilla Firefox\firefox.exe E:\Programme\Microsoft Office\Office12\OUTLOOK.EXE E:\Programme\Trend Micro\HijackThis\HijackThis.exe F2 - REG:system.ini: UserInit=E:\WINDOWS\SYSTEM32\Userinit.exe,E:\WINDOWS\system32\sdra64.exe, O4 - HKLM\..\Run: [StartCCC] "E:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [iTunesHelper] "E:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "E:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [H2O] E:\Programme\SyncroSoft\Pos\H2O\cledx.exe O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?') O4 - HKUS\S-1-5-20\..\RunOnce: [IE7] rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User '?') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User '?') O4 - HKUS\S-1-5-21-220523388-1637723038-1801674531-500\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: AAV UpdateService - Unknown owner - E:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - E:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe LM Service - Adobe Systems - E:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - E:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - E:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - E:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - E:\Programme\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - E:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - E:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe O23 - Service: Microsoft security update service (msupdate) - Unknown owner - e:\windows\system32\mssrv32.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - E:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - E:\Programme\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - E:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 5338 bytes B itte helft mir - bin auf dem Virengebiet ein absoluter Neuling... fand ja schon ganz toll, was ich bisher gemacht habe.... aber geholfen hat's ja leider nicht... Danke, orry31! |
|
16.04.2010, 12:43
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | AV findet ftpsteal[1], frame[1] in ordner content.ie5. Lassen sich nicht entfernen! Hallo und
__________________ Poste bitte das AntiVir-Log und mach nen Vollscan mit malwarebytes (auch Log posten). Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
16.04.2010, 17:26
| #3 |
| | AV findet ftpsteal[1], frame[1] in ordner content.ie5. Lassen sich nicht entfernen! Habe da noch ein Problem,
__________________wenn ich antivir das system scannen lassen will, findet er ständig neue... und haut Warnungen raus. Der Scan stoppt dann. Ich kann den so gar nicht beenden...es kommen immer neue Warnungen!!! Hilfe! |
|
17.04.2010, 11:44
| #4 |
| | AV findet ftpsteal[1], frame[1] in ordner content.ie5. Lassen sich nicht entfernen! Antivir-Scan hat nicht geklappt... Hier aber die logs von Malwarebytes und OTL: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3999 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.2180 17.04.2010 08:29:02 mbam-log-2010-04-17 (08-29-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 262602 Laufzeit: 51 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 14 Infizierte Registrierungswerte: 11 Infizierte Dateiobjekte der Registrierung: 6 Infizierte Verzeichnisse: 1 Infizierte Dateien: 54 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: E:\WINDOWS\system32\teyky.dll (Trojan.Ertfor) -> No action taken. e:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> No action taken. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hf8wefhuaihf8ewfydiujhfdsfdf (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Downloader) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: e:\windows\system32\sdra64.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (E:\WINDOWS\SYSTEM32\Userinit.exe,E:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken. Infizierte Verzeichnisse: E:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken. Infizierte Dateien: E:\WINDOWS\system32\teyky.dll (Trojan.Ertfor) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\arapj.exe (Trojan.Downloader) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\dxzmeo.exe (Trojan.Ertfor) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\e975u6t5ylak.exe (Trojan.Clicker) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Npf.exe (Trojan.Fraudpack) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Npg.exe (Trojan.FraudPack.Gen) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\onsarewcmx.tmp (Trojan.Downloader) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\rknfl.exe (Trojan.Zbot) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\gtkA.tmp (Spyware.Passwords) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\gtkB.tmp (Spyware.Passwords) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\gtk5.tmp (Spyware.Passwords) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\gtk7.tmp (Spyware.Passwords) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\gtk7E.tmp (Spyware.Passwords) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\gtk8.tmp (Spyware.Passwords) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\gtk80.tmp (Spyware.Passwords) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\gtk82.tmp (Spyware.Passwords) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\gtk9.tmp (Spyware.Passwords) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\vqvb.exe (Malware.Packer.Gen) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\gtk29.tmp (Spyware.Passwords) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\gmfrxpgv.exe (Trojan.Downloader) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BQD85F1L\oriqbjdp[1].htm (Trojan.Agent) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K3LQA246\hypwhc[1].htm (Trojan.Downloader) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\TGXUQ5WV\rvqxfn[1].htm (Trojan.Downloader) -> No action taken. E:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RMZIMQXZ\grabber[1].exe (Spyware.Passwords) -> No action taken. E:\Programme\Steinberg\Cubase SX 3\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken. E:\WINDOWS\services.exe (Trojan.Agent.Gen) -> No action taken. E:\WINDOWS\system32\reader_s.exe (Trojan.Meredrop) -> No action taken. E:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> No action taken. E:\WINDOWS\system32\oobe\AntiWPA_Crypt.dll (Hacktool) -> No action taken. E:\WINDOWS\system32\drivers\feahbqnf.sys (Rootkit.Agent) -> No action taken. E:\WINDOWS\Temp\gtk4.tmp (Spyware.Passwords) -> No action taken. E:\WINDOWS\Temp\gtk6.tmp (Spyware.Passwords) -> No action taken. E:\WINDOWS\Temp\gtk7D.tmp (Spyware.Passwords) -> No action taken. E:\WINDOWS\Temp\gtk7F.tmp (Spyware.Passwords) -> No action taken. E:\WINDOWS\Temp\gtk8.tmp (Spyware.Passwords) -> No action taken. E:\WINDOWS\Temp\gtkF0.tmp (Spyware.Passwords) -> No action taken. E:\WINDOWS\Temp\BN3.tmp (Trojan.Sasfis) -> No action taken. E:\WINDOWS\Temp\BN4.tmp (Trojan.Sasfis) -> No action taken. E:\WINDOWS\Temp\BN5.tmp (Trojan.Sasfis) -> No action taken. E:\WINDOWS\Temp\BN79.tmp (Trojan.Sasfis) -> No action taken. E:\WINDOWS\Temp\BN7A.tmp (Trojan.Sasfis) -> No action taken. E:\WINDOWS\Temp\E1.tmp (Trojan.Agent) -> No action taken. E:\WINDOWS\Temp\BN2.tmp (Trojan.Sasfis) -> No action taken. E:\WINDOWS\Temp\6FA.tmp (Trojan.Dropper) -> No action taken. E:\WINDOWS\Temp\A5.tmp (Trojan.Agent) -> No action taken. E:\WINDOWS\Temp\BN1.tmp (Trojan.Sasfis) -> No action taken. E:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken. E:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken. E:\Dokumente und Einstellungen\All Users\Favoriten\_favdata.dat (Malware.Trace) -> No action taken. E:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> No action taken. E:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken. E:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> No action taken. E:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken. E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> No action taken. OTL logfile created on: 17.04.2010 12:23:01 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = E:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 81,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): e:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme Drive C: | 292,97 Gb Total Space | 3,18 Gb Free Space | 1,09% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 405,66 Gb Total Space | 199,75 Gb Free Space | 49,24% Space Free | Partition Type: NTFS Drive F: | 3,75 Gb Total Space | 3,75 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JHJ Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - E:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - E:\Programme\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH) PRC - E:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) PRC - E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - E:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - E:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - E:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - E:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe () PRC - E:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O) ========== Modules (SafeList) ========== MOD - E:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (msupdate) -- File not found SRV - (SSHNAS) -- E:\WINDOWS\system32\sshnas21.dll () SRV - (TeamViewer5) -- E:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (TuneUp.Defrag) -- E:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (Lavasoft Ad-Aware Service) -- E:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (Apple Mobile Device) -- E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Autodesk Licensing Service) -- E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (Adobe LM Service) -- E:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (AAV UpdateService) -- E:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (ACDaemon) -- E:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (mi-raysat_3dsMax2009_32) -- E:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe () SRV - (UxTuneUp) -- E:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (NMIndexingService) -- E:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG) SRV - (odserv) -- E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- E:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- E:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (ati2mtag) -- E:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (avgntflt) -- E:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (LgBttPort) -- E:\WINDOWS\system32\drivers\lgbtport.sys (LG Electronics Inc.) DRV - (LGVMODEM) -- E:\WINDOWS\system32\drivers\lgvmodem.sys (LG Electronics Inc.) DRV - (lgbusenum) -- E:\WINDOWS\system32\drivers\lgbtbus.sys (LG Electronics Inc.) DRV - (Lbd) -- E:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (sptd) -- E:\WINDOWS\System32\Drivers\sptd.sys () DRV - (FlashUSB) -- E:\WINDOWS\system32\drivers\flashusb.sys (Danish Wireless Design A/S) DRV - (ssmdrv) -- E:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- E:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- E:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (Haspnt) -- E:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems) DRV - (USBModem) -- E:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- E:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- E:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (drmkaud) -- E:\WINDOWS\system32\drivers\drmkaud.sys.bak (Microsoft Corporation) DRV - (Aspi32) -- E:\WINDOWS\system32\drivers\aspi32.sys (Adaptec) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- E:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (AtiHdmiService) -- E:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- E:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (HDAudBus) -- E:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (AN983) -- E:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.) DRV - (RTLE8023xp) -- E:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (hardlock) -- E:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (SynasUSB) -- E:\WINDOWS\system32\drivers\synasusb.sys (SIA Syncrosoft) DRV - (CLEDX) -- E:\WINDOWS\system32\drivers\cledx.sys (Team H2O) DRV - (Sentinel) -- E:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.) DRV - (Sntnlusb) -- E:\WINDOWS\system32\drivers\sntnlusb.sys (Rainbow Technologies Inc.) DRV - (DS1410D) -- E:\WINDOWS\system32\drivers\ds1410d.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "search for firefox" FF - prefs.js..browser.search.order.1: "search for firefox" FF - prefs.js..browser.search.selectedEngine: "search for firefox" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "search for firefox" FF - user.js..browser.search.order.1: "search for firefox" FF - user.js..browser.search.defaultenginename: "search for firefox" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: E:\Programme\Mozilla Firefox\components [2010.04.01 07:47:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2010.04.01 07:45:47 | 000,000,000 | ---D | M] [2008.11.08 03:47:56 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.04.15 18:15:13 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\nwu78cd5.default\extensions [2010.04.01 07:48:02 | 000,000,000 | ---D | M] -- E:\Programme\Mozilla Firefox\extensions [2008.12.21 03:42:03 | 000,001,392 | ---- | M] () -- E:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2008.12.21 03:42:03 | 000,002,344 | ---- | M] () -- E:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2008.12.21 03:42:03 | 000,006,805 | ---- | M] () -- E:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2008.12.21 03:42:03 | 000,000,986 | ---- | M] () -- E:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.11.04 09:15:15 | 000,000,152 | ---- | M] () -- E:\Programme\Mozilla Firefox\searchplugins\wsm.src [2008.12.21 03:42:03 | 000,000,801 | ---- | M] () -- E:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2003.04.02 14:00:00 | 000,000,820 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (E:\WINDOWS\system32\teyky.dll) - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - E:\WINDOWS\system32\teyky.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - E:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [avgnt] E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [H2O] E:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [StartCCC] E:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] E:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\yflw1scl.exe File not found O4 - HKCU..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] E:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\notepad.exe File not found O4 - HKCU..\Run: [YVIBBBHA8C] E:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Nph.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} hxxp://download.microsoft.com/download/2/2/0/220618B3-3606-4E70-B625-231BF31E1085/VirtualEarth3D.cab (SentinelProxy Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\sdra64.exe) - E:\WINDOWS\system32\sdra64.exe () O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O21 - SSODL: GootkitSSO - {0A60B04E-3F59-45CC-8A74-8F04DF4E743D} - E:\WINDOWS\system32\msxsltsso.dll () O22 - SharedTaskScheduler: {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - hasiufhiusdfjdhfudd - E:\WINDOWS\system32\teyky.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - Unable to read "AutoRun" value or value not present! O32 - AutoRun File - [2008.11.08 01:08:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{05b4fa58-0e6d-11df-bf4f-0021859955df}\Shell\AutoRun\command - "" = Menu.exe O33 - MountPoints2\{c47d9ce1-cc75-11de-bef1-0021859955df}\Shell - "" = AutoRun O33 - MountPoints2\{c47d9ce1-cc75-11de-bef1-0021859955df}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c47d9ce1-cc75-11de-bef1-0021859955df}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - E:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.17 12:22:01 | 000,561,664 | ---- | C] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2010.04.17 02:09:39 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2010.04.17 02:09:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.17 02:09:30 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.17 02:09:29 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys [2010.04.17 02:09:29 | 000,000,000 | ---D | C] -- E:\Programme\Malwarebytes' Anti-Malware [2010.04.17 02:07:55 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- E:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.45.exe [2010.04.15 18:03:31 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\softonic-de3 [2010.04.15 18:03:31 | 000,000,000 | ---D | C] -- E:\Programme\Conduit [2010.04.15 18:03:31 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Conduit [2010.04.15 18:03:30 | 000,000,000 | ---D | C] -- E:\Programme\softonic-de3 [2010.04.15 18:03:23 | 000,000,000 | ---D | C] -- E:\Programme\Trend Micro [2010.04.13 20:47:46 | 000,182,912 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ndis.sys [2010.04.13 20:30:18 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.04.13 08:45:15 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe [2010.04.12 19:59:17 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Acoustica Premium [2010.04.11 20:10:45 | 000,000,000 | -HSD | C] -- E:\WINDOWS\System32\lowsec [2010.04.11 20:10:40 | 000,000,000 | ---D | C] -- E:\spoolerlogs [2010.04.11 19:40:45 | 000,348,160 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\msvcr71.dll [2010.04.08 19:59:48 | 000,000,000 | ---D | C] -- E:\Programme\Digidesign [2010.04.08 19:59:47 | 000,000,000 | ---D | C] -- E:\Programme\Antares [2010.04.08 19:57:44 | 000,000,000 | ---D | C] -- E:\Programme\Antares Audio Technologies [2010.04.08 19:56:12 | 000,000,000 | ---D | C] -- E:\Programme\Voxengo [2010.04.08 19:53:45 | 000,000,000 | ---D | C] -- E:\Programme\Vstplugins [2010.04.05 14:26:37 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\pdf24 [2010.04.04 11:12:51 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Desktop\Steuer 2009 [2010.04.02 18:04:41 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Desktop\Jan 2008 [2010.04.02 14:09:05 | 003,833,856 | ---- | C] (Amyuni Technologies hxxp://www.amyuni.com) -- E:\WINDOWS\System32\cdintf300.dll [2010.03.30 19:16:23 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Desktop\Bandprojekte [2010.03.29 17:30:10 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Desktop\Telefon [2010.03.27 16:21:40 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer [2010.03.27 16:21:31 | 000,000,000 | ---D | C] -- E:\Programme\TeamViewer [2009.08.15 00:39:09 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2008.11.28 12:16:02 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple [2008.11.08 16:45:25 | 000,000,000 | --SD | M] -- E:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [2008.11.08 01:13:05 | 000,000,000 | --SD | M] -- E:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2008.11.08 01:08:05 | 000,000,000 | --SD | M] -- E:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2008.11.08 01:08:05 | 000,000,000 | --SD | M] -- E:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- E:\WINDOWS\System32\drvc.dll [3 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ] [172 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.17 12:23:44 | 000,823,808 | ---- | M] () -- E:\WINDOWS\System32\drivers\feahbqnf.sys [2010.04.17 12:21:38 | 000,000,470 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.04.17 12:21:38 | 000,000,470 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010.04.17 12:21:38 | 000,000,470 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010.04.17 12:21:38 | 000,000,470 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010.04.17 12:21:36 | 000,000,470 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010.04.17 12:20:46 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT [2010.04.17 12:20:39 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat [2010.04.17 12:16:56 | 000,561,664 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2010.04.17 12:10:59 | 011,856,006 | -H-- | M] () -- E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.04.17 12:02:52 | 000,042,496 | ---- | M] () -- E:\WINDOWS\System32\msxsltsso.dll [2010.04.17 08:29:40 | 007,602,176 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\NTUSER.DAT [2010.04.17 08:05:00 | 000,000,304 | -H-- | M] () -- E:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2010.04.17 08:00:00 | 000,000,508 | ---- | M] () -- E:\WINDOWS\tasks\1-Klick-Wartung.job [2010.04.17 08:00:00 | 000,000,262 | -H-- | M] () -- E:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.04.17 02:09:33 | 000,000,679 