| |
| |||||||
Log-Analyse und Auswertung: Security Tool geht nicht zu löschen ! Alles bekannte probiert.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.08.2010, 13:06
| #16 |
 |  Security Tool geht nicht zu löschen ! Alles bekannte probiert. OTL.log: OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 16.08.2010 13:52:51 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\stock\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 14,65 Gb Total Space | 2,61 Gb Free Space | 17,84% Space Free | Partition Type: NTFS Drive D: | 49,84 Gb Total Space | 2,03 Gb Free Space | 4,07% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 10,04 Gb Total Space | 0,67 Gb Free Space | 6,67% Space Free | Partition Type: NTFS Drive G: | 232,83 Gb Total Space | 13,17 Gb Free Space | 5,66% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: STOCK-52C3433DF Current User Name: stock Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\stock\Desktop\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - D:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\DNA\btdna.exe (BitTorrent, Inc.) PRC - C:\WINDOWS\system32\bcd2kcpan.exe (Behringer Spezielle Studiotechnik GmbH) PRC - D:\Programme\Winamp\winampa.exe (Nullsoft) PRC - C:\Programme\ESET\ESET Online Scanner\OnlineScannerApp.exe (ESET) PRC - C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe () PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe () PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo) PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.) PRC - C:\Programme\cherry-sms.com\cherry-sms_client.exe (cherry-sms.de) PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - D:\Programme\TeXnicCenter\TEXCNTR.EXE (TeXnicCenter.org (www.TeXnicCenter.org)) PRC - C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) PRC - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe () PRC - C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe (Lenovo Group Limited) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe () PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) PRC - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\stock\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe () SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo) SRV - (Tomcat5) -- C:\Tomcat 5.5\bin\tomcat5.exe (Apache Software Foundation) SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.) SRV - (SUService) -- C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (TVT Scheduler) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) SRV - (LVSrvLauncher) -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (S24EventMonitor) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (ACS) -- C:\WINDOWS\system32\acs.exe () SRV - (SoundMAX Agent Service (default)) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (LVRS) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys File not found DRV - (catchme) -- C:\Combo-Fix\catchme.sys File not found DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD) DRV - (BCD2000) -- C:\WINDOWS\system32\drivers\BCD2000.SYS (Behringer Spezielle Studiotechnik GmbH) DRV - (BCD2000WDM) -- C:\WINDOWS\system32\drivers\BCD2000WDM.SYS (Behringer Spezielle Studiotechnik GmbH) DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS () DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.) DRV - (azvusb) -- C:\WINDOWS\system32\drivers\azvusb.sys (AzureWave Technologies, Inc.) DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.) DRV - (Ltn_stk7070P) -- C:\WINDOWS\system32\drivers\Ltn_stk7070P.sys (LITEON) DRV - (Ltn_stkrc) -- C:\WINDOWS\system32\drivers\Ltn_stkrc.sys (LITEON) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.) DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (echondgo) -- C:\WINDOWS\system32\drivers\echondgo.sys (Echo Digital Audio Corp.) DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS () DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (TPDiskPM) -- C:\WINDOWS\System32\drivers\TPDiskPM.sys (Lenovo, Ltd. and IBM Corporation) DRV - (TPInput) -- C:\WINDOWS\system32\drivers\TPInput.sys (Lenovo, Ltd. and IBM Corporation.) DRV - (TPM) -- C:\WINDOWS\system32\drivers\tpm.sys (Winbond Electronics Corp.) DRV - (TPHKDRV) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys (IBM Corporation) DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.07.01 12:43:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.08.16 11:17:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2010.07.16 15:17:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2010.07.16 15:13:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Extensions [2010.07.16 15:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.14 15:44:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\extensions [2010.01.20 15:05:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.02 01:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.04.10 19:46:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\extensions\DeviceDetection@logitech.com [2010.08.14 15:44:31 | 000,000,958 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\searchplugins\icqplugin.xml O1 HOSTS File: ([2010.08.16 10:06:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BCD2000] C:\WINDOWS\system32\bcd2kcpan.exe (Behringer Spezielle Studiotechnik GmbH) O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe () O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKLM..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe (Nullsoft) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [{228EFE0D-4C82-56F5-24E4-D2A85FCAA466}] C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Uvpite\unqa.exe File not found O4 - HKCU..\Run: [BitTorrent DNA] C:\Programme\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [ICQ] D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [RemoTerm.exe] C:\Programme\Gemeinsame Dateien\PCTV Systems\RemoTerm\RemoTerm.exe File not found O4 - HKCU..\Run: [Slevejabiv] C:\WINDOWS\utetbd32.DLL File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.12.19 16:18:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.04.23 15:01:48 | 000,000,000 | ---D | M] - F:\Automatisch zu iTunes hinzufügen -- [ NTFS ] O32 - AutoRun File - [2006.08.08 09:59:46 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ] O32 - AutoRun File - [2009.12.19 14:25:02 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{89a5acba-7975-11df-901b-0012f0eb6c5f}\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.16 13:52:23 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\stock\Desktop\OTL.exe [2010.08.16 12:22:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2010.08.16 12:17:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage [2010.08.16 12:16:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2010.08.16 12:16:27 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil_loc0407.dll [2010.08.16 12:16:26 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll [2010.08.16 12:16:23 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll [2010.08.16 12:16:23 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll [2010.08.16 12:16:08 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll [2010.08.16 12:16:05 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll [2010.08.16 12:16:05 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll [2010.08.16 12:16:05 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll [2010.08.16 12:16:05 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll [2010.08.16 12:16:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs [2010.08.16 12:16:02 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys [2010.08.16 12:15:16 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll [2010.08.16 12:15:16 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll [2010.08.16 12:15:16 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll [2010.08.16 11:40:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.08.16 11:17:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.08.16 11:17:33 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.08.16 11:17:10 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.16 11:17:10 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.16 11:17:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.16 