|
Log-Analyse und Auswertung: Trojaner spioniert Passwörter aus ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.08.2010, 22:47 | #16 |
| Trojaner spioniert Passwörter aus ?Code:
ATTFilter OTL logfile created on: 8/19/2010 12:26:39 AM - Run OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 895.00 Mb Total Physical Memory | 661.00 Mb Available Physical Memory | 74.00% Memory free 807.00 Mb Paging File | 695.00 Mb Available in Paging File | 86.00% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 54.83 Gb Total Space | 15.04 Gb Free Space | 27.44% Space Free | Partition Type: FAT32 Drive D: | 36.45 Gb Total Space | 28.92 Gb Free Space | 79.35% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO Current User Name: SYSTEM Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard Using ControlSet: ControlSet003 ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010/08/16 16:12:46 | 001,355,416 | ---- | M] (Lavasoft) [On_Demand] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2008/10/24 12:23:34 | 000,068,865 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2008/10/24 12:23:30 | 000,151,297 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2008/10/01 13:06:14 | 000,116,040 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2008/09/04 15:52:00 | 000,054,784 | ---- | M] (Macrovision) [Auto] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA) SRV - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device) SRV - [2007/06/11 10:14:42 | 000,099,248 | ---- | M] () [Auto] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService) SRV - [2007/02/22 10:38:30 | 000,028,672 | ---- | M] (Dueteoch Ltd) [Auto] -- C:\WINDOWS\Provisioning\services.exe -- (Wireless Location) SRV - [2007/02/22 10:31:30 | 000,557,182 | ---- | M] (Fieldriemn) [Auto] -- C:\WINDOWS\system32\netcall5.exe -- (Network Managing) SRV - [2007/01/17 11:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2006/03/28 17:11:56 | 000,036,864 | ---- | M] () [Auto] -- C:\WINDOWS\system32\acs.exe -- (ACS) SRV - [2006/03/23 17:06:38 | 000,880,128 | ---- | M] (Nero AG) [Auto] -- C:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only) SRV - [2006/03/23 17:06:38 | 000,880,128 | ---- | M] (Nero AG) [Auto] -- C:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2006/03/20 16:40:10 | 000,304,640 | ---- | M] (XIMETA, Inc.) [Auto] -- C:\Programme\NDAS\System\ndassvc.exe -- (ndassvc) SRV - [2005/12/12 09:55:00 | 000,656,384 | ---- | M] (ITE Tech. Inc.) [Auto] -- C:\WINDOWS\system32\RemoteControlService.exe -- (ITECIRService) SRV - [2005/03/04 11:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) SRV - [2005/03/04 11:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (Tosrfcom) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - File not found [Kernel | On_Demand] -- C:\DOKUME~1\TOMMY~1.THO\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2010/08/16 16:12:56 | 000,015,008 | ---- | M] () [Kernel | On_Demand] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2010/07/12 10:55:40 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd) DRV - [2009/08/21 02:08:00 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2009/08/21 02:08:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2009/08/21 02:08:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2009/05/27 20:23:38 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009/05/27 20:23:30 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2009/05/27 20:23:28 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2009/05/12 15:53:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FlashUsb.sys -- (FlashUSB) DRV - [2008/11/06 17:37:30 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2008/11/06 17:37:28 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2008/09/04 15:51:56 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA) DRV - [2008/07/09 14:49:06 | 000,819,072 | ---- | M] (DiBcom SA) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mod7700.sys -- (mod7700) DRV - [2008/04/18 22:49:38 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/04/13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008/04/13 18:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2007/11/01 14:38:56 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/10/19 15:32:58 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modrc.sys -- (MODRC) DRV - [2007/02/24 07:27:38 | 000,019,944 | ---- | M] (Ray Hinchliffe) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SIVX32.sys -- (SIVDRIVER) DRV - [2006/11/28 22:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PDNMp50.sys -- (PDNMp50) DRV - [2006/11/28 22:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PDNSp50.sys -- (PDNSp50) DRV - [2006/09/08 01:53:30 | 000,071,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec) DRV - [2006/05/09 23:27:00 | 000,043,520 | R--- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006/04/28 23:53:20 | 000,056,792 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hcw99rc.sys -- (hcw99rc) DRV - [2006/04/26 22:48:00 | 003,659,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006/04/09 09:54:28 | 000,471,264 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2006/04/06 17:21:08 | 000,118,850 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hcw70bda.sys -- (HCW77BDA) DRV - [2006/03/23 17:15:58 | 000,102,016 | ---- | M] (Nero AG) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2006/03/23 17:15:56 | 000,033,536 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm) DRV - [2006/03/23 17:15:56 | 000,029,440 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass) DRV - [2006/03/23 17:00:28 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2006/03/20 16:40:52 | 000,140,160 | ---- | M] (XIMETA, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\lfsfilt.sys -- (lfsfilt) DRV - [2006/03/20 16:39:58 | 000,059,136 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndasbus.sys -- (ndasbus) DRV - [2006/03/20 16:39:58 | 000,044,288 | ---- | M] (XIMETA, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\lpx.sys -- (lpx) DRV - [2006/03/06 16:49:36 | 000,011,136 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2005/10/21 02:13:08 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005/10/03 10:26:36 | 000,720,470 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynMini.sys -- (SynMini) DRV - [2005/10/03 10:26:14 | 000,008,278 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynScan.sys -- (SynScan) DRV - [2005/09/29 22:34:10 | 000,310,016 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005/09/16 23:01:50 | 000,028,672 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005/09/14 00:45:24 | 000,050,560 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005/08/22 04:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005/08/22 04:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005/08/22 04:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005/03/03 22:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005/02/17 10:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004/05/27 22:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\ATK0100\ASNDIS5.sys -- (ASNDIS5) DRV - [2004/04/22 15:03:02 | 000,007,366 | ---- | M] (IET Tech. Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ITECIR.sys -- (ITECIR) DRV - [2004/03/24 04:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5) DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA) DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKU\Tommy.THOMAS_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\Tommy.THOMAS_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\Tommy.THOMAS_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.de/ IE - HKU\Tommy.THOMAS_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Tommy.THOMAS_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\Ute_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\Ute_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\Ute_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\Ute_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sparkasse-uelzen-luechow-dannenberg.de/inner.php?IFLBSERVERID=IF@@051@@IF IE - HKU\Ute_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\Ute_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Programme\Mozilla Firefox\components [2008/02/07 17:18:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008/02/07 17:18:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Programme\Netscape\Netscape\Components [2007/06/13 13:13:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Programme\Netscape\Netscape\Plugins [2007/06/13 13:13:08 | 000,000,000 | ---D | M] [2008/02/07 17:18:26 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010/05/29 06:54:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2008/02/07 17:18:28 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\inspector@mozilla.org [2008/02/07 17:18:28 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2009/02/10 18:52:32 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll [2009/02/10 18:52:32 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll [2009/02/10 18:52:32 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll [2009/02/10 18:52:32 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll [2009/02/10 18:52:32 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll [2007/11/20 16:52:00 | 002,884,992 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPSWF32.dll [2010/05/29 06:53:58 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2009/02/10 18:52:40 | 000,001,525 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009/02/10 18:52:40 | 000,001,063 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009/02/10 18:52:40 | 000,000,998 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009/02/10 18:52:40 | 000,000,815 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004/08/04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O3 - HKU\Tommy.THOMAS_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\Tommy.THOMAS_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\Tommy.THOMAS_ON_C\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found. O3 - HKU\Ute_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\Ute_ON_C\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found. O3 - HKU\Ute_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\Ute_ON_C\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [ACU] C:\Programme\ASUS WLAN Adapter\ACU.exe (Atheros Communications, Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATKHOTKEY] C:\Programme\ATK Hotkey\Hcontrol.exe (ATK0100) O4 - HKLM..\Run: [bonjour1] C:\WINDOWS\System32\ftpcommander.exe File not found O4 - HKLM..\Run: [ftpcommander1] C:\WINDOWS\system32\winrar.exe ( ) O4 - HKLM..\Run: [GUpdate] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WebAuto3\Refresh.exe (Gamblock Pty Ltd) O4 - HKLM..\Run: [iespell1] C:\WINDOWS\System32\bonjour.exe File not found O4 - HKLM..\Run: [lexmarkfaxsolutions1] C:\WINDOWS\System32\iespell.exe File not found O4 - HKLM..\Run: [lxdiamon] C:\Programme\Lexmark 3500-4500 Series\lxdiamon.exe () O4 - HKLM..\Run: [lxdimon.exe] C:\Programme\Lexmark 3500-4500 Series\lxdimon.exe () O4 - HKLM..\Run: [microsoftmoney1] C:\WINDOWS\system32\microsoftmoney.exe ( ) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [winrar1] C:\WINDOWS\system32\winrar.exe ( ) O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe () O4 - HKU\Tommy.THOMAS_ON_C..\Run: [PhotoShow Deluxe Media Manager] C:\Programme\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe (Ahead Software) O4 - HKU\Tommy.THOMAS_ON_C..\Run: [Uniblue RegistryBooster 2] C:\Programme\Uniblue\RegistryBooster 2\RegistryBooster.exe (Uniblue Software) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Pinnacle Streaming Server.lnk = C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe (Avid Development GmbH) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Tommy.THOMAS_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\Tommy.THOMAS_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\Ute_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programme\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programme\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Programme\ieSpell\iespell.dll (Red Egg Software) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} https://w3s.webmoney.ru/WMAcceptor.dll (AcceptWM Class) O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} hxxp://www.webcamcancun.com/WinWebPush.cab (WebWatch Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://200.79.225.92:8080/activex/AMC.cab (Reg Error: Key error.) O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/08/29 00:26:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/08/18 22:50:16 | 126,853,622 | ---- | C] (Igor Pavlov) -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\OTLPENet.exe [2010/08/18 21:44:20 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\OTH.scr [2010/08/18 20:49:00 | 000,000,000 | --SD | C] -- C:\Combo-Fix [2010/08/18 19:38:58 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/08/18 19:36:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/08/18 19:36:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/08/18 19:36:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/08/18 19:36:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/08/18 19:36:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/08/18 19:35:08 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/08/17 