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.17 02:09:09 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- E:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.45.exe [2010.04.16 13:42:04 | 000,020,000 | ---- | M] () -- E:\WINDOWS\System32\teyky.dll [2010.04.16 11:16:26 | 000,000,276 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.04.15 19:36:14 | 000,000,190 | -HS- | M] () -- E:\Dokumente und Einstellungen\Administrator\ntuser.ini [2010.04.15 18:59:06 | 000,461,912 | ---- | M] () -- E:\WINDOWS\System32\perfh007.dat [2010.04.15 18:59:06 | 000,443,588 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat [2010.04.15 18:59:06 | 000,085,510 | ---- | M] () -- E:\WINDOWS\System32\perfc007.dat [2010.04.15 18:59:06 | 000,071,846 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat [2010.04.15 18:59:05 | 001,070,434 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI [2010.04.15 18:03:23 | 000,001,701 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.lnk [2010.04.15 17:56:15 | 000,066,192 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Desktop\Malware-Entfernung.pdf [2010.04.15 17:45:45 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl [2010.04.13 21:15:05 | 000,210,944 | ---- | M] () -- E:\WINDOWS\System32\sshnas21.dll [2010.04.13 20:47:46 | 000,182,912 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ndis.sys [2010.04.13 20:44:23 | 000,050,688 | ---- | M] () -- E:\WINDOWS\services.exe [2010.04.13 20:44:23 | 000,026,624 | ---- | M] () -- E:\WINDOWS\System32\reader_s.exe [2010.04.12 20:28:27 | 000,219,648 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.11 19:44:52 | 000,000,678 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Mixcraft 4.lnk [2010.04.08 20:10:38 | 000,000,155 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini [2010.04.08 20:09:53 | 000,105,728 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.04.08 20:02:41 | 000,457,248 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT [2010.04.05 14:28:45 | 000,000,468 | ---- | M] () -- E:\WINDOWS\wiso.ini [2010.04.03 21:18:25 | 000,001,937 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Steuer-Spar-Erklärung 2010.lnk [2010.04.02 14:09:24 | 000,001,649 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\WISO EÜR & Kasse 2009.lnk [2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys [2010.03.29 17:33:58 | 002,071,228 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\V230110_14.07.3gp [2010.03.29 17:33:31 | 011,739,191 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\V230110_14.43.3gp [2010.03.27 16:21:37 | 000,000,872 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 5.lnk [2010.03.26 18:54:00 | 003,524,849 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Reise-Map Kopie.jpg [2010.03.26 18:53:42 | 018,447,701 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Reise-Map.psd [2010.03.26 18:47:20 | 000,003,047 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Desktop\push-pin-red.gif [3 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ] [172 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.17 02:09:33 | 000,000,679 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.16 13:42:40 | 000,823,808 | ---- | C] () -- E:\WINDOWS\System32\drivers\feahbqnf.sys [2010.04.16 13:42:04 | 000,020,000 | ---- | C] () -- E:\WINDOWS\System32\teyky.dll [2010.04.16 07:41:54 | 000,000,000 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\raw_a.txt [2010.04.15 18:03:23 | 000,001,701 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.lnk [2010.04.15 17:56:15 | 000,066,192 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\Desktop\Malware-Entfernung.pdf [2010.04.13 23:34:13 | 000,042,496 | ---- | C] () -- E:\WINDOWS\System32\msxsltsso.dll [2010.04.13 21:15:08 | 000,000,304 | -H-- | C] () -- E:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2010.04.13 21:15:07 | 000,000,262 | -H-- | C] () -- E:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.04.13 21:15:05 | 000,210,944 | ---- | C] () -- E:\WINDOWS\System32\sshnas21.dll [2010.04.13 20:50:05 | 000,050,688 | ---- | C] () -- E:\WINDOWS\services.exe [2010.04.13 20:44:23 | 000,026,624 | ---- | C] () -- E:\WINDOWS\System32\reader_s.exe [2010.04.02 14:09:24 | 000,001,649 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\WISO EÜR & Kasse 2009.lnk [2010.03.29 17:33:31 | 002,071,228 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\V230110_14.07.3gp [2010.03.29 17:31:00 | 011,739,191 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\V230110_14.43.3gp [2010.03.27 16:21:37 | 000,000,872 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 5.lnk [2010.03.26 18:53:57 | 003,524,849 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Reise-Map Kopie.jpg [2010.03.26 18:47:20 | 000,003,047 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\Desktop\push-pin-red.gif [2010.03.26 18:41:27 | 018,447,701 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Reise-Map.psd [2010.03.13 03:50:14 | 000,442,540 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\CCCInstall_201003130250148125.log [2009.12.04 16:24:37 | 000,001,024 | ---- | C] () -- E:\WINDOWS\System32\grcauth2.dll [2009.12.04 16:24:37 | 000,001,024 | ---- | C] () -- E:\WINDOWS\System32\grcauth1.dll [2009.12.04 16:24:37 | 000,000,100 | ---- | C] () -- E:\WINDOWS\System32\prsgrc.dll [2009.12.04 16:22:19 | 000,001,025 | ---- | C] () -- E:\WINDOWS\System32\sysprs7.dll [2009.12.04 16:22:19 | 000,000,205 | ---- | C] () -- E:\WINDOWS\System32\lsprst7.dll [2009.11.25 18:54:48 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\CommonDL.dll [2009.11.25 18:54:48 | 000,002,412 | ---- | C] () -- E:\WINDOWS\System32\lgAxconfig.ini [2009.11.13 16:57:26 | 000,221,291 | ---- | C] () -- E:\WINDOWS\Imei_dll.dll [2009.11.13 16:57:26 | 000,040,960 | ---- | C] () -- E:\WINDOWS\Sublock.dll [2009.09.01 13:12:23 | 000,000,235 | ---- | C] () -- E:\WINDOWS\BUHL.INI [2009.08.22 15:09:59 | 000,722,416 | ---- | C] () -- E:\WINDOWS\System32\drivers\sptd.sys [2009.03.21 22:04:43 | 000,020,992 | ---- | C] () -- E:\WINDOWS\jestertb.dll [2009.02.13 13:06:57 | 000,000,074 | ---- | C] () -- E:\WINDOWS\tm.ini [2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- E:\WINDOWS\System32\libavcodec.dll [2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- E:\WINDOWS\System32\ff_x264.dll [2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- E:\WINDOWS\System32\ff_wmv9.dll [2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll [2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- E:\WINDOWS\System32\ff_theora.dll [2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- E:\WINDOWS\System32\libmplayer.dll [2008.12.15 11:59:46 | 000,000,468 | ---- | C] () -- E:\WINDOWS\wiso.ini [2008.12.11 12:27:02 | 000,000,547 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll.manifest [2008.11.23 02:40:08 | 000,000,383 | ---- | C] () -- E:\WINDOWS\System32\haspdos.sys [2008.11.23 02:40:03 | 000,007,328 | ---- | C] () -- E:\WINDOWS\System32\drivers\ds1410d.sys [2008.11.09 03:29:06 | 000,000,183 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\default.pls [2008.11.08 22:55:54 | 000,035,328 | ---- | C] () -- E:\WINDOWS\System32\SYNSOACC.dll [2008.11.08 14:01:30 | 000,000,155 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini [2008.11.08 11:47:35 | 000,006,642 | ---- | C] () -- E:\WINDOWS\mgxoschk.ini [2008.11.08 11:21:08 | 000,219,648 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.08 01:17:39 | 000,000,190 | -HS- | C] () -- E:\Dokumente und Einstellungen\Administrator\ntuser.ini [2008.11.08 01:17:38 | 000,323,584 | -H-- | C] () -- E:\Dokumente und Einstellungen\Administrator\NTUSER.DAT.LOG [2008.11.08 01:17:38 | 000,000,394 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\MSIe59f3.LOG [2008.11.08 01:17:37 | 007,602,176 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\NTUSER.DAT [2008.11.08 01:13:07 | 000,212,384 | ---- | C] () -- E:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2008.11.08 01:05:07 | 000,059,904 | ---- | C] () -- E:\WINDOWS\System32\zlib1.dll [2008.11.08 01:05:00 | 000,162,304 | ---- | C] () -- E:\WINDOWS\System32\libpng13.dll [2008.11.08 01:04:58 | 000,394,752 | ---- | C] () -- E:\WINDOWS\System32\cygwinb19.dll [2008.09.14 18:19:35 | 000,000,182 | ---- | C] () -- E:\WINDOWS\System32\AiO-Auswahl.ini [2008.09.14 18:19:11 | 001,800,192 | ---- | C] () -- E:\WINDOWS\System32\hmtcdres.dll [2008.09.14 18:19:10 | 000,394,240 | ---- | C] () -- E:\WINDOWS\System32\hmtcd.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSwedish.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSpanish.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelPortugese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelKorean.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelJapanese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelGerman.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelFrench.dll [2005.04.04 14:52:42 | 000,180,224 | ---- | C] () -- E:\WINDOWS\System32\xvidvfw.dll [2005.04.04 14:35:24 | 000,745,472 | ---- | C] () -- E:\WINDOWS\System32\xvidcore.dll [2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- E:\WINDOWS\System32\ff_mpeg2enc.dll < End of report > OTL Extras logfile created on: 17.04.2010 12:23:01 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = E:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 81,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): e:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme Drive C: | 292,97 Gb Total Space | 3,18 Gb Free Space | 1,09% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 405,66 Gb Total Space | 199,75 Gb Free Space | 49,24% Space Free | Partition Type: NTFS Drive F: | 3,75 Gb Total Space | 3,75 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JHJ Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "E:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "E:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- E:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 1 "UACDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet  isabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet isabled:@xpsp2res.dll,-22008[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet isabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet isabled:@xpsp2res.dll,-22008"139:TCP" = 139:TCP:LocalSubNet isabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet isabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet isabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet isabled:@xpsp2res.dll,-22002========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03E494A7-F504-DA41-3079-9E2FB36736BC}" = CCC Help English "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{04A94422-A264-81D4-D65E-87276F5B402D}" = Catalyst Control Center Localization Italian "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION "{0B56244C-7B61-0407-A739-3E29DDE4DC3C}" = Bluerock Technologies Flight Studio 3ds Max 2009 32-bit "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{0E73A14F-23FD-E1B8-ED38-108ECFA08440}" = Catalyst Control Center Localization Portuguese "{14BC810B-5907-B9C3-B2F4-12D5EEA253F4}" = Catalyst Control Center Graphics Previews Common "{1A48AB8A-DA88-545F-9D3D-C481DC6C31A3}" = Catalyst Control Center Graphics Full Existing "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23655B51-F898-DC12-A2A1-3348D875F659}" = CCC Help Czech "{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "{25611B0A-54C2-69B9-723D-668201C22CD4}" = ccc-core-static "{257DEF70-A302-CF80-79FE-D8C72EB5E4D0}" = ccc-utility "{2702B8FC-6003-4AC6-ADBC-EC65746D800A}" = Lost Via Domus "{27F38AC0-298C-F7E2-F3AE-F7D12BBBE9D5}" = CCC Help Chinese Traditional "{299A33DF-313A-4C38-9610-71FDA80D5E02}" = WISO EÜR & Kasse 2009 "{2AB45FAF-2D92-0407-8D33-E2FE6172280E}" = Autodesk 3ds Max 2009 32-bit ProMaterials™ Library "{2CF6349E-8A3F-B726-F59A-8703FC8885E8}" = Catalyst Control Center Graphics Light "{2FB2169F-04D8-FFC0-6A66-80EE652B93A5}" = Catalyst Control Center InstallProxy "{305D5417-E687-0407-AA09-53DE06E059F8}" = Autodesk 3ds Max 2009 32-Bit Filme "{30B695C3-C7B0-69E1-197B-409587BC1FD7}" = CCC Help Norwegian "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{399B10AC-4E84-20F8-5913-82526B16F561}" = Catalyst Control Center Graphics Light "{3C400DF4-90E0-412C-843A-F5424402662F}" = DJBCP Codec Pack "{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Betaversion) "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1 "{3EC34F85-AF61-5B18-42D6-306B6B80E92E}" = Catalyst Control Center Localization Swedish "{4B494547-1410-C77E-B6F0-86F394ABAF94}" = CCC Help Hungarian "{4D7E8B72-AEA2-8493-F5F3-DA10E2EE2D22}" = Catalyst Control Center Localization Chinese Traditional "{54E4B63C-D252-454C-BE4F-468F102B331C}" = Adobe Shockwave Player "{55663DF0-3559-AE1E-0B9E-ED5353914B5D}" = CCC Help Japanese "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{59F83B00-970D-511C-D9DE-52B233780020}" = CCC Help Portuguese "{5B9EFDF8-AC4F-CA21-9A8C-7534D49E7EE9}" = Catalyst Control Center HydraVision Full "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5 "{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard "{63C98752-1B7D-4C8F-8C70-0B0A29D5ECBF}" = ArcSoft MediaConverter 2.5 "{64ACFE24-FB82-84A6-9FB8-B90539752E5B}" = Catalyst Control Center Localization German "{68DD4EAE-C5E4-1E34-F991-B99ABA6DC8E3}" = Catalyst Control Center Graphics Full New "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{695AC39F-5553-48DF-8E94-7CB22343843C}" = WISO EÜR & Kasse 2008 "{6C70ACE2-6EF2-4F8D-8C4A-78198AA979DD}" = Maya 2008 Documentation (en_US) "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{744A5C19-AA4C-0407-BC07-9F4C73C8B247}" = Autodesk 3ds Max 2009 32-Bit Vault 2009 Plug-In "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60}" = Turbo Squid Tentacles 3ds Max 2009 32-bit "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F4C1C17-C647-3CE0-4426-F368132A66A6}" = CCC Help Turkish "{81946C2A-5269-A6F5-4566-A9F253007A7E}" = Catalyst Control Center Localization Turkish "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator "{855AA20A-CA81-7EF1-1936-AE4AA3DC4BEA}" = ccc-core-preinstall "{8615E5FC-8906-AACF-5A1A-FB65046F647B}" = CCC Help Swedish "{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set "{8959A774-3FB3-B315-ACDF-4B7B70F5A169}" = Catalyst Control Center Core Implementation "{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{906B417C-6F6C-2A5A-DB5E-5C7499941C58}" = CCC Help Spanish "{93CB830F-517E-1695-C61B-2A1AA105CD78}" = Catalyst Control Center Localization French "{95DCA618-9717-BBD3-B438-A5A9B1EB30C8}" = CCC Help German "{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13 "{984880C1-7AC7-5267-A7D9-AEC19C932950}" = Catalyst Control Center Graphics Full Existing "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A3F8688-4F15-B77D-73A1-B0363517D1B1}" = Catalyst Control Center Localization Danish "{9B1BFDE6-3B65-FB41-BC54-353227EE742A}" = CCC Help Italian "{9BB86C70-E1EF-7457-46DC-0093B5269458}" = ATI Catalyst Install Manager "{9EDBB857-8028-49CD-B9C9-0B4D10CD1031}" = Nero 8 "{A0793FD9-9505-BF02-FF47-83C984DC814B}" = Catalyst Control Center Localization Chinese Standard "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A32A0DF0-6650-6503-293D-64AAF212CBF8}" = Catalyst Control Center Localization Japanese "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A44D0AC2-0891-5AB9-EE23-3EF3339BC2FE}" = Catalyst Control Center Localization Russian "{A54BEBF5-D7F9-2B34-6475-FB07780C80CA}" = Catalyst Control Center Localization Polish "{A5FB086B-B602-4452-8FE9-DF6BFBCE3D09}" = Steinberg Cubase Studio 4 "{A8280D9A-D6A4-1E52-E85F-99E3BB19CEEA}" = Catalyst Control Center Localization Czech "{A960DA53-C5C4-37A4-3671-C0236BF41E99}" = CCC Help Chinese Standard "{A9867BC9-0EAD-BAC6-C320-4FBC2E127643}" = Catalyst Control Center Core Implementation "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers "{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser "{B0D2BC40-119B-AD18-E697-E6073DD6D149}" = ccc-utility "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2C78A98-20EA-D90A-69E3-B15587D51588}" = CCC Help Thai "{B59DA9F5-3630-FFF1-C47C-B2CA172CF876}" = CCC Help Polish "{B84AE471-81DD-D81F-CD20-B3464877E525}" = Skins "{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008 "{BBFEA1AF-ECCE-1114-2EC8-AC304AB6B753}" = Catalyst Control Center Localization Hungarian "{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}" = Autodesk DirectConnect 2.0 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C251E4E6-89BA-0407-9B42-1B3D01D34783}" = Autodesk 3ds Max 2009 32-bit Architectural Materials Library "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C397AE7E-CFA4-9D60-880D-D0BA7CF3F596}" = CCC Help Finnish "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 + KB928366 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0E6B5D9-6737-AF3E-7BE5-7327DD6B6002}" = Catalyst Control Center Graphics Previews Common "{D20100AC-608D-1A4C-372E-75009E7C168E}" = CCC Help Danish "{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{D801FEB6-53DF-CE1C-67E2-A977E43A7E8F}" = CCC Help Russian "{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010 "{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren "{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes "{DA864DC0-0BF2-454B-A6A9-08A45EB97D3B}" = Maya 2008 "{DAA29BAD-1C06-E8E0-CFE6-557F818C7AF7}" = CCC Help Dutch "{DB7EBA4A-44AF-DF22-EBA7-6BF4E011E319}" = CCC Help French "{DBB18C43-FE45-36DF-D171-E209B79A76F3}" = Catalyst Control Center Localization Dutch "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager "{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers "{E1BCF465-85F4-C303-944E-9E416977C560}" = CCC Help Korean "{E3AEC354-AD4C-51D3-E345-CEE6CA8A9C3A}" = Catalyst Control Center Localization Greek "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4C82E4B-CD9E-27ED-BC6A-E099DE3EC3ED}" = CCC Help English "{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne "{E7231089-60AD-CD67-8CC0-B0F415E2A32A}" = Catalyst Control Center Graphics Full New "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EA024A36-5934-05B8-550B-60DA131B90C4}" = CCC Help Greek "{EE5AC826-8731-6406-9947-D0420143A7BD}" = ccc-core-preinstall "{EEB193CE-2B04-B568-29FF-FAFA34BB3F19}" = Catalyst Control Center Localization Spanish "{EF0A8C24-E239-45D5-492D-D5895518ACB3}" = Catalyst Control Center Localization Thai "{EFCBBB01-F876-0407-B91F-7B6132E8BB64}" = Autodesk 3ds Max 2009 32-Bit Vault 2008 Plug-In "{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F681200C-0446-0407-ABE4-EA9105E40EE4}" = Autodesk 3ds Max 2009 32-bit Additional Maps and Material Libraries "{F88183B1-BD65-F87C-855F-BB7D1AA3AEA2}" = Catalyst Control Center Localization Norwegian "{FC70949F-1417-A3F5-8E84-EBF5ACB93B58}" = Catalyst Control Center Localization Korean "{FDD8070F-E3B9-0407-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-Bit "{FE22679C-7CE4-8633-CE7F-8122B52C52CF}" = Catalyst Control Center Localization Finnish "{FF2F40DA-E579-4B3B-9CD5-B6884E42F062}" = EÜR & Kasse 2007 "7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) "Acoustica Effects Pack" = Acoustica Effects Pack "Acoustica Mixcraft 4.1" = Acoustica Mixcraft 4.1 "Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5 "Acoustica Premium Edition_is1" = Acoustica Premium Edition 4.1 "Ad-Aware" = Ad-Aware "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "Antares AVOX Bundle VST RTAS_is1" = Antares AVOX Bundle VST RTAS v1.1.3 "Antares Harmony Engine VST RTAS_is1" = Antares Harmony Engine VST RTAS v1.0 "Antares Kantos v1.02 VST & RTAS" = Antares Kantos v1.02 VST & RTAS "Antares Microphone Modeler 1.02 DirectX" = Antares Microphone Modeler 1.02 DirectX "Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.03 "Ask Toolbar_is1" = Ask Toolbar "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "ENTERPRISE" = Microsoft Office Enterprise 2007 "FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "Free YouTube Download_is1" = Free YouTube Download 2.2 "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1 "GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers "HijackThis" = HijackThis 2.0.2 "ImgBurn" = ImgBurn "Impulse Modeler" = Impulse Modeler 1.9 "Infineon USB driver_is1" = Infineon USB driver 1.0.0.6 "JDownloader" = JDownloader "JVA Multi-Purpose Bot_is1" = JVA Bot 1.15.6 "M928366" = "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "MAGIX Video deluxe 2007 e-version D" = MAGIX Video deluxe 2007 e-version 6.5.0.24 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 SP1 + KB928366 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MKVtoolnix" = MKVtoolnix 2.5.3 "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "Rainbow