11:17:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.16 11:17:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.16 11:16:41 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs [2010.08.16 11:16:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2010.08.16 10:09:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010.08.16 09:41:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.08.16 09:39:31 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.08.16 09:32:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.08.16 09:32:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.08.16 09:32:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.08.15 19:11:48 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.08.14 14:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.08.14 14:27:50 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.08.14 14:02:01 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.08.14 14:01:59 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.14 12:05:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010.08.14 12:01:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.08.14 12:00:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.08.14 11:56:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Desktop\security tool [2010.08.13 14:33:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\cherry-sms.com [2010.08.13 14:33:19 | 000,000,000 | ---D | C] -- C:\Programme\cherry-sms.com [2010.08.12 22:49:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Desktop\Bachelor [2010.08.12 22:29:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Desktop\xxx [2010.08.10 02:45:24 | 000,000,000 | ---D | C] -- C:\Programme\VodBurner [2010.08.10 02:45:17 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\stock\Eigene Dateien\VodBurner [2010.08.10 01:37:04 | 000,490,008 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2.dll [2010.08.10 01:37:03 | 001,279,000 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LV302V32.SYS [2010.08.10 01:37:03 | 000,465,432 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2RC.dll [2010.08.10 01:37:03 | 000,416,280 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvcodec2.dll [2010.08.10 01:36:07 | 000,195,096 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvci1150.dll [2010.08.10 01:36:07 | 000,041,752 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys [2010.08.10 01:36:07 | 000,013,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lv302af.sys [2010.08.10 01:35:21 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\LogiShrd [2010.08.05 13:35:15 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\stock\Recent [2010.08.05 13:31:52 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.08.04 20:46:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Malwarebytes [2010.08.04 20:46:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.04 20:46:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.04 20:46:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.04 20:46:29 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.04 18:01:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\Personal [2010.07.21 12:19:26 | 000,000,000 | ---D | C] -- C:\lucene [2010.07.20 12:57:48 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.16 13:52:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\stock\Desktop\OTL.exe [2010.08.16 12:18:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.16 12:17:36 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2010.08.16 12:17:01 | 000,426,779 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010.08.16 12:16:32 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2010.08.16 12:14:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.16 12:14:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.16 12:14:40 | 1609,027,584 | -HS- | M] () -- C:\hiberfil.sys [2010.08.16 12:13:33 | 004,980,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\stock\NTUSER.DAT [2010.08.16 12:13:33 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\stock\ntuser.ini [2010.08.16 11:16:44 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.16 11:16:44 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.16 11:16:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.16 11:16:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.16 11:16:44 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.16 10:06:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.08.16 10:06:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.08.16 09:39:36 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010.08.16 08:51:27 | 000,363,520 | ---- | M] () -- C:\deinemudder.com [2010.08.15 19:00:45 | 003,817,550 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\Combo--Fix.exe [2010.08.15 11:49:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.08.13 14:33:20 | 000,001,633 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\Cherry SMS.lnk [2010.08.12 17:19:59 | 004,825,438 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\Solala.mp3 [2010.08.11 14:50:09 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2010.08.10 13:13:19 | 000,011,776 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.08 11:22:27 | 001,042,312 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.08 11:22:27 | 000,449,044 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.08 11:22:27 | 000,432,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.08 11:22:27 | 000,080,500 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.08 11:22:27 | 000,067,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.05 17:01:35 | 000,000,031 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\neon.m3u [2010.08.05 16:26:24 | 000,000,031 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\eins.m3u [2010.08.05 15:00:52 | 016,137,511 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\Bibio_Lovers_Carvings_-_Catz_n.mp3 [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.16 12:16:31 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2010.08.16 12:16:02 | 000,426,779 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml [2010.08.16 11:13:14 | 1609,027,584 | -HS- | C] () -- C:\hiberfil.sys [2010.08.16 09:39:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010.08.16 09:39:34 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.08.16 09:32:39 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.08.16 09:32:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.08.16 09:32:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.08.16 09:32:39 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.08.16 09:32:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.08.16 08:51:25 | 000,363,520 | ---- | C] () -- C:\deinemudder.com [2010.08.15 19:00:00 | 003,817,550 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\Combo--Fix.exe [2010.08.13 14:33:20 | 000,001,633 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\Cherry SMS.lnk [2010.08.12 17:18:25 | 004,825,438 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\Solala.mp3 [2010.08.10 01:36:07 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2010.08.10 01:36:07 | 000,021,138 | ---- | C] () -- C:\WINDOWS\System32\Repository.reg [2010.08.05 17:01:34 | 000,000,031 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\neon.m3u [2010.08.05 16:26:22 | 000,000,031 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\eins.m3u [2010.08.03 20:48:06 | 016,137,511 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\Bibio_Lovers_Carvings_-_Catz_n.mp3 [2010.07.03 11:57:05 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2009.12.19 18:52:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2009.12.19 17:37:28 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2009.12.19 17:36:40 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2009.12.19 16:29:55 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2009.12.19 16:29:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2007.09.06 02:01:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007.08.23 18:55:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007.08.23 18:50:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2007.08.23 18:50:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2006.02.28 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2005.11.30 