15:45:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\Malwarebytes [2010/08/17 15:45:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/08/17 15:45:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/08/17 15:45:29 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010/08/17 14:51:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\Scann.exe [2010/08/17 07:58:49 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010/08/16 16:12:58 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/08/16 12:41:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Desktop [2010/08/16 12:29:12 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010/08/16 12:28:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software [2010/08/05 00:32:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\vlc [2010/08/05 00:31:29 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN [2010/08/01 19:52:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\Logo [2010/08/01 13:45:54 | 000,000,000 | -HSD | C] -- C:\FOUND.001 [2010/08/01 01:02:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Eigene Dateien\reise london [2010/07/30 19:10:00 | 000,000,000 | -HSD | C] -- C:\FOUND.000 [2010/07/30 18:55:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ute\Lokale Einstellungen\Anwendungsdaten\TowerGaming.com [2010/07/30 18:55:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\TowerGaming.com [2010/07/30 17:53:02 | 000,000,000 | ---D | C] -- C:\Towergaming [2010/07/30 17:37:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Lokale Einstellungen\Anwendungsdaten\TowerGaming.com [2010/07/30 17:37:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\TowerGaming.com [2010/07/30 17:36:34 | 000,000,000 | ---D | C] -- C:\Programme\Tower Gaming [2010/07/29 09:54:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Ute\PrivacIE [2010/07/29 09:54:41 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Ute\IETldCache [2010/07/29 09:53:38 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\PrivacIE [2010/07/29 09:53:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\IETldCache [2010/07/29 09:42:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010/07/29 09:39:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2007/09/20 18:42:12 | 000,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll [2007/09/20 18:42:11 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll [2007/09/20 18:42:11 | 000,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll [2007/09/20 18:42:11 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll [2007/09/20 18:42:11 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll [2007/09/20 18:42:11 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll [2007/09/20 18:42:11 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll [2007/09/20 18:42:11 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll [2007/09/20 18:42:11 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll [2007/09/20 18:42:11 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll [2007/09/20 18:42:10 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll [2007/09/20 18:42:10 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/08/18 22:59:04 | 000,262,144 | ---- | M] () -- C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT [2010/08/18 22:59:04 | 000,245,760 | ---- | M] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT [2010/08/18 22:58:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/08/18 22:58:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/08/18 22:57:16 | 005,767,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\ntuser.dat [2010/08/18 22:57:06 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\ntuser.ini [2010/08/18 22:50:18 | 126,853,622 | ---- | M] (Igor Pavlov) -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\OTLPENet.exe [2010/08/18 22:36:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/08/18 21:51:12 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/08/18 21:50:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/08/18 21:50:02 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/08/18 21:44:24 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\OTH.scr [2010/08/18 20:47:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/08/18 20:29:24 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Internet Explorer Browser starten.lnk [2010/08/18 19:39:02 | 000,000,281 | -HS- | M] () -- C:\boot.ini [2010/08/18 19:33:00 | 003,819,088 | R--- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\Combo-Fix.exe [2010/08/18 18:01:04 | 000,037,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Eigene Dateien\ombudsmann.wps [2010/08/18 00:10:38 | 002,842,624 | ---- | M] () -- C:\Dokumente und Einstellungen\Ute\ntuser.dat [2010/08/18 00:09:22 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Ute\ntuser.ini [2010/08/17 21:56:08 | 000,017,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\Ausgabentabelle.ods [2010/08/17 14:49:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\Scann.exe [2010/08/17 07:58:50 | 000,001,602 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\HijackThis.lnk [2010/08/16 16:12:58 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/08/16 12:27:58 | 000,000,769 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk [2010/08/14 08:09:14 | 000,022,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Eigene Dateien\2010neu.xlr [2010/08/14 08:09:10 | 000,021,504 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Eigene Dateien\2011neu.xlr [2010/08/14 08:09:08 | 000,020,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Eigene Dateien\2012neu.xlr [2010/08/13 14:26:08 | 000,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/08/13 07:02:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/08/13 07:00:52 | 001,000,430 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/08/13 07:00:52 | 000,449,966 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010/08/13 07:00:52 | 000,433,332 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/08/13 07:00:52 | 000,080,822 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010/08/13 07:00:52 | 000,068,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/08/10 17:55:44 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/08/10 17:55:36 | 000,011,264 | ---- | M] () -- C:\Dokumente und Einstellungen\Ute\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/08 16:03:32 | 000,011,670 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\.recently-used.xbel [2010/08/08 16:02:56 | 000,019,965 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\Count_Dracula_Christopher_Lee.jpg [2010/08/05 00:28:02 | 000,000,209 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\default.pls [2010/08/04 21:26:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/08/04 