Sentinel Driver" = Sentinel System Driver "Runtimes" = Allgemeine Runtime Dateien "SecondLife" = SecondLife (remove only) "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "softonic-de3 Toolbar" = softonic-de3 Toolbar "Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944 "SyncroSoft Emu" = SyncroSoft Emu (Remove only) "Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle "TeamViewer 5" = TeamViewer 5 "The KMPlayer" = The KMPlayer (remove only) "Tiffen Dfx v1.0 for Photoshop (Team V.R Private Edition)" = Tiffen Dfx v1.0 for Photoshop (Team V.R Private Edition) "Uninstall_is1" = Uninstall 1.0.0.1 "Wings 3D 0.99.04a" = Wings 3D 0.99.04a "WinRAR archiver" = WinRAR "Xilisoft HD Video Converter" = Xilisoft HD Video Converter "XP Codec Pack" = XP Codec Pack "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "XPSP3UPPACK" = Sereby's XP SP3 Updatepack Version 3.8.9 ========== Last 10 Event Log Errors ========== [ System Events ] Error - 16.04.2010 01:41:04 | Computer Name = JHJ | Source = ati2mtag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 16.04.2010 03:46:02 | Computer Name = JHJ | Source = DCOM | ID = 10010 Description = Der Server "{80EE4901-33A8-11D1-A213-0080C88593A5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.04.2010 04:14:58 | Computer Name = JHJ | Source = DCOM | ID = 10010 Description = Der Server "{80EE4901-33A8-11D1-A213-0080C88593A5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.04.2010 04:21:55 | Computer Name = JHJ | Source = DCOM | ID = 10010 Description = Der Server "{80EE4901-33A8-11D1-A213-0080C88593A5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.04.2010 04:34:35 | Computer Name = JHJ | Source = DCOM | ID = 10010 Description = Der Server "{80EE4901-33A8-11D1-A213-0080C88593A5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.04.2010 19:50:00 | Computer Name = JHJ | Source = ati2mtag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 17.04.2010 06:02:51 | Computer Name = JHJ | Source = ati2mtag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 17.04.2010 06:09:35 | Computer Name = JHJ | Source = DCOM | ID = 10010 Description = Der Server "{BA126AE5-2166-11D1-B1D0-00805FC1270E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 17.04.2010 06:15:07 | Computer Name = JHJ | Source = DCOM | ID = 10010 Description = Der Server "{BA126AD1-2166-11D1-B1D0-00805FC1270E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 17.04.2010 06:20:56 | Computer Name = JHJ | Source = ati2mtag | ID = 43038 Description = EDID contain an error in the RangeLimit field < End of report > Puhh.... hoffentlich könnt ihr helfen.... der PC wird nun auch immer langsamer.... |
|
18.04.2010, 10:26
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AV findet ftpsteal[1], frame[1] in ordner content.ie5. Lassen sich nicht entfernen! Hast Du die Funde mit Malwarebytes entfernt?? Wenn nicht bitte nachholen und ein neue OTL-Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.04.2010, 22:50
| #6 |
| | AV findet ftpsteal[1], frame[1] in ordner content.ie5. Lassen sich nicht entfernen! Hallo! Habe jetzt Malwarebytes durchlaufen und fixen lassen. Hier das log und die beiden OTL-logs danach... malwarebytes: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3999 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.2180 18.04.2010 23:41:58 mbam-log-2010-04-18 (23-41-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|) Durchsuchte Objekte: 267123 Laufzeit: 49 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: E:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.GootKit) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: E:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Delete on reboot. OTL: OTL logfile created on: 18.04.2010 23:45:32 - Run 1 OTL by OldTimer - Version 3.2.1.2 Folder = E:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 82,00% Memory free 5,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): e:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme Drive C: | 292,97 Gb Total Space | 3,18 Gb Free Space | 1,09% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 405,66 Gb Total Space | 199,70 Gb Free Space | 49,23% Space Free | Partition Type: NTFS Drive F: | 3,75 Gb Total Space | 3,75 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JHJ Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - E:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - E:\Programme\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH) PRC - E:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) PRC - E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - E:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - E:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - E:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - E:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe () PRC - E:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O) ========== Modules (SafeList) ========== MOD - E:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (TeamViewer5) -- E:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (TuneUp.Defrag) -- E:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (Lavasoft Ad-Aware Service) -- E:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (Apple Mobile Device) -- E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Autodesk Licensing Service) -- E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (Adobe LM Service) -- E:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (AAV UpdateService) -- E:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (ACDaemon) -- E:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (mi-raysat_3dsMax2009_32) -- E:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe () SRV - (UxTuneUp) -- E:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (NMIndexingService) -- E:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG) SRV - (odserv) -- E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- E:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- E:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (ati2mtag) -- E:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (avgntflt) -- E:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (LgBttPort) -- E:\WINDOWS\system32\drivers\lgbtport.sys (LG Electronics Inc.) DRV - (LGVMODEM) -- E:\WINDOWS\system32\drivers\lgvmodem.sys (LG Electronics Inc.) DRV - (lgbusenum) -- E:\WINDOWS\system32\drivers\lgbtbus.sys (LG Electronics Inc.) DRV - (Lbd) -- E:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (sptd) -- E:\WINDOWS\System32\Drivers\sptd.sys () DRV - (FlashUSB) -- E:\WINDOWS\system32\drivers\flashusb.sys (Danish Wireless Design A/S) DRV - (ssmdrv) -- E:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- E:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- E:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (Haspnt) -- E:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems) DRV - (USBModem) -- E:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- E:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- E:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (drmkaud) -- E:\WINDOWS\system32\drivers\drmkaud.sys.bak (Microsoft Corporation) DRV - (Aspi32) -- E:\WINDOWS\system32\drivers\aspi32.sys (Adaptec) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- E:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (AtiHdmiService) -- E:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- E:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (HDAudBus) -- E:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (AN983) -- E:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.) DRV - (RTLE8023xp) -- E:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (hardlock) -- E:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (SynasUSB) -- E:\WINDOWS\system32\drivers\synasusb.sys (SIA Syncrosoft) DRV - (CLEDX) -- E:\WINDOWS\system32\drivers\cledx.sys (Team H2O) DRV - (Sentinel) -- E:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.) DRV - (Sntnlusb) -- E:\WINDOWS\system32\drivers\sntnlusb.sys (Rainbow Technologies Inc.) DRV - (DS1410D) -- E:\WINDOWS\system32\drivers\ds1410d.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "search for firefox" FF - prefs.js..browser.search.order.1: "search for firefox" FF - prefs.js..browser.search.selectedEngine: "search for firefox" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "search for firefox" FF - user.js..browser.search.order.1: "search for firefox" FF - user.js..browser.search.defaultenginename: "search for firefox" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: E:\Programme\Mozilla Firefox\components [2010.04.01 07:47:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2010.04.01 07:45:47 | 000,000,000 | ---D | M] [2008.11.08 03:47:56 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.04.15 18:15:13 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\nwu78cd5.default\extensions [2010.04.01 07:48:02 | 000,000,000 | ---D | M] -- E:\Programme\Mozilla Firefox\extensions [2008.12.21 03:42:03 | 000,001,392 | ---- | M] () -- E:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2008.12.21 03:42:03 | 000,002,344 | ---- | M] () -- E:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2008.12.21 03:42:03 | 000,006,805 | ---- | M] () -- E:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2008.12.21 03:42:03 | 000,000,986 | ---- | M] () -- E:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.11.04 09:15:15 | 000,000,152 | ---- | M] () -- E:\Programme\Mozilla Firefox\searchplugins\wsm.src [2008.12.21 03:42:03 | 000,000,801 | ---- | M] () -- E:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2003.04.02 14:00:00 | 000,000,820 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - E:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [avgnt] E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [H2O] E:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [StartCCC] E:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} hxxp://download.microsoft.com/download/2/2/0/220618B3-3606-4E70-B625-231BF31E1085/VirtualEarth3D.cab (SentinelProxy Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O21 - SSODL: GootkitSSO - {8673AC92-E99F-4D04-9A3F-A129BC6EC8A0} - E:\WINDOWS\system32\msxsltsso.