21:16:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll [2005.07.06 00:45:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll ========== LOP Check ========== [2010.04.02 01:04:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2009.12.24 12:40:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm [2010.07.20 13:02:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCTV Systems [2010.03.07 23:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WindSolutions [2010.04.23 14:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.03.05 00:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010.03.29 01:33:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\.purple [2010.06.03 13:37:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\ASCOMP Software [2010.08.13 14:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\cherry-sms.com [2010.08.16 13:47:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\DNA [2010.06.17 23:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\foobar2000 [2010.02.09 21:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\gtk-2.0 [2010.07.01 13:40:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\ICQ [2010.04.10 20:00:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Leadertech [2010.08.14 11:46:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Lesiw [2010.03.14 20:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Notepad++ [2010.01.11 21:56:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\OpenOffice.org [2010.03.16 13:36:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Software4u [2010.03.16 00:32:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Subversion [2010.07.01 22:35:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\TeamViewer [2010.07.16 15:11:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Thunderbird [2010.08.14 13:36:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Uvpite [2010.03.07 23:20:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\WindSolutions [2010.02.15 19:10:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\xm1 [2010.08.16 12:17:36 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job ========== Purity Check ========== < End of report > --- --- --- [/CODE] EXTRAS.log OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.08.2010 13:52:51 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\stock\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14,65 Gb Total Space | 2,61 Gb Free Space | 17,84% Space Free | Partition Type: NTFS
Drive D: | 49,84 Gb Total Space | 2,03 Gb Free Space | 4,07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 10,04 Gb Total Space | 0,67 Gb Free Space | 6,67% Space Free | Partition Type: NTFS
Drive G: | 232,83 Gb Total Space | 13,17 Gb Free Space | 5,66% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STOCK-52C3433DF
Current User Name: stock
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\IBM\Updater\jre\bin\java.exe" = C:\Programme\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- File not found
"C:\Programme\IBM\Updater\jre\bin\javaw.exe" = C:\Programme\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- File not found
"C:\Programme\IBM\Updater\ucsmb.exe" = C:\Programme\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- File not found
"D:\Programme\ICQ7.2\ICQ.exe" = D:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"D:\Programme\ICQ7.2\aolload.exe" = D:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- (MySQL AB)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"D:\Programme\iTunes\iTunes.exe" = D:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Tomcat 5.5\bin\tomcat5.exe" = C:\Tomcat 5.5\bin\tomcat5.exe:*:Enabled:Service Runner -- (Apache Software Foundation)
"D:\Programme\ICQ7.2\ICQ.exe" = D:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"D:\Programme\ICQ7.2\aolload.exe" = D:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024D73F0-1C49-2340-8AC3-5234AAA560C0}" = ccc-core-static
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}" = ThinkPad SATA Power Management Driver
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24F9E04D-4CD5-3979-76F9-C1C6E78471AB}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{3305E24F-1192-0424-8A25-39713FD92728}" = Skins
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DA7A736-0B03-565C-1139-83FE890F0AF3}" = CCC Help French
"{43A1FE83-D39F-3779-8D48-D6D19EE7AC48}" = CCC Help Chinese Traditional
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6A3B5E-D26E-4690-A061-F3E2FB10F0E5}" = TortoiseSVN 1.6.9.19725 (32 bit)
"{4CC04CB8-422A-4940-A5C9-90F233690509}_is1" = SRWare Iron 3.0.197.0
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FE1E412-D114-46E8-A891-5BE087B256A5}" = MVision
"{66CA5E58-0D03-A75D-16EF-68258DE0DFC3}" = CCC Help English
"{6BC292E6-5C85-4620-C1D0-A2FEAFD5D135}" = CCC Help Japanese
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7579A17B-0E6C-9EF3-D022-30729A24B399}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BAA2000-5B8D-66DD-DBE7-089671AC118B}" = ccc-utility
"{7C2BD022-2B09-1F6D-D6C1-AD2A591E7537}" = Catalyst Control Center Core Implementation
"{806DB796-7082-C63F-284E-62245284A417}" = CCC Help Dutch
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3E23D97-145F-29BF-81DE-DAEC1E5AB237}" = Catalyst Control Center Graphics Full New
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8FA2AC0-3875-B59F-917F-719982FB1BE8}" = CCC Help Portuguese
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AE1A0B0E-2EC7-656A-711A-0E7E8D4AB5CF}" = CCC Help Spanish
"{B016DE7B-CA2D-5EFD-9591-A109E67119BD}" = CCC Help Swedish
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A92EF9-D14C-937F-742E-D272938DC590}" = CCC Help Korean
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 5.0.381
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D702172D-8D17-D9EC-B661-42FA268575AF}" = Catalyst Control Center Localization All
"{DAA3F236-CEEC-C6CC-12C2-AB1B75C8BC09}" = CCC Help German
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E09CEE8B-1DCD-C628-A8EA-2B56D61DDEFA}" = ccc-core-preinstall
"{E25E4542-4ACB-4062-9F34-9DFE136BCBF3}" = Now Playing Plugin for Windows Live Writer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F3439243-1BAC-7250-D346-2642655F95ED}" = Catalyst Control Center Graphics Full Existing
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF2AFF73-099E-0BB5-AE87-B044D3D7DE78}" = Catalyst Control Center Graphics Light
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Apache Tomcat 5.5" = Apache Tomcat 5.5 (remove only)
"Aspell" = Aspell Data
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"cherry-sms" = Cherry SMS Client
"Echo Indigo" = Echo Indigo
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"foobar2000" = foobar2000 v1.0
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.24567
"lvdrivers_11.50" = Logitech QuickCam-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Thunderbird (3.1)" = Mozilla Thunderbird (3.1)
"Notepad++" = Notepad++
"PokerStars" = PokerStars
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad-Präsentationsdirektor
"ProInst" = Intel(R) PROSet/Wireless Software
"Secure Eraser_is1" = Secure Eraser v3.1
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"TeamViewer 5" = TeamViewer 5
"Texmaker" = Texmaker
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.08.2010 13:42:28 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24609
Error - 13.08.2010 13:42:28 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24609
Error - 13.08.2010 13:42:30 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.08.2010 13:42:30 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 26578
Error - 13.08.2010 13:42:30 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 26578
Error - 13.08.2010 13:42:32 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.08.2010 13:42:32 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 28734
Error - 13.08.2010 13:42:32 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 28734
Error - 14.08.2010 13:52:12 | Computer Name = STOCK-52C3433DF | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung 86l99wpf.exe, Version 1.0.15.15281, fehlgeschlagenes
Modul 86l99wpf.exe, Version 1.0.15.15281, Fehleradresse 0x0005c887.