17:53:46 | 000,020,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Eigene Dateien\2013.xlr [2010/08/04 17:53:40 | 000,020,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Eigene Dateien\2014.xlr [2010/08/04 17:53:36 | 000,020,480 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Eigene Dateien\2016.xlr [2010/08/04 17:53:16 | 000,020,480 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Eigene Dateien\2015.xlr [2010/08/02 15:58:54 | 000,559,158 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\02.08.2010 15;58;53.jpg [2010/08/02 15:57:50 | 000,601,220 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\02.08.2010 15;57;50.jpg [2010/07/29 09:54:46 | 000,001,711 | ---- | M] () -- C:\Dokumente und Einstellungen\Ute\Desktop\NSSstub.lnk [2010/07/29 09:54:46 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Internet Explorer Browser starten.lnk [2010/07/27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll [2010/07/27 08:27:16 | 000,014,588 | ---- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Eigene Dateien\Erwerbsminderugsrente__ Cröhnchen-Klub Forum.mht [2010/07/24 05:58:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/07/23 14:54:26 | 000,179,276 | -H-- | M] () -- C:\Dokumente und Einstellungen\Ute\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010/07/23 14:53:48 | 000,260,564 | -H-- | M] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Lokale Einstellungen\Anwendungsdaten\IconCache.db [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/08/18 19:39:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/08/18 19:38:59 | 000,262,448 | ---- | C] () -- C:\cmldr [2010/08/18 19:36:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/08/18 19:36:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/08/18 19:36:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/08/18 19:36:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/08/18 19:36:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/08/18 19:32:49 | 003,819,088 | R--- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\Combo-Fix.exe [2010/08/18 17:39:57 | 000,037,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Eigene Dateien\ombudsmann.wps [2010/08/17 07:58:49 | 000,001,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\HijackThis.lnk [2010/08/16 12:49:59 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2010/08/16 12:30:41 | 000,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/08/16 12:27:57 | 000,000,769 | ---- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk [2010/08/12 19:25:58 | 000,001,685 | ---- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\Microsoft Works-Tabellenkalkulation.lnk [2010/08/08 16:03:30 | 000,011,670 | ---- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\.recently-used.xbel [2010/08/08 16:03:15 | 000,019,965 | ---- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\Count_Dracula_Christopher_Lee.jpg [2010/08/02 15:58:56 | 000,559,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\02.08.2010 15;58;53.jpg [2010/08/02 15:57:54 | 000,601,220 | ---- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Desktop\02.08.2010 15;57;50.jpg [2010/07/29 13:06:45 | 005,767,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\ntuser.dat [2010/07/29 13:06:45 | 002,842,624 | ---- | C] () -- C:\Dokumente und Einstellungen\Ute\ntuser.dat [2010/07/29 09:54:44 | 000,001,711 | ---- | C] () -- C:\Dokumente und Einstellungen\Ute\Desktop\NSSstub.lnk [2010/07/29 09:39:43 | 000,000,504 | ---- | C] () -- C:\WINDOWS\tasks\NSSstub.job [2010/07/27 08:27:10 | 000,014,588 | ---- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Eigene Dateien\Erwerbsminderugsrente__ Cröhnchen-Klub Forum.mht [2010/03/21 16:13:40 | 000,011,264 | ---- | C] () -- C:\Dokumente und Einstellungen\Ute\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/14 23:16:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini [2010/02/05 14:03:16 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\$_hpcst$.hpc [2010/01/19 17:32:59 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\$_hpcst$.hpc [2010/01/18 11:33:55 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll [2010/01/18 11:33:55 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini [2009/10/05 12:37:21 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini [2009/10/05 12:37:20 | 000,398,336 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll [2009/08/03 12:13:49 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL [2009/08/03 12:13:49 | 000,144,144 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL [2009/08/03 12:13:49 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL [2009/08/03 12:13:49 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL [2009/08/03 12:13:49 | 000,033,040 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL [2009/05/26 14:45:03 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll [2008/12/28 12:50:54 | 000,000,470 | ---- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\guns [2008/12/28 11:42:30 | 000,000,122 | ---- | C] () -- C:\WINDOWS\cddabase.ini [2008/11/26 15:04:38 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll [2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008/08/02 22:59:08 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini [2008/02/26 17:19:10 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini [2008/01/30 22:00:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\lfplt11n.dll [2008/01/30 22:00:16 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll [2008/01/30 22:00:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL [2008/01/30 21:58:50 | 000,000,152 | ---- | C] () -- C:\WINDOWS\Missing.ini [2008/01/17 13:09:09 | 000,000,825 | ---- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\.plugin141_02.trace [2007/11/11 05:56:34 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini [2007/09/25 18:39:56 | 000,000,116 | ---- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\LuResult.txt [2007/09/20 18:43:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll [2007/09/20 18:43:07 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll [2007/09/20 18:42:49 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll [2007/09/20 18:42:49 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll [2007/09/20 18:42:49 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll [2007/09/20 18:42:12 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll [2007/09/20 18:42:11 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll [2007/08/23 18:10:57 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL [2007/06/17 23:23:02 | 000,000,209 | ---- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\default.pls [2007/04/11 15:30:59 | 000,003,282 | ---- | C] () -- C:\WINDOWS\tm.ini [2007/02/07 