| |
| |||||||
Log-Analyse und Auswertung: Malware, Trojaner?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.08.2010, 22:38
| #1 |
 |  Malware, Trojaner? Seit kurzem öffnet sich bei mit immer der internet explorer und ich wollte fragen ob ihr da was herauslesen könnt und wenn ja was ich dagegen tun soll. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:36:04, on 28.08.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UAService.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\Explorer.EXE C:\Programme\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe C:\Programme\Browser MOUSE\mouse32a.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\MSI\LAN Utility\DiagAP8169.exe C:\Programme\VIA\RAID\raid_tool.exe C:\Programme\DivX\DivX Update\DivXUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Pando Networks\Media Booster\PMB.exe C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe C:\Programme\Pinnacle\Studio PCTV\bin\Vision.exe C:\PROGRA~1\Pinnacle\SHARED~1\Filter\Server.exe C:\PROGRA~1\Pinnacle\SHARED~1\Filter\VBI_SE~1.EXE C:\Programme\Avira\AntiVir Desktop\avnotify.exe C:\DOKUME~1\XXXL~1\LOKALE~1\Temp\Bvc.exe C:\WINDOWS\Bxebya.exe C:\Programme\Mozilla Firefox 3.6 Beta 4\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wwX.plusnetwork.com R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (file missing) O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll O4 - HKLM\..\Run: [FLMK08KB] C:\Programme\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [WARN POP TRUST LIES] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Camp Mess Warn Pop\README WAIT.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DiagAP8169] C:\Programme\MSI\LAN Utility\DiagAP8169 /hw O4 - HKLM\..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [Bike Store] C:\DOKUME~1\LUKASL~1\ANWEND~1\HECKOO~1\BluePeak.exe O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [XBV6RD5SZF] C:\DOKUME~1\XXXXL~1\LOKALE~1\Temp\Bvc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe O4 - Global Startup: Windows Live Messenger .lnk = C:\Programme\Windows Live\Messenger\msnmsgr.exe O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: GMX Firefox Update (AdminSVCff) - hablamax - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe -- End of file - 8646 bytes |
|
28.08.2010, 22:41
| #2 |
  | Malware, Trojaner? Hi,
__________________lass die beiden mal bei virustotal scannen und poste das Ergebnis: C:\DOKUME~1\XXXL~1\LOKALE~1\Temp\Bvc.exe C:\WINDOWS\Bxebya.exe Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris Für mich: O4 - HKLM\..\Run: [WARN POP TRUST LIES] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Camp Mess Warn Pop\README WAIT.exe O4 - HKCU\..\Run: [Bike Store] C:\DOKUME~1\LUKASL~1\ANWEND~1\HECKOO~1\BluePeak.exe
__________________ |
|
28.08.2010, 22:52
| #3 |
| | Malware, Trojaner? Was soll ich bei dem Virustotal hier posten, er schreibt mir nur eine Liste von Antiviren, die Version und dem letzten update raus
__________________ |
|
28.08.2010, 22:54
| #4 |
| | Malware, Trojaner? Hier mal das von Olt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.08.2010 23:42:58 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Lukas L\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 551,00 Mb Available Physical Memory | 54,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19,53 Gb Total Space | 1,64 Gb Free Space | 8,39% Space Free | Partition Type: NTFS Drive D: | 29,29 Gb Total Space | 14,36 Gb Free Space | 49,01% Space Free | Partition Type: NTFS Drive E: | 54,99 Gb Total Space | 22,03 Gb Free Space | 40,07% Space Free | Partition Type: NTFS Drive F: | 47,39 Gb Total Space | 45,77 Gb Free Space | 96,57% Space Free | Partition Type: NTFS Unable to calculate disk information. H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LUKASL Current User Name: Lukas L Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Temp\Bvc.exe (OpenSC Project) PRC - C:\WINDOWS\Bxebya.exe (OpenSC Project) PRC - C:\Programme\Mozilla Firefox 3.6 Beta 4\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe () PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avnotify.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\system32\UAService.exe () PRC - C:\WINDOWS\system32\UAService7.exe (Sony DADC Austria AG.) PRC - C:\Programme\Browser MOUSE\mouse32a.exe () PRC - C:\Programme\Muiltmedia keyboard Utility\1.3\KBDAP32A.EXE () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe () PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe (hablamax) PRC - C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies) PRC - C:\Programme\MSI\LAN Utility\DiagAP8169.exe () PRC - C:\Programme\Pinnacle\Studio PCTV\bin\Vision.exe (Pinnacle Systems) PRC - C:\Programme\Pinnacle\Shared Files\Filter\server.exe (Pinnacle Systems) PRC - C:\Programme\Pinnacle\Shared Files\Filter\VBI_Server2.exe (PRIVAT) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\quartz.dll (Microsoft Corporation) MOD - C:\Programme\Browser MOUSE\mouDL32A.dll () MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (gusvc) -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File not found SRV - (gupdate) Google Update Service (gupdate) -- C:\Programme\Google\Update\GoogleUpdate.exe File not found SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (UserAccess) -- C:\WINDOWS\system32\UAService.exe () SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\WINDOWS\system32\UAService7.exe (Sony DADC Austria AG.