Error - 15.08.2010 05:32:19 | Computer Name = STOCK-52C3433DF | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iron.exe, Version 0.0.0.0, fehlgeschlagenes
Modul iron.dll, Version 5.0.381.0, Fehleradresse 0x00482030.
[ System Events ]
Error - 16.08.2010 04:06:41 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 16.08.2010 04:07:55 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Fips intelppm TPHKDRV TPPWRIF TSMAPIP
Error - 16.08.2010 04:21:37 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 16.08.2010 04:21:42 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 16.08.2010 04:21:49 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 16.08.2010 05:12:09 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 16.08.2010 05:14:04 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 16.08.2010 05:14:04 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde
Error - 16.08.2010 06:15:07 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 16.08.2010 06:15:10 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde
< End of report >
Geändert von stockii (16.08.2010 um 13:07 Uhr) Grund: log vergessen |
|
16.08.2010, 13:35
| #17 |
| /// Malwareteam   | Security Tool geht nicht zu löschen ! Alles bekannte probiert. Und ESET Log?
__________________ |
|
16.08.2010, 13:46
| #18 | |
| | Security Tool geht nicht zu löschen ! Alles bekannte probiert.Zitat:
|
|
16.08.2010, 14:00
| #19 |
| /// Malwareteam | Security Tool geht nicht zu löschen ! Alles bekannte probiert. Bitte mache es der REIHE nach. Was steht unter Schritt 1? Eset oder und erst danach OTL! |
|
16.08.2010, 14:33
| #20 |
| | Security Tool geht nicht zu löschen ! Alles bekannte probiert. guuut. dann bier der ESET.log Kann ich nach dem ESET scan die gefundenen Dateien löschen lassen ? Also "delete quarantined files" ?? Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=92f2867786644145832142370f95aff3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-16 01:28:24
# local_time=2010-08-16 03:28:24 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 166545 166545 0 0
# compatibility_mode=8192 67108863 100 0 206 206 0 0
# compatibility_mode=9217 16777214 75 66 507 4231591 0 0
# scanned=297436
# found=9
# cleaned=9
# scan_time=10946
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\rasacd.sys.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46A85308-0170-4DE1-A674-F327EDBED481}\RP179\A0037341.exe Win32/Spy.Zbot.YW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46A85308-0170-4DE1-A674-F327EDBED481}\RP182\A0042571.sys Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
G:\System Volume Information\_restore{5965F3FA-E43B-4ADC-8200-1C14F5627618}\RP3\A0000178.inf INF/Conficker worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\System Volume Information\_restore{B8C4B9F8-8B72-4CDF-9374-6FD4EC9AFC4F}\RP98\A0032258.EXE probably a variant of Win32/Spy.Goldun.DMRGYIC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\mukke\older than 2009\Mix\reaktor_5_keygen.exe probably a variant of Win32/Agent.JKXAYGP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\mukke\older than 2009\Mukke NEU download\Neuer Ordner\Traktor DJ Studio 3\Traktor DJ Studio 3\dlm-nitv3kgn.rar probably a variant of Win32/Spy.Goldun.DMRGYIC trojan (deleted - quarantined) 00000000000000000000000000000000 C
G:\mukke\older than 2009\Mukke NEU download\Neuer Ordner\Traktor DJ Studio 3\Traktor DJ Studio 3\TRAKTOR_DJ_STUDIO_3_KEYGEN.EXE probably a variant of Win32/Spy.Goldun.DMRGYIC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Win32/Conficker.AA worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Code:
ATTFilter OTL logfile created on: 16.08.2010 15:37:26 - Run 4 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\stock\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 14,65 Gb Total Space | 2,57 Gb Free Space | 17,53% Space Free | Partition Type: NTFS Drive D: | 49,84 Gb Total Space | 2,03 Gb Free Space | 4,07% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 10,04 Gb Total Space | 0,34 Gb Free Space | 3,39% Space Free | Partition Type: NTFS Drive G: | 232,83 Gb Total Space | 13,17 Gb Free Space | 5,66% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: STOCK-52C3433DF Current User Name: stock Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.08.16 15:34:05 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\stock\Desktop\OTL.exe PRC - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe PRC - [2010.06.28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010.06.24 17:28:04 | 001,069,056 | ---- | M] (SRWare) -- D:\Programme\SRWare Iron\iron.exe PRC - [2010.06.18 19:38:22 | 000,619,800 | ---- | M] (hxxp://tortoisesvn.net) -- D:\Programme\TortoiseSVN\bin\TSVNCache.exe PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.06.09 10:06:33 | 000,976,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.02.27 18:28:08 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\DNA\btdna.exe PRC - [2009.12.19 18:40:04 | 000,532,480 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) -- C:\WINDOWS\system32\bcd2kcpan.exe PRC - [2009.12.18 02:31:52 | 001,551,712 | ---- | M] (Nullsoft) -- D:\Programme\Winamp\winamp.exe PRC - [2009.12.18 02:30:48 | 000,039,424 | ---- | M] (Nullsoft) -- D:\Programme\Winamp\winampa.exe PRC - [2009.10.26 15:45:46 | 000,542,272 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Online Scanner\OnlineScannerApp.exe PRC - [2009.10.26 15:45:38 | 000,843,032 | ---- | M] () -- C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe PRC - [2009.10.23 02:04:00 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe PRC - [2009.08.24 14:43:54 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe PRC - [2009.07.08 21:12:06 | 000,337,184 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe PRC - [2009.07.03 15:49:12 | 000,581,632 | ---- | M] (cherry-sms.de) -- C:\Programme\cherry-sms.com\cherry-sms_client.exe PRC - [2009.06.12 11:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe PRC - [2009.03.19 18:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Programme\Last.fm\LastFM.exe PRC - [2008.10.08 03:38:00 | 000,256,576 | ---- | M] (Lenovo Group Ltd.) -- C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE PRC - [2008.03.04 11:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe PRC - [2008.03.04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe PRC - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe PRC - [2006.10.02 11:19:48 | 000,094,208 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe PRC - [2006.05.30 16:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe PRC - [2006.02.28 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.07.05 15:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe PRC - [2005.02.18 08:05:30 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe PRC - [2005.02.18 08:03:38 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe PRC - [2005.02.18 08:02:24 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe PRC - [2004.11.08 12:17:56 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2004.10.14 10:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe ========== Modules (SafeList) ========== MOD - [2010.08.16 15:34:05 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\stock\Desktop\OTL.exe MOD - [2006.02.28 14:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2006.02.28 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2004.11.08 12:17:50 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll ========== Win32 Services (SafeList) ========== SRV - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009.10.23 02:04:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2009.08.24 14:43:54 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC) SRV - [2009.07.24 21:35:48 | 000,057,344 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Tomcat 5.5\bin\tomcat5.exe -- (Tomcat5) SRV - [2009.06.29 14:51:00 | 000,039,976 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC) SRV - [2009.06.12 11:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2008.03.04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2007.10.19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2005.02.18 08:05:30 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) SRV - [2005.02.18 08:03:38 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) SRV - [2005.02.18 08:02:24 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) SRV - [2005.01.25 14:35:34 | 000,036,864 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS) SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lvrs.sys -- (LVRS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme) DRV - [2010.05.13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2009.12.19 18:40:04 | 000,042,400 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCD2000.SYS -- (BCD2000) DRV - [2009.12.19 18:40:04 | 000,021,632 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCD2000WDM.SYS -- (BCD2000WDM) DRV - [2009.10.23 02:04:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2009.09.29 17:06:14 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009.08.24 14:43:54 | 000,024,872 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV - [2009.08.24 09:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\azvusb.sys -- (azvusb) DRV - [2009.06.29 14:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf) DRV - [2009.06.29 14:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN) DRV - [2007.10.19 09:37:56 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P) DRV - [2007.10.19 09:37:56 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc) DRV - [2007.10.12 04:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.10.12 03:55:58 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV - [2007.10.12 03:55:58 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter) DRV - [2007.10.11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv) DRV - [2007.10.06 01:07:20 | 000,133,760 | ---- | M] (Echo Digital Audio Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\echondgo.sys -- (echondgo) DRV - [2007.03.09 03:57:02 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2007.02.19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2006.09.26 15:13:00 | 000,014,848 | ---- | M] (Lenovo, Ltd. and IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM) DRV - [2006.09.26 15:13:00 | 000,006,528 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TPInput.sys -- (TPInput) DRV - [2005.10.09 22:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM) DRV - [2005.07.05 15:57:06 | 000,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV) DRV - [2005.02.14 09:00:10 | 003,255,168 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R) DRV - [2004.11.08 12:12:48 | 000,177,504 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2004.10.15 11:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2004.08.04 00:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2004.08.03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2004.08.03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.07.01 12:43:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.08.16 11:17:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2010.07.16 15:17:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2010.07.16 15:13:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Extensions [2010.07.16 15:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.14 15:44:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\extensions [2010.01.20 15:05:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.02 01:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.04.10 19:46:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\extensions\DeviceDetection@logitech.com [2010.08.14 15:44:31 | 000,000,958 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\searchplugins\icqplugin.xml O1 HOSTS File: ([2010.08.16 10:06:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BCD2000] C:\WINDOWS\system32\bcd2kcpan.exe (Behringer Spezielle Studiotechnik GmbH) O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe () O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKLM..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe (Nullsoft) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [{228EFE0D-4C82-56F5-24E4-D2A85FCAA466}] C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Uvpite\unqa.exe File not found O4 - HKCU..\Run: [BitTorrent DNA] C:\Programme\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [ICQ] D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [RemoTerm.exe] C:\Programme\Gemeinsame Dateien\PCTV Systems\RemoTerm\RemoTerm.exe File not found O4 - HKCU..