23:55:11 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2007/02/04 22:10:41 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2007/01/13 22:30:49 | 000,000,936 | ---- | C] () -- C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\wklnhst.dat [2006/11/28 08:44:46 | 000,033,807 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2006/11/28 08:44:25 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll [2006/11/28 08:44:04 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/11/28 08:44:03 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll [2006/11/28 08:43:19 | 000,010,344 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2006/11/28 08:40:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2006/11/25 13:30:30 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2006/11/22 23:52:00 | 000,071,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/11/22 23:39:06 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/11/22 23:34:45 | 000,024,844 | ---- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\wklnhst.dat [2006/11/22 20:30:57 | 000,008,192 | -H-- | C] () -- C:\Dokumente und Einstellungen\Ute\ntuser.dat.LOG [2006/11/22 20:30:57 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Ute\ntuser.ini [2006/11/22 19:58:33 | 000,008,192 | -H-- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\ntuser.dat.LOG [2006/11/22 19:58:33 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Tommy.THOMAS\ntuser.ini [2006/08/29 01:29:49 | 000,262,144 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT [2006/08/29 01:29:48 | 000,245,760 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT [2006/08/29 00:54:37 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2006/08/29 00:30:03 | 000,000,941 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/08/29 00:29:49 | 000,090,112 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\ntuser.dat.LOG [2006/08/29 00:29:49 | 000,000,020 | -HS- | C] () -- C:\Dokumente und Einstellungen\LocalService\ntuser.ini [2006/08/29 00:29:48 | 000,008,192 | -H-- | C] () -- C:\Dokumente und Einstellungen\NetworkService\ntuser.dat.LOG [2006/08/29 00:29:48 | 000,000,020 | -HS- | C] () -- C:\Dokumente und Einstellungen\NetworkService\ntuser.ini [2006/08/28 18:58:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/04/26 22:48:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/04/26 22:48:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/04/26 22:48:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/04/26 22:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/04/26 22:48:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2005/05/06 06:06:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2005/02/17 10:07:48 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [2004/10/11 12:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL [2004/09/07 16:34:59 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS [2004/09/07 16:34:59 | 000,002,524 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2002/05/16 14:05:54 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\CddbLangIT.dll [2002/05/10 10:58:10 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\CddbLangFR.dll ========== LOP Check ========== [2008/03/04 10:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\FRITZ! [2006/11/22 20:09:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\Opera [2006/11/22 23:22:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\Simple Star [2006/11/22 23:28:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\Snapfish [2006/11/22 23:35:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\Template [2008/03/04 11:06:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\FRITZ!fax für FRITZ!Box [2008/03/19 16:28:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\Microgaming [2008/07/29 14:53:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\Uniblue [2008/07/29 15:11:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\System Tweaker [2008/08/06 23:14:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\Betfair [2010/05/04 21:49:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\UB [2008/11/08 13:26:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\OpenOffice.org [2008/11/26 17:50:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\TrojanHunter [2008/12/15 19:16:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\PacificPoker [2009/01/25 23:00:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\KaLoMa [2009/08/11 14:47:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\TomTom [2009/12/25 08:21:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\LG Electronics [2010/01/21 12:47:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\elsterformular [2010/02/28 16:46:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\TuneUp Software [2010/05/22 17:07:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\gtk-2.0 [2010/07/30 17:37:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\TowerGaming.com [2006/12/10 13:21:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\DeepBurner [2006/12/10 14:23:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\Pegasys Inc [2006/12/25 21:38:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\Mp3tag [2007/01/29 07:55:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\ieSpell [2007/08/23 19:02:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\Lexmark Productivity Studio [2007/10/28 22:13:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\POPFile [2007/12/04 17:32:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\Orbit [2007/12/13 13:17:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\MSNInstaller [2008/02/21 22:58:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tommy.THOMAS\Anwendungsdaten\Leadertech [2010/04/02 10:20:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\FRITZ! [2007/01/13 22:31:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\Template [2008/08/28 21:44:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\FRITZ! [2009/09/24 18:11:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\OpenOffice.org [2010/01/29 10:38:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\elsterformular [2010/02/28 21:36:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\TuneUp Software [2010/07/30 18:55:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\TowerGaming.com [2009/08/03 12:09:06 | 000,000,504 | ---- | M] () -- C:\WINDOWS\Tasks\NSSstub.job [2010/08/18 20:47:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 8/19/2010 12:26:39 AM - Run OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 895.00 Mb Total Physical Memory | 661.00 Mb Available Physical Memory | 74.00% Memory free 807.00 Mb Paging File | 695.00 Mb Available in Paging File | 86.00% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 