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - Unable to read "AutoRun" value or value not present! O32 - AutoRun File - [2008.11.08 01:08:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{05b4fa58-0e6d-11df-bf4f-0021859955df}\Shell\AutoRun\command - "" = Menu.exe O33 - MountPoints2\{c47d9ce1-cc75-11de-bef1-0021859955df}\Shell - "" = AutoRun O33 - MountPoints2\{c47d9ce1-cc75-11de-bef1-0021859955df}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c47d9ce1-cc75-11de-bef1-0021859955df}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - E:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.18 21:14:24 | 000,562,176 | ---- | C] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2010.04.17 02:09:39 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2010.04.17 02:09:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.17 02:09:30 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.17 02:09:29 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys [2010.04.17 02:09:29 | 000,000,000 | ---D | C] -- E:\Programme\Malwarebytes' Anti-Malware [2010.04.15 18:03:31 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\softonic-de3 [2010.04.15 18:03:31 | 000,000,000 | ---D | C] -- E:\Programme\Conduit [2010.04.15 18:03:31 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Conduit [2010.04.15 18:03:30 | 000,000,000 | ---D | C] -- E:\Programme\softonic-de3 [2010.04.15 18:03:23 | 000,000,000 | ---D | C] -- E:\Programme\Trend Micro [2010.04.13 20:47:46 | 000,182,912 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ndis.sys [2010.04.13 20:30:18 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.04.13 08:45:15 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe [2010.04.12 19:59:17 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Acoustica Premium [2010.04.11 20:10:40 | 000,000,000 | ---D | C] -- E:\spoolerlogs [2010.04.11 19:40:45 | 000,348,160 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\msvcr71.dll [2010.04.08 19:59:48 | 000,000,000 | ---D | C] -- E:\Programme\Digidesign [2010.04.08 19:59:47 | 000,000,000 | ---D | C] -- E:\Programme\Antares [2010.04.08 19:57:44 | 000,000,000 | ---D | C] -- E:\Programme\Antares Audio Technologies [2010.04.08 19:56:12 | 000,000,000 | ---D | C] -- E:\Programme\Voxengo [2010.04.08 19:53:45 | 000,000,000 | ---D | C] -- E:\Programme\Vstplugins [2010.04.05 14:26:37 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\pdf24 [2010.04.04 11:12:51 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Desktop\Steuer 2009 [2010.04.02 18:04:41 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Desktop\Jan 2008 [2010.04.02 14:09:05 | 003,833,856 | ---- | C] (Amyuni Technologies hxxp://www.amyuni.com) -- E:\WINDOWS\System32\cdintf300.dll [2010.03.30 19:16:23 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Desktop\Bandprojekte [2010.03.29 17:30:10 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Desktop\Telefon [2010.03.27 16:21:40 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer [2010.03.27 16:21:31 | 000,000,000 | ---D | C] -- E:\Programme\TeamViewer [2009.08.15 00:39:09 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2008.11.28 12:16:02 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple [2008.11.08 16:45:25 | 000,000,000 | --SD | M] -- E:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [2008.11.08 01:13:05 | 000,000,000 | --SD | M] -- E:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2008.11.08 01:08:05 | 000,000,000 | --SD | M] -- E:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2008.11.08 01:08:05 | 000,000,000 | --SD | M] -- E:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- E:\WINDOWS\System32\drvc.dll [3 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ] [172 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.18 23:44:28 | 000,000,470 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.04.18 23:44:28 | 000,000,470 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010.04.18 23:44:28 | 000,000,470 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010.04.18 23:44:28 | 000,000,470 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010.04.18 23:44:27 | 000,000,470 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010.04.18 23:44:06 | 000,042,496 | ---- | M] () -- E:\WINDOWS\System32\msxsltsso.dll [2010.04.18 23:43:52 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT [2010.04.18 23:43:50 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat [2010.04.18 23:42:44 | 007,602,176 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\NTUSER.DAT [2010.04.18 23:42:27 | 011,856,754 | -H-- | M] () -- E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.04.18 23:00:00 | 000,000,508 | ---- | M] () -- E:\WINDOWS\tasks\1-Klick-Wartung.job [2010.04.18 21:14:24 | 000,562,176 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2010.04.18 19:56:01 | 000,457,248 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT [2010.04.18 13:03:30 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl [2010.04.17 02:09:33 | 000,000,679 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.16 11:16:26 | 000,000,276 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.04.15 19:36:14 | 000,000,190 | -HS- | M] () -- E:\Dokumente und Einstellungen\Administrator\ntuser.ini [2010.04.15 18:59:06 | 000,461,912 | ---- | M] () -- E:\WINDOWS\System32\perfh007.dat [2010.04.15 18:59:06 | 000,443,588 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat [2010.04.15 18:59:06 | 000,085,510 | ---- | M] () -- E:\WINDOWS\System32\perfc007.dat [2010.04.15 18:59:06 | 000,071,846 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat [2010.04.15 18:59:05 | 001,070,434 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI [2010.04.15 18:03:23 | 000,001,701 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.lnk [2010.04.15 17:56:15 | 000,066,192 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Desktop\Malware-Entfernung.pdf [2010.04.13 20:47:46 | 000,182,912 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ndis.sys [2010.04.12 20:28:27 | 000,219,648 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.11 19:44:52 | 000,000,678 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Mixcraft 4.lnk [2010.04.08 20:10:38 | 000,000,155 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini [2010.04.08 20:09:53 | 000,105,728 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.04.05 14:28:45 | 000,000,468 | ---- | M] () -- E:\WINDOWS\wiso.ini [2010.04.03 21:18:25 | 000,001,937 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Steuer-Spar-Erklärung 2010.lnk [2010.04.02 14:09:24 | 000,001,649 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\WISO EÜR & Kasse 2009.lnk [2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys [2010.03.29 17:33:58 | 002,071,228 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\V230110_14.07.3gp [2010.03.29 17:33:31 | 011,739,191 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\V230110_14.43.3gp [2010.03.27 16:21:37 | 000,000,872 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 5.lnk [2010.03.26 18:54:00 | 003,524,849 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Reise-Map Kopie.jpg [2010.03.26 18:53:42 | 018,447,701 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Reise-Map.psd [2010.03.26 18:47:20 | 000,003,047 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Desktop\push-pin-red.gif [3 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ] [172 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.18 23:44:06 | 000,042,496 | ---- | C] () -- E:\WINDOWS\System32\msxsltsso.dll [2010.04.18 19:59:29 | 000,000,470 | ---- | C] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.04.18 19:59:29 | 000,000,470 | ---- | C] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010.04.18 19:59:29 | 000,000,470 | ---- | C] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010.04.18 19:59:28 | 000,000,470 | ---- | C] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010.04.17 02:09:33 | 000,000,679 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.16 07:41:54 | 000,000,000 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\raw_a.txt [2010.04.15 18:03:23 | 000,001,701 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.lnk [2010.04.15 17:56:15 | 000,066,192 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\Desktop\Malware-Entfernung.pdf [2010.04.02 14:09:24 | 000,001,649 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\WISO EÜR & Kasse 2009.lnk [2010.03.29 17:33:31 | 002,071,228 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\V230110_14.07.3gp [2010.03.29 17:31:00 | 011,739,191 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\V230110_14.43.3gp [2010.03.27 16:21:37 | 000,000,872 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 5.lnk [2010.03.26 18:53:57 | 003,524,849 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Reise-Map Kopie.jpg [2010.03.26 18:47:20 | 000,003,047 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\Desktop\push-pin-red.gif [2010.03.26 18:41:27 | 018,447,701 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Reise-Map.psd [2010.03.13 03:50:14 | 000,442,540 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\CCCInstall_201003130250148125.log [2009.12.04 16:24:37 | 000,001,024 | ---- | C] () -- E:\WINDOWS\System32\grcauth2.dll [2009.12.04 16:24:37 | 000,001,024 | ---- | C] () -- E:\WINDOWS\System32\grcauth1.dll [2009.12.04 16:24:37 | 000,000,100 | ---- | C] () -- E:\WINDOWS\System32\prsgrc.dll [2009.12.04 16:22:19 | 000,001,025 | ---- | C] () -- E:\WINDOWS\System32\sysprs7.dll [2009.12.04 16:22:19 | 000,000,205 | ---- | C] () -- E:\WINDOWS\System32\lsprst7.dll [2009.11.25 18:54:48 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\CommonDL.dll [2009.11.25 18:54:48 | 000,002,412 | ---- | C] () -- E:\WINDOWS\System32\lgAxconfig.ini [2009.11.13 16:57:26 | 000,221,291 | ---- | C] () -- E:\WINDOWS\Imei_dll.dll [2009.11.13 16:57:26 | 000,040,960 | ---- | C] () -- E:\WINDOWS\Sublock.dll [2009.09.01 13:12:23 | 000,000,235 | ---- | C] () -- E:\WINDOWS\BUHL.INI [2009.08.22 15:09:59 | 000,722,416 | ---- | C] () -- E:\WINDOWS\System32\drivers\sptd.sys [2009.03.21 22:04:43 | 000,020,992 | ---- | C] () -- E:\WINDOWS\jestertb.dll [2009.02.13 13:06:57 | 000,000,074 | ---- | C] () -- E:\WINDOWS\tm.ini [2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- E:\WINDOWS\System32\libavcodec.dll [2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- E:\WINDOWS\System32\ff_x264.dll [2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- E:\WINDOWS\System32\ff_wmv9.dll [2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll [2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- E:\WINDOWS\System32\ff_theora.dll [2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- E:\WINDOWS\System32\libmplayer.dll [2008.12.15 11:59:46 | 000,000,468 | ---- | C] () -- E:\WINDOWS\wiso.ini [2008.12.11 12:27:02 | 000,000,547 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll.manifest [2008.11.23 02:40:08 | 000,000,383 | ---- | C] () -- E:\WINDOWS\System32\haspdos.sys [2008.11.23 02:40:03 | 000,007,328 | ---- | C] () -- E:\WINDOWS\System32\drivers\ds1410d.sys [2008.11.09 03:29:06 | 000,000,183 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\default.pls [2008.11.08 22:55:54 | 000,035,328 | ---- | C] () -- E:\WINDOWS\System32\SYNSOACC.dll [2008.11.08 14:01:30 | 000,000,155 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini [2008.11.08 11:47:35 | 000,006,642 | ---- | C] () -- E:\WINDOWS\mgxoschk.ini [2008.11.08 11:21:08 | 000,219,648 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.08 01:17:39 | 000,000,190 | -HS- | C] () -- E:\Dokumente und Einstellungen\Administrator\ntuser.ini [2008.11.08 01:17:38 | 000,001,024 | -H-- | C] () -- E:\Dokumente und Einstellungen\Administrator\NTUSER.DAT.LOG [2008.11.08 01:17:38 | 000,000,394 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\MSIe59f3.LOG [2008.11.08 01:17:37 | 007,602,176 | ---- | C] () -- E:\Dokumente und Einstellungen\Administrator\NTUSER.DAT [2008.11.08 01:13:07 | 000,212,384 | ---- | C] () -- E:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2008.11.08 01:05:07 | 000,059,904 | ---- | C] () -- E:\WINDOWS\System32\zlib1.dll [2008.11.08 01:05:00 | 000,162,304 | ---- | C] () -- E:\WINDOWS\System32\libpng13.dll [2008.11.08 01:04:58 | 000,394,752 | ---- | C] () -- E:\WINDOWS\System32\cygwinb19.dll [2008.09.14 18:19:35 | 000,000,182 | ---- | C] () -- E:\WINDOWS\System32\AiO-Auswahl.ini [2008.09.14 18:19:11 | 001,800,192 | ---- | C] () -- E:\WINDOWS\System32\hmtcdres.dll [2008.09.14 18:19:10 | 000,394,240 | ---- | C] () -- E:\WINDOWS\System32\hmtcd.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSwedish.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSpanish.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelPortugese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelKorean.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelJapanese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelGerman.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelFrench.dll [2005.04.04 14:52:42 | 000,180,224 | ---- | C] () -- E:\WINDOWS\System32\xvidvfw.dll [2005.04.04 14:35:24 | 000,745,472 | ---- | C] () -- E:\WINDOWS\System32\xvidcore.dll [2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- E:\WINDOWS\System32\ff_mpeg2enc.dll < End of report > OTL Extras: OTL Extras logfile created on: 18.04.2010 23:45:32 - Run 1 OTL by OldTimer - Version 3.2.1.2 Folder = E:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 82,00% Memory free 5,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): e:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme Drive C: | 292,97 Gb Total Space | 3,18 Gb Free Space | 1,09% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 405,66 Gb Total Space | 199,70 Gb Free Space | 49,23% Space Free | Partition Type: NTFS Drive F: | 3,75 Gb Total Space | 3,75 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JHJ Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "E:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "E:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- E:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 1 "UACDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet isabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet isabled:@xpsp2res.dll,-22008[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet isabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet isabled:@xpsp2res.dll,-22008"139:TCP" = 139:TCP:LocalSubNet isabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet isabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet isabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet isabled:@xpsp2res.dll,-22002========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03E494A7-F504-DA41-3079-9E2FB36736BC}" = CCC Help English "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{04A94422-A264-81D4-D65E-87276F5B402D}" = Catalyst Control Center Localization Italian "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION "{0B56244C-7B61-0407-A739-3E29DDE4DC3C}" = Bluerock Technologies Flight Studio 3ds Max 2009 32-bit "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{0E73A14F-23FD-E1B8-ED38-108ECFA08440}" = Catalyst Control Center Localization Portuguese "{14BC810B-5907-B9C3-B2F4-12D5EEA253F4}" = Catalyst Control Center Graphics Previews Common "{1A48AB8A-DA88-545F-9D3D-C481DC6C31A3}" = Catalyst Control Center Graphics Full Existing "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23655B51-F898-DC12-A2A1-3348D875F659}" = CCC Help Czech "{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "{25611B0A-54C2-69B9-723D-668201C22CD4}" = ccc-core-static "{257DEF70-A302-CF80-79FE-D8C72EB5E4D0}" = ccc-utility "{2702B8FC-6003-4AC6-ADBC-EC65746D800A}" = Lost Via Domus "{27F38AC0-298C-F7E2-F3AE-F7D12BBBE9D5}" = CCC Help Chinese Traditional "{299A33DF-313A-4C38-9610-71FDA80D5E02}" = WISO EÜR & Kasse 2009 "{2AB45FAF-2D92-0407-8D33-E2FE6172280E}" = Autodesk 3ds Max 2009 32-bit ProMaterials™ Library "{2CF6349E-8A3F-B726-F59A-8703FC8885E8}" = Catalyst Control Center Graphics Light "{2FB2169F-04D8-FFC0-6A66-80EE652B93A5}" = Catalyst Control Center InstallProxy "{305D5417-E687-0407-AA09-53DE06E059F8}" = Autodesk 3ds Max 2009 32-Bit Filme "{30B695C3-C7B0-69E1-197B-409587BC1FD7}" = CCC Help Norwegian "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{399B10AC-4E84-20F8-5913-82526B16F561}" = Catalyst Control Center Graphics Light "{3C400DF4-90E0-412C-843A-F5424402662F}" = DJBCP Codec Pack "{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Betaversion) "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1 "{3EC34F85-AF61-5B18-42D6-306B6B80E92E}" = Catalyst Control Center Localization Swedish "{4B494547-1410-C77E-B6F0-86F394ABAF94}" = CCC Help Hungarian "{4D7E8B72-AEA2-8493-F5F3-DA10E2EE2D22}" = Catalyst Control Center Localization Chinese Traditional "{54E4B63C-D252-454C-BE4F-468F102B331C}" = Adobe Shockwave Player "{55663DF0-3559-AE1E-0B9E-ED5353914B5D}" = CCC Help Japanese "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{59F83B00-970D-511C-D9DE-52B233780020}" = CCC Help Portuguese "{5B9EFDF8-AC4F-CA21-9A8C-7534D49E7EE9}" = Catalyst Control Center HydraVision Full "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5 "{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard "{63C98752-1B7D-4C8F-8C70-0B0A29D5ECBF}" = ArcSoft MediaConverter 2.5 "{64ACFE24-FB82-84A6-9FB8-B90539752E5B}" = Catalyst Control Center Localization German "{68DD4EAE-C5E4-1E34-F991-B99ABA6DC8E3}" = Catalyst Control Center Graphics Full New "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{695AC39F-5553-48DF-8E94-7CB22343843C}" = WISO EÜR & Kasse 2008 "{6C70ACE2-6EF2-4F8D-8C4A-78198AA979DD}" = Maya 2008 Documentation (en_US) "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{744A5C19-AA4C-0407-BC07-9F4C73C8B247}" = Autodesk 3ds Max 2009 32-Bit Vault 2009 Plug-In "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60}" = Turbo Squid Tentacles 3ds Max 2009 32-bit "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F4C1C17-C647-3CE0-4426-F368132A66A6}" = CCC Help Turkish "{81946C2A-5269-A6F5-4566-A9F253007A7E}" = Catalyst Control Center Localization Turkish "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator "{855AA20A-CA81-7EF1-1936-AE4AA3DC4BEA}" = ccc-core-preinstall "{8615E5FC-8906-AACF-5A1A-FB65046F647B}" = CCC Help Swedish "{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set "{8959A774-3FB3-B315-ACDF-4B7B70F5A169}" = Catalyst Control Center Core Implementation "{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{906B417C-6F6C-2A5A-DB5E-5C7499941C58}" = CCC Help Spanish "{93CB830F-517E-1695-C61B-2A1AA105CD78}" = Catalyst Control Center Localization French "{95DCA618-9717-BBD3-B438-A5A9B1EB30C8}" = CCC Help German "{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13 "{984880C1-7AC7-5267-A7D9-AEC19C932950}" = Catalyst Control Center Graphics Full Existing "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A3F8688-4F15-B77D-73A1-B0363517D1B1}" = Catalyst Control Center Localization Danish "{9B1BFDE6-3B65-FB41-BC54-353227EE742A}" = CCC Help Italian "{9BB86C70-E1EF-7457-46DC-0093B5269458}" = ATI Catalyst Install Manager "{9EDBB857-8028-49CD-B9C9-0B4D10CD1031}" = Nero 8 "{A0793FD9-9505-BF02-FF47-83C984DC814B}" = Catalyst Control Center Localization Chinese Standard "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A32A0DF0-6650-6503-293D-64AAF212CBF8}" = Catalyst Control Center Localization Japanese "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A44D0AC2-0891-5AB9-EE23-3EF3339BC2FE}" = Catalyst Control Center Localization Russian "{A54BEBF5-D7F9-2B34-6475-FB07780C80CA}" = Catalyst Control Center Localization Polish "{A5FB086B-B602-4452-8FE9-DF6BFBCE3D09}" = Steinberg Cubase Studio 4 "{A8280D9A-D6A4-1E52-E85F-99E3BB19CEEA}" = Catalyst Control Center Localization Czech "{A960DA53-C5C4-37A4-3671-C0236BF41E99}" = CCC Help Chinese Standard "{A9867BC9-0EAD-BAC6-C320-4FBC2E127643}" = Catalyst Control Center Core Implementation "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers "{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser "{B0D2BC40-119B-AD18-E697-E6073DD6D149}" = ccc-utility "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2C78A98-20EA-D90A-69E3-B15587D51588}" = CCC Help Thai "{B59DA9F5-3630-FFF1-C47C-B2CA172CF876}" = CCC Help Polish "{B84AE471-81DD-D81F-CD20-B3464877E525}" = Skins "{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008 "{BBFEA1AF-ECCE-1114-2EC8-AC304AB6B753}" = Catalyst Control Center Localization Hungarian "{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}" = Autodesk DirectConnect 2.0 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C251E4E6-89BA-0407-9B42-1B3D01D34783}" = Autodesk 3ds Max 2009 32-bit Architectural Materials Library "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C397AE7E-CFA4-9D60-880D-D0BA7CF3F596}" = CCC Help Finnish "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 + KB928366 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0E6B5D9-6737-AF3E-7BE5-7327DD6B6002}" = Catalyst Control Center Graphics Previews Common "{D20100AC-608D-1A4C-372E-75009E7C168E}" = CCC Help Danish "{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{D801FEB6-53DF-CE1C-67E2-A977E43A7E8F}" = CCC Help Russian "{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010 "{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren "{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes "{DA864DC0-0BF2-454B-A6A9-08A45EB97D3B}" = Maya 2008 "{DAA29BAD-1C06-E8E0-CFE6-557F818C7AF7}" = CCC Help Dutch "{DB7EBA4A-44AF-DF22-EBA7-6BF4E011E319}" = CCC Help French "{DBB18C43-FE45-36DF-D171-E209B79A76F3}" = Catalyst Control Center Localization Dutch "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager "{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers "{E1BCF465-85F4-C303-944E-9E416977C560}" = CCC Help Korean "{E3AEC354-AD4C-51D3-E345-CEE6CA8A9C3A}" = Catalyst Control Center Localization Greek "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4C82E4B-CD9E-27ED-BC6A-E099DE3EC3ED}" = CCC Help English "{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne "{E7231089-60AD-CD67-8CC0-B0F415E2A32A}" = Catalyst Control Center Graphics Full New "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EA024A36-5934-05B8-550B-60DA131B90C4}" = CCC Help Greek "{EE5AC826-8731-6406-9947-D0420143A7BD}" = ccc-core-preinstall "{EEB193CE-2B04-B568-29FF-FAFA34BB3F19}" = Catalyst Control Center Localization Spanish "{EF0A8C24-E239-45D5-492D-D5895518ACB3}" = Catalyst Control Center Localization Thai "{EFCBBB01-F876-0407-B91F-7B6132E8BB64}" = Autodesk 3ds Max 2009 32-Bit Vault 2008 Plug-In "{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F681200C-0446-0407-ABE4-EA9105E40EE4}" = Autodesk 3ds Max 2009 32-bit Additional Maps and Material Libraries "{F88183B1-BD65-F87C-855F-BB7D1AA3AEA2}" = Catalyst Control Center Localization Norwegian "{FC70949F-1417-A3F5-8E84-EBF5ACB93B58}" = Catalyst Control Center Localization Korean "{FDD8070F-E3B9-0407-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-Bit "{FE22679C-7CE4-8633-CE7F-8122B52C52CF}" = Catalyst Control Center Localization Finnish "{FF2F40DA-E579-4B3B-9CD5-B6884E42F062}" = EÜR & Kasse 2007 "7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) "Acoustica Effects Pack" = Acoustica Effects Pack "Acoustica Mixcraft 4.1" = Acoustica Mixcraft 4.1 "Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5 "Acoustica Premium Edition_is1" = Acoustica Premium Edition 4.1 "Ad-Aware" = Ad-Aware "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "Antares AVOX Bundle VST RTAS_is1" = Antares AVOX Bundle VST RTAS v1.1.3 "Antares Harmony Engine VST RTAS_is1" = Antares Harmony Engine VST RTAS v1.0 "Antares Kantos v1.02 VST & RTAS" = Antares Kantos v1.02 VST & RTAS "Antares Microphone Modeler 1.02 DirectX" = Antares Microphone Modeler 1.02 DirectX "Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.03 "Ask Toolbar_is1" = Ask Toolbar "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "ENTERPRISE" = Microsoft Office Enterprise 2007 "FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "Free YouTube Download_is1" = Free YouTube Download 2.2 "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1 "GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers "HijackThis" = HijackThis 2.0.2 "ImgBurn" = ImgBurn "Impulse Modeler" = Impulse Modeler 1.9 "Infineon USB driver_is1" = Infineon USB driver 1.0.0.6 "JDownloader" = JDownloader "JVA Multi-Purpose Bot_is1" = JVA Bot 1.15.6 "M928366" = "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "MAGIX Video deluxe 2007 e-version D" = MAGIX Video deluxe 2007 e-version 6.5.0.24 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 SP1 + KB928366 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MKVtoolnix" = MKVtoolnix 2.5.3 "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "Rainbow Sentinel Driver" = Sentinel System Driver "Runtimes" = Allgemeine Runtime Dateien "SecondLife" = SecondLife (remove only) "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "softonic-de3 Toolbar" = softonic-de3 Toolbar "Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944 "SyncroSoft Emu" = SyncroSoft Emu (Remove only) "Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle "TeamViewer 5" = TeamViewer 5 "The KMPlayer" = The KMPlayer (remove only) "Tiffen Dfx v1.0 for Photoshop (Team V.R Private Edition)" = Tiffen Dfx v1.0 for Photoshop (Team V.R Private Edition) "Uninstall_is1" = Uninstall 1.0.0.1 "Wings 3D 0.99.04a" = Wings 3D 0.99.04a "WinRAR archiver" = WinRAR "Xilisoft HD Video Converter" = Xilisoft HD Video Converter "XP Codec Pack" = XP Codec Pack "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "XPSP3UPPACK" = Sereby's XP SP3 Updatepack Version 3.8.9 ========== Last 10 Event Log Errors ========== [ System Events ] Error - 17.04.2010 06:20:56 | Computer Name = JHJ | Source = ati2mtag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 18.04.2010 07:03:41 | Computer Name = JHJ | Source = ati2mtag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 18.04.2010 07:11:26 | Computer Name = JHJ | Source = DCOM | ID = 10010 Description = Der Server "{BA126AE5-2166-11D1-B1D0-00805FC1270E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 18.04.2010 07:13:26 | Computer Name = JHJ | Source = DCOM | ID = 10010 Description = Der Server "{BA126AD1-2166-11D1-B1D0-00805FC1270E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 18.04.2010 07:16:36 | Computer Name = JHJ | Source = ati2mtag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 18.04.2010 08:14:25 | Computer Name = JHJ | Source = ati2mtag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 18.04.2010 13:56:21 | Computer Name = JHJ | Source = ati2mtag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 18.04.2010 13:59:00 | Computer Name = JHJ | Source = ati2mtag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 18.04.2010 15:04:41 | Computer Name = JHJ | Source = ati2mtag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 18.04.2010 17:43:58 | Computer Name = JHJ | Source = ati2mtag | ID = 43038 Description = EDID contain an error in the RangeLimit field < End of report > Danke fürs rüberschauen! |
|
19.04.2010, 08:09
| #7 |
| | AV findet ftpsteal[1], frame[1] in ordner content.ie5. Lassen sich nicht entfernen! Hab heute Morgen den PC noch mal hochgefahren... Hatte die Hoffnung, dass jetzt evt. alles sauber ist.... aber gleich nach dem Hochfahren kommen wieder die Fehlermeldungen... |
|
19.04.2010, 09:39
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AV findet ftpsteal[1], frame[1] in ordner content.ie5. Lassen sich nicht entfernen! Hast Du die Funde mit Malwarebytes alle entfernt? Starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - (msupdate) -- File not found
SRV - (SSHNAS) -- E:\WINDOWS\system32\sshnas21.dll ()
O2 - BHO: (E:\WINDOWS\system32\teyky.dll) - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - E:\WINDOWS\system32\teyky.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - E:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKCU..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] E:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\yflw1scl.exe File not found
O4 - HKCU..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] E:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\notepad.exe File not found
O4 - HKCU..\Run: [YVIBBBHA8C] E:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Nph.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\sdra64.exe) - E:\WINDOWS\system32\sdra64.exe ()
O21 - SSODL: GootkitSSO - {0A60B04E-3F59-45CC-8A74-8F04DF4E743D} - E:\WINDOWS\system32\msxsltsso.dll ()
O22 - SharedTaskScheduler: {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - hasiufhiusdfjdhfudd - E:\WINDOWS\system32\teyky.dll ()
[2010.04.11 20:10:45 | 000,000,000 | -HSD | C] -- E:\WINDOWS\System32\lowsec
[2010.04.17 12:23:44 | 000,823,808 | ---- | M] () -- E:\WINDOWS\System32\drivers\feahbqnf.sys
[2010.04.17 12:02:52 | 000,042,496 | ---- | M] () -- E:\WINDOWS\System32\msxsltsso.dll
[2010.04.17 08:05:00 | 000,000,304 | -H-- | M] () -- E:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.04.17 08:00:00 | 000,000,262 | -H-- | M] () -- E:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.04.16 13:42:04 | 000,020,000 | ---- | M] () -- E:\WINDOWS\System32\teyky.dll
[2010.04.13 21:15:05 | 000,210,944 | ---- | M] () -- E:\WINDOWS\System32\sshnas21.dll
[2010.04.13 20:44:23 | 000,050,688 | ---- | M] () -- E:\WINDOWS\services.exe
[2010.04.13 20:44:23 | 000,026,624 | ---- | M] () -- E:\WINDOWS\System32\reader_s.exe
[2010.04.12 20:28:27 | 000,219,648 | ---- | M] () -- E:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.04 16:24:37 | 000,001,024 | ---- | C] () -- E:\WINDOWS\System32\grcauth2.dll
[2009.12.04 16:24:37 | 000,001,024 | ---- | C] () -- E:\WINDOWS\System32\grcauth1.dll
[2009.12.04 16:24:37 | 000,000,100 | ---- | C] () -- E:\WINDOWS\System32\prsgrc.dll
[2009.12.04 16:22:19 | 000,001,025 | ---- | C] () -- E:\WINDOWS\System32\sysprs7.dll
[2009.12.04 16:22:19 | 000,000,205 | ---- | C] () -- E:\WINDOWS\System32\lsprst7.dll
[2009.11.25 18:54:48 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\CommonDL.dll
:Commands
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte.
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von cosinus (19.04.2010 um 09:48 Uhr) |
|
19.04.2010, 13:58
| #9 |
| | AV findet ftpsteal[1], frame[1] in ordner content.ie5. Lassen sich nicht entfernen! Hallo Arne! Ja, die Funde hatte ich mit Malwarebytes entfernt. Das OTL-Ding mache ich nachher. Bin jetzt auf der Arbeit. Vielen Dank! |
|
19.04.2010, 14:18
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AV findet ftpsteal[1], frame[1] in ordner content.ie5. Lassen sich nicht entfernen! Hm, vergiss das mal mit dem OTL Kram. Ich glaub ich hab noch das alte Logfile mir angeschaut Mach stattdessen bitte einen Durchgang mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
![AV findet ftpsteal[1], frame[1] in ordner content.ie5. Lassen sich nicht entfernen!](iconimages/log-analyse-auswertung/av-findet-ftpsteal-1-frame-1-ordner-content-ie5-lassen-entfernen_ltr.gif)
Linear-Darstellung