\Run: [Slevejabiv] C:\WINDOWS\utetbd32.DLL File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.12.19 16:18:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.04.23 15:01:48 | 000,000,000 | ---D | M] - F:\Automatisch zu iTunes hinzufügen -- [ NTFS ] O32 - AutoRun File - [2006.08.08 09:59:46 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ] O32 - AutoRun File - [2009.12.19 14:25:02 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{89a5acba-7975-11df-901b-0012f0eb6c5f}\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.16 15:34:02 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\stock\Desktop\OTL.exe [2010.08.16 12:22:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2010.08.16 12:17:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage [2010.08.16 12:16:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2010.08.16 12:16:27 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil_loc0407.dll [2010.08.16 12:16:26 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll [2010.08.16 12:16:23 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll [2010.08.16 12:16:23 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll [2010.08.16 12:16:08 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll [2010.08.16 12:16:05 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll [2010.08.16 12:16:05 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll [2010.08.16 12:16:05 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll [2010.08.16 12:16:05 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll [2010.08.16 12:16:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs [2010.08.16 12:16:02 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys [2010.08.16 12:15:16 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll [2010.08.16 12:15:16 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll [2010.08.16 12:15:16 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll [2010.08.16 11:40:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.08.16 11:17:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.08.16 11:17:33 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.08.16 11:17:10 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.16 11:17:10 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.16 11:17:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.16 11:17:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.16 11:17:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.16 11:16:41 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs [2010.08.16 11:16:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2010.08.16 10:09:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010.08.16 09:41:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.08.16 09:39:31 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.08.16 09:32:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.08.16 09:32:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.08.16 09:32:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.08.15 19:11:48 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.08.14 14:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.08.14 14:27:50 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.08.14 14:02:01 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.08.14 14:01:59 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.14 12:05:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010.08.14 12:01:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.08.14 12:00:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.08.14 11:56:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Desktop\security tool [2010.08.13 14:33:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\cherry-sms.com [2010.08.13 14:33:19 | 000,000,000 | ---D | C] -- C:\Programme\cherry-sms.com [2010.08.12 22:49:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Desktop\Bachelor [2010.08.12 22:29:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Desktop\xxx [2010.08.10 02:45:24 | 000,000,000 | ---D | C] -- C:\Programme\VodBurner [2010.08.10 02:45:17 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\stock\Eigene Dateien\VodBurner [2010.08.10 01:37:04 | 000,490,008 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2.dll [2010.08.10 01:37:03 | 001,279,000 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LV302V32.SYS [2010.08.10 01:37:03 | 000,465,432 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2RC.dll [2010.08.10 01:37:03 | 000,416,280 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvcodec2.dll [2010.08.10 01:36:07 | 000,195,096 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvci1150.dll [2010.08.10 01:36:07 | 000,041,752 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys [2010.08.10 01:36:07 | 000,013,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lv302af.sys [2010.08.10 01:35:21 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\LogiShrd [2010.08.05 13:35:15 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\stock\Recent [2010.08.05 13:31:52 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.08.04 20:46:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Malwarebytes [2010.08.04 20:46:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.04 20:46:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.04 20:46:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.04 20:46:29 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.04 18:01:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\Personal [2010.07.21 12:19:26 | 000,000,000 | ---D | C] -- C:\lucene [2010.07.20 12:57:48 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.16 15:34:05 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\stock\Desktop\OTL.exe [2010.08.16 12:18:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.16 12:17:36 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2010.08.16 12:17:01 | 000,426,779 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010.08.16 12:16:32 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2010.08.16 12:14:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.16 12:14:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.16 12:14:40 | 1609,027,584 | -HS- | M] () -- C:\hiberfil.sys [2010.08.16 12:13:33 | 004,980,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\stock\NTUSER.DAT [2010.08.16 12:13:33 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\stock\ntuser.ini [2010.08.16 11:16:44 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.16 11:16:44 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.16 11:16:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.16 11:16:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.16 11:16:44 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.16 10:06:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.08.16 10:06:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.08.16 09:39:36 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010.08.16 08:51:27 | 000,363,520 | ---- | M] () -- C:\deinemudder.com [2010.08.15 11:49:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.08.12 17:19:59 | 004,825,438 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\Solala.mp3 [2010.08.11 14:50:09 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2010.08.10 13:13:19 | 000,011,776 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.08 11:22:27 | 001,042,312 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.08 11:22:27 | 000,449,044 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.08 11:22:27 | 000,432,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.08 11:22:27 | 000,080,500 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.08 11:22:27 | 000,067,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.05 17:01:35 | 000,000,031 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\neon.m3u [2010.08.05 