54.83 Gb Total Space | 15.04 Gb Free Space | 27.44% Space Free | Partition Type: FAT32 Drive D: | 36.45 Gb Total Space | 28.92 Gb Free Space | 79.35% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO Current User Name: SYSTEM Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard Using ControlSet: ControlSet003 ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Lexmark 3500-4500 Series\app4r.exe" = C:\Programme\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- () [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Lexmark 3500-4500 Series\LXDIAMON.EXE" = C:\Programme\Lexmark 3500-4500 Series\LXDIAMON.EXE:*:Disabled:Device Monitor Application -- () "C:\Programme\Lexmark 3500-4500 Series\LXDIMON.EXE" = C:\Programme\Lexmark 3500-4500 Series\LXDIMON.EXE:*:Disabled:Device Monitor -- () "C:\Programme\Lexmark 3500-4500 Series\Wireless\lxdiwpss.exe" = C:\Programme\Lexmark 3500-4500 Series\Wireless\lxdiwpss.exe:*:Enabled: -- () "C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- () "C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled: -- () "C:\Programme\Lexmark 3500-4500 Series\App4R.exe" = C:\Programme\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Printing Application -- () "C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxdiPSWX.EXE" = C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxdiPSWX.EXE:*:Enabled:Printer Status Window Interface -- () "C:\Programme\SmartFTP Client\SmartFTP.exe" = C:\Programme\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5 -- (SmartSoft Ltd.) "C:\WINDOWS\System32\lxdiih.exe" = C:\WINDOWS\System32\lxdiih.exe:*:Enabled:Printer Communication System -- ( ) "C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin) "C:\Programme\Zattoo\Zattoo.exe" = C:\Programme\Zattoo\Zattoo.exe:*:Enabled: -- () "C:\Programme\FRITZ!fax\FriFax32.exe" = C:\Programme\FRITZ!fax\FriFax32.exe:*:Enabled:FRITZ!fax -- (AVM Berlin) "C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin) "F:\Programme\PuzzleOnline\PuzzleOnline.exe" = F:\Programme\PuzzleOnline\PuzzleOnline.exe:*:Disabled:PuzzleOnline -- File not found "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe" = C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:LocalSubNet:Enabled:Pinnacle Streaming Server -- (Avid Development GmbH) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver "{06604771-5346-492A-93C1-486B6CCD10AD}" = MP3 Player "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery "{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media "{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II "{169E414A-37C7-434E-9021-27A03AE087CD}" = ASUS VideoSecurity Online "{21BBAD12-C75F-4F06-A9B0-6F8BEEAF3846}" = Moorhuhn X - XS "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = ASUS Client Installation Program "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{5E0C9350-250A-45B1-B77A-C18F27E256FE}" = Roxio WinOnCD 6 Power Edition "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server "{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0 "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{89DDBCD4-B326-4545-9A05-26C7B16C1DEB}" = PowerForPhone "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver "{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support "{A12A36D3-ACB7-11D9-8E75-000D614181EB}" = NDAS Software 3.11.1327 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch "{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008 "{BCA09E3E-34A6-4444-BE77-F4FBD0F26188}" = TMPGEnc 4.0 XPress Testversion "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology "{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery "{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II "{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) "Ad-Aware" = Ad-Aware "Ad-Aware SE Personal" = Ad-Aware SE Personal "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2 "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus "Asus_A_Series_ScreenSaver" = Asus_A_Series_ScreenSaver "AVMFBox" = FRITZ!Box "Backgammon!" = Backgammon! "CdaC13Ba" = SafeCast Shared Components "DATA BECKER - 3.333 Bewerbungen" = DATA BECKER - 3.333 Bewerbungen "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "ElsterFormular 11.1.0 11.1.0.***unknown variable buildnummer***" = ElsterFormular 11.1.0 "FLVPlayer" = FLV Player 1.3.3 "FRITZ!DSL" = AVM FRITZ!DSL "FRITZ!fax" = AVM FRITZ!fax "FTP Commander" = FTP Commander "Generic USB Card Reader Driver" = Generic USB Card Reader Driver v2.2f "getPlus(R)_ocx" = getPlus(R)_ocx "Google Chrome" = Google Chrome "HControl" = ATK0100 ACPI UTILITY "HijackThis" = HijackThis 2.0.2 "hsv_screensaver_07-2008.scr" = hsv_screensaver_07-2008 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie8" = Windows Internet Explorer 8 "ieSpell" = ieSpell "Infineon USB driver_is1" = Infineon USB driver 1.0.0.6 "InstallShield_{169E414A-37C7-434E-9021-27A03AE087CD}" = ASUS VideoSecurity Online "Java Web Start" = Java Web Start "KaloMa_is1" = KaloMa 5.00alpha20080914 "Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaShow" = Medi@Show "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSMONEYV70" = Microsoft Money 99 "MSNINST" = MSN "Nero PhotoShow Express" = Nero PhotoShow Express "NeroMultiInstaller!UninstallKey" = Nero Suite "Netscape (7.1)" = Netscape (7.1) "Network Stumbler" = Network Stumbler 0.4.0 (remove only) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Phototool 1.8" = Phototool 1.8 "RegistryBooster 2_is1" = Uniblue RegistryBooster 2 "Screen Clean Screensaver" = Screen Clean Screensaver "Security Task Manager" = Security Task Manager 1.7h "SmartFTP Client 2.5 Setup Files" = SmartFTP Client 2.5 Setup Files (remove only) "SynTPDeinstKey" = Synaptics Pointing Device Driver "System Tweaker_is1" = Uniblue System Tweaker "SystemRequirementsLab" = System Requirements Lab "Tower Gaming_is1" = Tower Gaming "TrojanHunter_is1" = TrojanHunter 5.0 "TVgenial" = TVgenial "ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only) "Visitenkarten in 2 Minuten" = Visitenkarten in 2 Minuten "VLC media player" = VLC media player 1.1.2 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.8 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Zattoo" = Zattoo 3.3.4 Beta ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\Tommy.THOMAS_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\Ute_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer < End of report > LocalService |
19.08.2010, 06:56 | #17 |
/// Malwareteam | Trojaner spioniert Passwörter aus ? Sehr gut. Ein Zwischenerfolg
__________________Werde mir die Logs am Abend noch anschauen. |
19.08.2010, 07:34 | #18 |
| Trojaner spioniert Passwörter aus ? OK bin heute Abend zuhause. Vielen Dank für die Mühe.