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AdminSVCff) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe (hablamax) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (XDva332) -- C:\WINDOWS\System32\XDva332.sys File not found DRV - (XDva306) -- C:\WINDOWS\System32\XDva306.sys File not found DRV - (HWIONT) -- C:\Programme\MoreTV.353\HWIONT.sys File not found DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC) DRV - (SSHDRV82) -- C:\WINDOWS\system32\drivers\SSHDRV82.sys () DRV - (sony_ssm.sys) -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Temp\sony_ssm.sys (Sony DADC Austria AG.) DRV - (litsgt) -- C:\WINDOWS\system32\drivers\litsgt.sys () DRV - (tansgt) -- C:\WINDOWS\system32\drivers\tansgt.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (LANPkt) -- C:\WINDOWS\system32\drivers\LANPkt.sys (Windows (R) 2000 DDK provider) DRV - (Diag69xp) -- C:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation) DRV - (nvnforce) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation) DRV - (nvax) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation) DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation) DRV - (SjyPkt) -- C:\WINDOWS\system32\drivers\SjyPkt.sys (Windows (R) 2000 DDK provider) DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation) DRV - (cportclm) -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Temp\cportclm.sys () DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (pctvNT) -- C:\WINDOWS\system32\drivers\pctvw2k.sys (Pinnacle Systems) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Plus! IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.3 FF - prefs.js..extensions.enabledItems: beamgeraet@web.de:4.11.0.5 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.14 23:07:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.14 23:07:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Programme\Mozilla Firefox 3.6 Beta 4\components [2010.08.27 20:54:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Programme\Mozilla Firefox 3.6 Beta 4\plugins [2010.08.27 20:54:07 | 000,000,000 | ---D | M] [2009.10.07 19:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Extensions [2009.10.07 19:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org [2010.08.28 22:59:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions [2010.04.27 20:52:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.20 14:30:48 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010.04.27 20:52:18 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.04.27 20:52:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\beamgeraet@web.de [2010.04.27 20:52:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\youtube2mp3@mondayx.de [2010.01.24 20:25:10 | 000,001,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\searchplugins\ask.uk.xml [2009.12.15 17:34:17 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.03.25 12:42:28 | 000,114,688 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2009.07.31 00:59:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.07.31 00:59:14 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.07.31 00:59:14 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.10.02 21:24:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.07.31 00:59:14 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll File not found O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DiagAP8169] C:\Programme\MSI\LAN Utility\DiagAP8169.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FLMK08KB] C:\Programme\Muiltmedia keyboard Utility\1.3\KBDAP32A.EXE () O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe () O4 - HKLM..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WARN POP TRUST LIES] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Camp Mess Warn Pop\README WAIT.exe File not found O4 - HKCU..\Run: [Bike Store] C:\DOKUME~1\LUKASL~1\ANWEND~1\HECKOO~1\BluePeak.exe File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found O4 - HKCU..\Run: [XBV6RD5SZF] C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Temp\Bvc.exe (OpenSC Project) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Wireless Configuration Utility HW.15.lnk = C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe () O4 - Startup: C:\Dokumente und Einstellungen\Lukas L\Startmenü\Programme\Autostart\LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKCU\..Trusted Domains: ([]msn in Arbeitsplatz) O15 - HKCU\..Trusted Domains: localhost ([]* in Lokales Intranet) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.08.13 16:42:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.08.14 08:49:42 | 000,000,000 | ---D | M] - E:\Autorun -- [ NTFS ] O33 - MountPoints2\{660ef0f4-881f-11de-9070-0018e74c9d88}\Shell - "" = AutoRun O33 - MountPoints2\{660ef0f4-881f-11de-9070-0018e74c9d88}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{660ef0f4-881f-11de-9070-0018e74c9d88}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.28 23:44:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Malwarebytes [2010.08.28 23:43:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.28 23:43:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.28 23:43:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.28 23:43:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.28 23:42:30 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\mbam-setup.exe [2010.08.28 23:41:58 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe [2010.08.28 23:34:43 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.08.28 23:00:45 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\WINDOWS\Bxebya.exe [2010.08.15 00:05:38 | 000,000,000 | ---D | C] -- C:\Programme\Carambis [2010.08.14 23:09:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lukas L\Eigene Dateien\BattleForge [2010.08.14 23:06:54 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.08.14 23:06:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer [2010.08.14 23:05:03 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple [2010.08.10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [2010.08.08 21:09:01 | 000,000,000 | ---D | C] -- C:\Programme\DuckLife_at [2010.08.01 11:35:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.08.01 11:35:02 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.08.01 11:34:17 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.01 11:34:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.01 11:34:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.01 11:34:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.07.30 20:29:09 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.28 23:48:17 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.08.28 23:43:44 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.28 23:42:43 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\mbam-setup.exe [2010.08.28 23:42:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe [2010.08.28 23:40:02 | 000,000,292 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.28 23:34:43 | 000,001,988 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.lnk [2010.08.28 23:34:21 | 001,402,880 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.msi [2010.08.28 23:10:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.08.28 23:09:19 | 004,194,304 | -H-- | M] () -- C:\Dokumente und Einstellungen\Lukas L\NTUSER.DAT [2010.08.28 23:00:37 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\WINDOWS\Bxebya.exe [2010.08.28 23:00:00 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\AF1787DF91B43833.job [2010.08.28 21:16:39 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.08.28 21:15:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.28 21:15:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.28 21:15:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.27 23:15:42 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Lukas L\ntuser.ini [2010.08.26 13:16:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.08.25 15:26:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.08.24 17:30:12 | 000,203,867 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Eigene Dateien\ts3_clientui-win32-11315-2010-08-24 17_30_07.515625.dmp [2010.08.23 19:28:10 | 070,017,677 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\sd_icc_lichking_10n.flv [2010.08.15 00:06:48 | 000,001,012 | ---- | M] () -- C:\WINDOWS\ATICIM.INI [2010.08.15 00:04:46 | 049,877,904 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\6-12_xp_dd_ccc_wdm_enu_38463.zip [2010.08.14 23:07:14 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.08.14 23:01:49 | 000,001,440 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BattleForge™.lnk [2010.08.14 22:13:49 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\Verknüpfung mit Papierkorb.lnk [2010.08.12 22:59:26 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.12 00:18:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.12 00:16:21 | 001,032,092 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.12 00:16:21 | 000,461,986 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.12 00:16:21 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.12 00:16:21 | 000,085,328 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.12 00:16:21 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [2010.08.10 00:05:00 | 004,286,722 | -H-- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.08.08 21:19:18 | 000,001,514 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\DuckLife.lnk [2010.07.31 11:06:35 | 000,010,283 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\Neu Microsoft Office Word-Dokument.docx [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.28 23:43:44 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.28 23:34:43 | 000,001,988 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.lnk [2010.08.28 23:34:21 | 001,402,880 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.msi [2010.08.28 23:00:51 | 000,000,292 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.28 