16:26:24 | 000,000,031 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\eins.m3u [2010.08.05 15:00:52 | 016,137,511 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\Bibio_Lovers_Carvings_-_Catz_n.mp3 [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.16 12:16:31 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2010.08.16 12:16:02 | 000,426,779 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml [2010.08.16 11:13:14 | 1609,027,584 | -HS- | C] () -- C:\hiberfil.sys [2010.08.16 09:39:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010.08.16 09:39:34 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.08.16 09:32:39 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.08.16 09:32:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.08.16 09:32:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.08.16 09:32:39 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.08.16 09:32:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.08.16 08:51:25 | 000,363,520 | ---- | C] () -- C:\deinemudder.com [2010.08.12 17:18:25 | 004,825,438 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\Solala.mp3 [2010.08.10 01:36:07 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2010.08.10 01:36:07 | 000,021,138 | ---- | C] () -- C:\WINDOWS\System32\Repository.reg [2010.08.05 17:01:34 | 000,000,031 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\neon.m3u [2010.08.05 16:26:22 | 000,000,031 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\eins.m3u [2010.08.03 20:48:06 | 016,137,511 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\Bibio_Lovers_Carvings_-_Catz_n.mp3 [2010.07.03 11:57:05 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2009.12.19 18:52:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2009.12.19 17:37:28 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2009.12.19 17:36:40 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2009.12.19 16:29:55 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2009.12.19 16:29:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2007.09.06 02:01:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007.08.23 18:55:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007.08.23 18:50:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2007.08.23 18:50:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2006.02.28 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2005.11.30 21:16:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll [2005.07.06 00:45:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll ========== LOP Check ========== [2010.04.02 01:04:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2009.12.24 12:40:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm [2010.07.20 13:02:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCTV Systems [2010.03.07 23:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WindSolutions [2010.04.23 14:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.03.05 00:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010.03.29 01:33:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\.purple [2010.06.03 13:37:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\ASCOMP Software [2010.08.13 14:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\cherry-sms.com [2010.08.16 15:38:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\DNA [2010.06.17 23:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\foobar2000 [2010.02.09 21:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\gtk-2.0 [2010.07.01 13:40:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\ICQ [2010.04.10 20:00:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Leadertech [2010.08.14 11:46:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Lesiw [2010.03.14 20:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Notepad++ [2010.01.11 21:56:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\OpenOffice.org [2010.03.16 13:36:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Software4u [2010.03.16 00:32:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Subversion [2010.07.01 22:35:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\TeamViewer [2010.07.16 15:11:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Thunderbird [2010.08.14 13:36:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Uvpite [2010.03.07 23:20:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\WindSolutions [2010.02.15 19:10:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\xm1 [2010.08.16 12:17:36 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.08.2010 15:37:26 - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\stock\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14,65 Gb Total Space | 2,57 Gb Free Space | 17,53% Space Free | Partition Type: NTFS
Drive D: | 49,84 Gb Total Space | 2,03 Gb Free Space | 4,07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 10,04 Gb Total Space | 0,34 Gb Free Space | 3,39% Space Free | Partition Type: NTFS
Drive G: | 232,83 Gb Total Space | 13,17 Gb Free Space | 5,66% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STOCK-52C3433DF
Current User Name: stock
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\IBM\Updater\jre\bin\java.exe" = C:\Programme\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- File not found
"C:\Programme\IBM\Updater\jre\bin\javaw.exe" = C:\Programme\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- File not found
"C:\Programme\IBM\Updater\ucsmb.exe" = C:\Programme\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- File not found
"D:\Programme\ICQ7.2\ICQ.exe" = D:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"D:\Programme\ICQ7.2\aolload.exe" = D:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- (MySQL AB)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"D:\Programme\iTunes\iTunes.exe" = D:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Tomcat 5.5\bin\tomcat5.exe" = C:\Tomcat 5.5\bin\tomcat5.exe:*:Enabled:Service Runner -- (Apache Software Foundation)
"D:\Programme\ICQ7.2\ICQ.exe" = D:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"D:\Programme\ICQ7.2\aolload.exe" = D:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024D73F0-1C49-2340-8AC3-5234AAA560C0}" = ccc-core-static
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}" = ThinkPad SATA Power Management Driver
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24F9E04D-4CD5-3979-76F9-C1C6E78471AB}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{3305E24F-1192-0424-8A25-39713FD92728}" = Skins
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DA7A736-0B03-565C-1139-83FE890F0AF3}" = CCC Help French
"{43A1FE83-D39F-3779-8D48-D6D19EE7AC48}" = CCC Help Chinese Traditional
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6A3B5E-D26E-4690-A061-F3E2FB10F0E5}" = TortoiseSVN 1.6.9.19725 (32 bit)