__________________ |
19.08.2010, 20:08 | #19 |
/// Malwareteam | Trojaner spioniert Passwörter aus ? Schritt 1 Programme deinstallieren Da einige Programme und Anti-Spy-Programme uns u. U. bei der Bereinigung behindern (z. B. durch ständig laufende Hintergrundwächter), unnötig oder schädlich sind oder einfach nicht mehr gebraucht werden, bitte ich darum, die folgenden Programme über Systemsteuerung => Software komplett zu deinstallieren. Code:
ATTFilter iespell Schritt 2 Du musst diesen Schritt auch wieder über OTLPE machen so wie du das Log erstellt hast. Fixen mit OTL
Code:
ATTFilter :OTL O4 - HKLM..\Run: [bonjour1] C:\WINDOWS\System32\ftpcommander.exe File not found O4 - HKLM..\Run: [ftpcommander1] C:\WINDOWS\system32\winrar.exe ( ) O4 - HKLM..\Run: [iespell1] C:\WINDOWS\System32\bonjour.exe File not found O4 - HKLM..\Run: [lexmarkfaxsolutions1] C:\WINDOWS\System32\iespell.exe File not found O4 - HKLM..\Run: [microsoftmoney1] C:\WINDOWS\system32\microsoftmoney.exe ( ) O4 - HKLM..\Run: [GUpdate] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WebAuto3\Refresh.exe (Gamblock Pty Ltd) O4 - HKLM..\Run: [winrar1] C:\WINDOWS\system32\winrar.exe ( ) O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programme\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programme\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Programme\ieSpell\iespell.dll (Red Egg Software) :Commands [purity] [emptytemp]
Schritt 3 Rootkit-Suche mit Gmer Was sind Rootkits? Wichtig: Bei jedem Rootkit-Scans soll/en:
Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Nun das Logfile in Code-Tags posten. Schritt 4 Poste mit bitte C:\ComboFix.txt Geändert von Swisstreasure (19.08.2010 um 20:25 Uhr) |
19.08.2010, 20:58 | #20 |
| Trojaner spioniert Passwörter aus ?Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 22:29 on 19/08/2010 (Tommy) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit scan 2010-08-19 22:44:05 Windows 5.1.2600 Service Pack 3 Running: pe8cd2gb.exe; Driver: C:\DOKUME~1\TOMMY~1.THO\LOKALE~1\Temp\uwtdipoc.sys ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF750C87E] SSDT F7AFEA04 ZwCreateThread SSDT F7AFE9F0 ZwOpenProcess SSDT F7AFE9F5 ZwOpenThread SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF750CBFE] SSDT F7AFE9FF ZwTerminateProcess SSDT F7AFE9FA ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2CB8 80504554 4 Bytes JMP 6646F7AF .text ntkrnlpa.exe!ZwCallbackReturn + 2DCC 80504668 4 Bytes JMP 57573E1C .text ntkrnlpa.exe!ZwCallbackReturn + 2DE4 80504680 4 Bytes JMP 57753E34 .text ntkrnlpa.exe!ZwCallbackReturn + 2FE8 80504884 4 Bytes JMP ABCD4038 .text ntkrnlpa.exe!ZwCallbackReturn + 3038 805048D4 4 Bytes JMP CB594088 .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6DEB360, 0x2217AD, 0xE8000020] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ... ---- EOF - GMER 1.0.15 ---- 1. Ich habe den Haken bei ADS rausgenommen da in deiner Beschreibung nicht aufgeführt 2. Nach den Scan habe ich den Computer runtergefahren, da neustart nicht funktioniert (liegt an Überspannung Mainboard) |
19.08.2010, 21:00 | #21 |
/// Malwareteam | Trojaner spioniert Passwörter aus ? Hast Du Schritt 1 auch gemacht? |
19.08.2010, 21:03 | #22 |
| Trojaner spioniert Passwörter aus ? Oh sorry hatte das völlig überlesen bin gleich mit Rootkit angefangen. Soll ich nochmal von vorne anfangen mit Schritt 1 ?? |
19.08.2010, 21:08 | #23 |
/// Malwareteam | Trojaner spioniert Passwörter aus ? Mach einfach jetzt mal Schritt 1 |
19.08.2010, 21:15 | #24 |
| Trojaner spioniert Passwörter aus ? Ok Schrit eins habe ich gemacht iespell wurde deinstalliert. Frage: Fall ich jetzt mit Schritt 2 weiter machen soll kann ich die CD von Reatago nehmen die ich gestern erstellt habe 2. Der zu makierende Text den ich einfügen soll, steht doch dann bei ausführung von OTLPE ??? Oder muss ich den vorher aus den Thread kopieren |
19.08.2010, 21:21 | #25 | |
/// Malwareteam | Trojaner spioniert Passwörter aus ? Ja Du musst wieder mit der gleichen CD booten und dann einfach diesen Text reinkopieren: Zitat:
|
19.08.2010, 21:27 | #26 |