23:00:39 | 000,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.08.24 17:30:07 | 000,203,867 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Eigene Dateien\ts3_clientui-win32-11315-2010-08-24 17_30_07.515625.dmp [2010.08.23 19:14:13 | 070,017,677 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\sd_icc_lichking_10n.flv [2010.08.15 00:06:48 | 000,001,012 | ---- | C] () -- C:\WINDOWS\ATICIM.INI [2010.08.15 00:01:58 | 049,877,904 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\6-12_xp_dd_ccc_wdm_enu_38463.zip [2010.08.14 23:07:14 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.08.14 23:01:49 | 000,001,440 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BattleForge™.lnk [2010.08.14 22:13:49 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\Verknüpfung mit Papierkorb.lnk [2010.08.08 21:19:18 | 000,001,514 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\DuckLife.lnk [2010.05.20 17:44:47 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\$_hpcst$.hpc [2010.04.02 15:51:56 | 000,000,510 | ---- | C] () -- C:\WINDOWS\PCTV.ini [2010.04.02 15:51:53 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL [2010.04.02 15:51:53 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL [2010.04.02 15:51:53 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL [2010.04.02 15:51:53 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL [2010.04.02 15:51:53 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL [2010.04.02 15:51:50 | 000,014,025 | ---- | C] () -- C:\WINDOWS\TWAINCAP.INI [2010.04.02 15:51:44 | 000,029,408 | ---- | C] () -- C:\WINDOWS\System32\Mcipctv.dll [2010.04.02 14:40:13 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2010.04.02 14:40:06 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2010.03.09 18:27:46 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.22 08:44:46 | 000,076,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV82.sys [2009.10.22 08:44:09 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.09.26 12:42:13 | 000,000,109 | ---- | C] () -- C:\WINDOWS\disney.ini [2009.09.26 11:23:34 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2009.09.26 11:23:34 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2009.09.26 11:23:34 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2009.09.26 00:21:54 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2009.09.17 16:09:30 | 000,000,177 | ---- | C] () -- C:\WINDOWS\game.ini [2009.09.13 13:10:38 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009.08.24 11:05:58 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.08.14 09:02:47 | 000,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\litsgt.sys [2009.08.14 09:02:47 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\tansgt.sys [2009.08.13 19:54:25 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll [2007.01.12 17:48:16 | 000,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll [2007.01.05 23:23:06 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2007.01.05 23:23:06 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2007.01.05 23:23:04 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2007.01.05 23:23:04 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2001.08.23 14:00:00 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini und OTL Extras logfile created on: 28.08.2010 23:42:58 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Lukas L\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 551,00 Mb Available Physical Memory | 54,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19,53 Gb Total Space | 1,64 Gb Free Space | 8,39% Space Free | Partition Type: NTFS Drive D: | 29,29 Gb Total Space | 14,36 Gb Free Space | 49,01% Space Free | Partition Type: NTFS Drive E: | 54,99 Gb Total Space | 22,03 Gb Free Space | 40,07% Space Free | Partition Type: NTFS Drive F: | 47,39 Gb Total Space | 45,77 Gb Free Space | 96,57% Space Free | Partition Type: NTFS Unable to calculate disk information. H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LUKASL Current User Name: Lukas L Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox 3.6 Beta 4\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "57764:TCP" = 57764:TCP:*:Enabled:Pando Media Booster "57764:UDP" = 57764:UDP:*:Enabled:Pando Media Booster "8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher "8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher "56897:TCP" = 56897:TCP:*:Enabled:Pando Media Booster "56897:UDP" = 56897:UDP:*:Enabled:Pando Media Booster "1890:TCP" = 1890:TCP:*:Enabled:Akamai NetSession Interface "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe:*:Enabled:GMX Update -- (AccSys GmbH) "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "D:\Spiele\DoW\W40k.exe" = D:\Spiele\DoW\W40k.exe:*:Enabled:W40k -- (THQ Canada Inc.) "D:\Spiele\TQIT\Tqit.exe" = D:\Spiele\TQIT\Tqit.exe:*:Enabled:Tqit -- () "D:\Spiele\HdRDSuM2\game.dat" = D:\Spiele\HdRDSuM2\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II -- File not found "C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "F:\Spiele\SMC4\Civilization4.exe" = F:\Spiele\SMC4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games) "E:\World