"{4CC04CB8-422A-4940-A5C9-90F233690509}_is1" = SRWare Iron 3.0.197.0
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FE1E412-D114-46E8-A891-5BE087B256A5}" = MVision
"{66CA5E58-0D03-A75D-16EF-68258DE0DFC3}" = CCC Help English
"{6BC292E6-5C85-4620-C1D0-A2FEAFD5D135}" = CCC Help Japanese
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7579A17B-0E6C-9EF3-D022-30729A24B399}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BAA2000-5B8D-66DD-DBE7-089671AC118B}" = ccc-utility
"{7C2BD022-2B09-1F6D-D6C1-AD2A591E7537}" = Catalyst Control Center Core Implementation
"{806DB796-7082-C63F-284E-62245284A417}" = CCC Help Dutch
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3E23D97-145F-29BF-81DE-DAEC1E5AB237}" = Catalyst Control Center Graphics Full New
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8FA2AC0-3875-B59F-917F-719982FB1BE8}" = CCC Help Portuguese
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AE1A0B0E-2EC7-656A-711A-0E7E8D4AB5CF}" = CCC Help Spanish
"{B016DE7B-CA2D-5EFD-9591-A109E67119BD}" = CCC Help Swedish
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A92EF9-D14C-937F-742E-D272938DC590}" = CCC Help Korean
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 5.0.381
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D702172D-8D17-D9EC-B661-42FA268575AF}" = Catalyst Control Center Localization All
"{DAA3F236-CEEC-C6CC-12C2-AB1B75C8BC09}" = CCC Help German
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E09CEE8B-1DCD-C628-A8EA-2B56D61DDEFA}" = ccc-core-preinstall
"{E25E4542-4ACB-4062-9F34-9DFE136BCBF3}" = Now Playing Plugin for Windows Live Writer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F3439243-1BAC-7250-D346-2642655F95ED}" = Catalyst Control Center Graphics Full Existing
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF2AFF73-099E-0BB5-AE87-B044D3D7DE78}" = Catalyst Control Center Graphics Light
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Apache Tomcat 5.5" = Apache Tomcat 5.5 (remove only)
"Aspell" = Aspell Data
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"cherry-sms" = Cherry SMS Client
"Echo Indigo" = Echo Indigo
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"foobar2000" = foobar2000 v1.0
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.24567
"lvdrivers_11.50" = Logitech QuickCam-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Thunderbird (3.1)" = Mozilla Thunderbird (3.1)
"Notepad++" = Notepad++
"PokerStars" = PokerStars
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad-Präsentationsdirektor
"ProInst" = Intel(R) PROSet/Wireless Software
"Secure Eraser_is1" = Secure Eraser v3.1
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"TeamViewer 5" = TeamViewer 5
"Texmaker" = Texmaker
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.08.2010 13:42:28 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24609
Error - 13.08.2010 13:42:28 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24609
Error - 13.08.2010 13:42:30 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.08.2010 13:42:30 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 26578
Error - 13.08.2010 13:42:30 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 26578
Error - 13.08.2010 13:42:32 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.08.2010 13:42:32 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 28734
Error - 13.08.2010 13:42:32 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 28734
Error - 14.08.2010 13:52:12 | Computer Name = STOCK-52C3433DF | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung 86l99wpf.exe, Version 1.0.15.15281, fehlgeschlagenes
Modul 86l99wpf.exe, Version 1.0.15.15281, Fehleradresse 0x0005c887.
Error - 15.08.2010 05:32:19 | Computer Name = STOCK-52C3433DF | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iron.exe, Version 0.0.0.0, fehlgeschlagenes
Modul iron.dll, Version 5.0.381.0, Fehleradresse 0x00482030.
[ System Events ]
Error - 16.08.2010 04:06:41 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 16.08.2010 04:07:55 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Fips intelppm TPHKDRV TPPWRIF TSMAPIP
Error - 16.08.2010 04:21:37 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 16.08.2010 04:21:42 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 16.08.2010 04:21:49 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 16.08.2010 05:12:09 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 16.08.2010 05:14:04 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 16.08.2010 05:14:04 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde
Error - 16.08.2010 06:15:07 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 16.08.2010 06:15:10 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde
< End of report >
Geändert von stockii (16.08.2010 um 14:39 Uhr) Grund: tol code dazu |
|
16.08.2010, 14:33
| #21 |
| /// Malwareteam | Security Tool geht nicht zu löschen ! Alles bekannte probiert. Kein weiterer Support möglich Code:
ATTFilter TRAKTOR_DJ_STUDIO_3_KEYGEN.EXE
Dass Cracks und Keygens im Wesentlichen dazu dienen, um auf den Computern Malware und Backdoors unterzubringen, ist kein Geheimnis und muss jedem klar sein. Da bleibt mir nichts weiter, als Dir zu empfehlen, in Zukunft auf derlei Software zu verzichten. Mit solcher Software endet der Support und beschränkt sich auf den Hinweis, das System neu zu installieren. Wenn Du das System neu installiert hast, kannst Du gerne einen neuen Thread eröffnen. Dieser Thread wird geschlossen. |
|
16.08.2010, 15:12
| #22 |
| | Security Tool geht nicht zu löschen ! Alles bekannte probiert. ajooo .. !?!? das ist n uralter crack auf meiner externen festplatte ... ^^ kann ich auch nix für .. |
|
17.08.2010, 11:36
| #23 | |
| /// Malwareteam | Security Tool geht nicht zu löschen ! Alles bekannte probiert.Zitat:
|
|
30.08.2010, 12:52
| #24 |
| /// Malwareteam | Security Tool geht nicht zu löschen ! Alles bekannte probiert. Dieses Thema scheint erledigt und wird aus den Abos gelöscht. Solltest Du das Thema erneut benötigen, bitte eine PN an mich. Jeder andere möge bitte einen eigenen Thread starten. |
|
| Themen zu Security Tool geht nicht zu löschen ! Alles bekannte probiert. |
| antivir, antivir guard, avgnt, avgntflt.sys, avira, bho, bonjour, browser, desktop, device driver, entfernen, erste mal, fontcache, gerätetreiber, heuristics.shuriken, hijack, hijackthis, hkus\s-1-5-18, installation, internet, internet explorer, lenovo, log file, logfile, nicht löschen, nicht zu löschen, plug-in, proxy, registry, remote control, rkill, rkill.com, rojaner gefunden, rootkit.dropper, rundll, security, security tool, server, skype.exe, software, system, thinkvantage registry monitor service, trojan.agent.ge, trojaner, trojaner gefunden, will nicht, windows, windows xp, winpcap packet driver |
Linear-Darstellung