| Trojaner spioniert Passwörter aus ? Also soll ich jetzt nochmal OTLPE ausführen und eine CD erstellen, oder soll ich die CD nehmen die ich gestern bei der ersten Ausführung von OTLPE bereits erstellt habe. Wie soll ich den Text reinkopieren, da ich bei starten von REATAGO ja kein Internetverbindung habe und dann auch nicht in mein Thread reinkomme um deinen Text zu kopieren. |
20.08.2010, 00:17 | #27 |
| Trojaner spioniert Passwörter aus ? Habe jetzt Schritt 2 durchgeführt, deine angegebenen Dateien wurden gefixt. Danach konnte ich mein PC nicht mehr neu starten, jedes mal meldete er sich sofort wieder ab. Nach 2 Stunden rumprobieren habe ich es geschaft kurz vor den erneuten runterfahren schnell den Systemwiederherstellungsmodos aufzurufen und konnte danach den PC wieder normal hochfahren, hatte mir ganz schön "Schweisperlen auf die Stirn getrieben" war kurz davor Windows neu zu installieren. Ich glaube das hängt alles mit GamBlock zusammen, löscht man dort bestimmte Dateien, dann fährt der PC sofort runter. Meinst du es hat noch Sinn weiter zu probieren ???? Ich poste dir hier nochmal das Textdokument nach Ausführung von OTLPE danch ging nichts mehr mit den PC. Code:
ATTFilter ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bonjour1 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ftpcommander1 deleted successfully. C:\WINDOWS\system32\winrar.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iespell1 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lexmarkfaxsolutions1 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\microsoftmoney1 deleted successfully. C:\WINDOWS\system32\microsoftmoney.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GUpdate deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WebAuto3\Refresh.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\winrar1 deleted successfully. File C:\WINDOWS\system32\winrar.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}\ not found. File C:\Programme\ieSpell\iespell.dll not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}\ not found. File C:\Programme\ieSpell\iespell.dll not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}\ not found. File C:\Programme\ieSpell\iespell.dll not found. ========== COMMANDS ========== [EMPTYTEMP] User: Default User ->Temp folder emptied: 93844944 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 75 bytes User: All Users User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 27992589 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Tommy ->Temp folder emptied: 18072468 bytes ->Temporary Internet Files folder emptied: 2565067 bytes ->Flash cache emptied: 268 bytes User: Tommy.THOMAS ->Temp folder emptied: 2827404 bytes ->Temporary Internet Files folder emptied: 256082652 bytes ->Java cache emptied: 40983121 bytes ->FireFox cache emptied: 16190210 bytes ->Google Chrome cache emptied: 105444553 bytes ->Flash cache emptied: 86170 bytes User: Ute ->Temp folder emptied: 123179815 bytes ->Temporary Internet Files folder emptied: 254127367 bytes ->Java cache emptied: 2746593 bytes ->FireFox cache emptied: 5059969 bytes ->Google Chrome cache emptied: 6341430 bytes ->Flash cache emptied: 35281 bytes User: TOMMY~1~THO %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 2713024 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 33432 bytes Total Files Cleaned = 914.00 mb OTLPE by OldTimer - Version 3.1.40.0 log created on 08202010_023408 |
20.08.2010, 07:40 | #28 |
/// Malwareteam | Trojaner spioniert Passwörter aus ? Doch das sehe ich leider genau so. Alles andere wäre ein gebastel. So bist Du nachher wieder glücklich und auf der sicheren Seite. |
20.08.2010, 08:17 | #29 |
| Trojaner spioniert Passwörter aus ? Also soll ich jetzt nichts mehr machen oder ist der PC so infiziert, dass ich lieber die Festplatte formatieren sollte und Windows dann neu raufspielen soll. |
20.08.2010, 22:03 | #30 |
/// Malwareteam | Trojaner spioniert Passwörter aus ? Halte Dich an diese Anleitung und setzte die Kiste neu auf. |
Themen zu Trojaner spioniert Passwörter aus ? |
ad-aware, adobe, adware, antivir, ask toolbar, avira, bho, bonjour, downloader, dsl, ebanking, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, location, log file, mein log, object, photoshop, plug-in, prozess, remote control, rojaner gefunden, rundll, system, trojaner, trojaner gefunden, viren, windows, windows xp, wlan |