of Warcraft\Launcher.exe" = E:\World of Warcraft\Launcher.exe:*:Enabled:Launcher -- (Blizzard Entertainment) "E:\S4League\patcher_s4.exe" = E:\S4League\patcher_s4.exe:*:Enabled:S4League -- File not found "E:\S4League\HShield\HSUpdate.exe" = E:\S4League\HShield\HSUpdate.exe:*:Enabled:HSUpdate -- File not found "E:\S4League\HShield\hslogmgr.exe" = E:\S4League\HShield\hslogmgr.exe:*:Enabled:hslogmgr -- File not found "E:\S4League\HShield\ahnrpt.exe" = E:\S4League\HShield\ahnrpt.exe:*:Enabled:ahnrpt -- File not found "E:\S4League\S4Client.exe" = E:\S4League\S4Client.exe:*:Enabled:S4Client -- File not found "E:\League of Legends\Air\LolClient.exe" = E:\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- File not found "E:\League of Legends\Game\League of Legends.exe" = E:\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- File not found "C:\Dokumente und Einstellungen\Lukas L\Desktop\FOGDownloader-RoM_2_1_0_1871.exe" = C:\Dokumente und Einstellungen\Lukas L\Desktop\FOGDownloader-RoM_2_1_0_1871.exe:*:Enabled:YuLeech -- File not found "C:\Programme\Sony Ericsson\Update Service\Update Service.exe" = C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- () "C:\Programme\BitLord\BitLord.exe" = C:\Programme\BitLord\BitLord.exe:*:Enabled:BitLord -- (BitLord - The Ultimate Torrent Downloader) "E:\Age of Empires 2\age2_x1.exe" = E:\Age of Empires 2\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation) "C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation) "C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "E:\BattleForge\Bootstrapper.exe" = E:\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher -- (EA Phenomic) "E:\BattleForge\BattleForge.exe" = E:\BattleForge\BattleForge.exe:*:Enabled:BattleForge™ -- (EA Phenomic) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{11BBAE1C-27AE-4ABA-A54C-9FFE3844CCEC}" = GMX Firefox Paket "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater "{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}" = MorphVOX Pro "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War "{8BAD4440-26D7-4A40-B844-066D2AF3550C}" = Two Worlds "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1 "{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™ "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU "{E2BE1618-AF5F-4F7D-8484-42E080EDF609}" = AGEIA PhysX v7.01.12 "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = 802.11g Wireless Adapter HW.15 V.1.00 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FB15BACA-8F2E-421C-A214-F9065EA15A92}" = LAN Utility "{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BitLord" = BitLord 1.1 "Browser MOUSE" = Browser MOUSE "DivX Setup.divx.com" = DivX-Setup "DuckLife_is1" = DuckLife "ENTERPRISE" = Microsoft Office Enterprise 2007 "Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.02.026 "GMX Firefox Browser Update" = GMX Firefox Browser Update "Google Updater" = Google Updater "Ideal DVD to iPod Converter_is1" = Ideal DVD to iPod Converter V2.5.0 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "InstallShield_{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = 802.11g Wireless Adapter HW.15 V.1.00 "LimeWire" = LimeWire 5.5.7 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "miroMEDIA_PCTV_Tools" = Studio PCTV "miroVIDEO PCTV" = Studio PCTV "MoreTV" = MoreTV 3.53 "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5) "Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Muiltmedia keyboard Utility 1.3" = Muiltmedia keyboard Utility 1.3 "Mumble" = Mumble and Murmur "NVIDIAnForce" = NVIDIA Windows 2000/XP nForce Drivers "PhotoScape" = PhotoScape "softonic-de3 Toolbar" = softonic-de3 Toolbar "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Update Service" = Update Service "VLC media player" = VLC media player 1.0.3 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xfire" = Xfire (remove only) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 23.08.2010 12:13:17 | Computer Name = LUKASL | Source = MSSOAP | ID = 16 Description = Soap error: One of the parameters supplied is invalid.. Error - 23.08.2010 12:13:39 | Computer Name = LUKASL | Source = MSSOAP | ID = 16 Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason is: A connection with the server could not be established . Error - 23.08.2010 12:13:39 | Computer Name = LUKASL | Source = MSSOAP | ID = 16 Description = Soap error: Loading of the WSDL file failed. Error - 23.08.2010 12:13:39 | Computer Name = LUKASL | Source = MSSOAP | ID = 16 Description = Soap error: One of the parameters supplied is invalid.. Error - 23.08.2010 12:14:00 | Computer Name = LUKASL | Source = MSSOAP | ID = 16 Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason is: A connection with the server could not be established . Error - 23.08.2010 12:14:00 | Computer Name = LUKASL | Source = MSSOAP | ID = 16 Description = Soap error: Loading of the WSDL file failed. Error - 23.08.2010 12:14:00 | Computer Name = LUKASL | Source = MSSOAP | ID = 16 Description = Soap error: One of the parameters supplied is invalid.. Error - 23.08.2010 16:44:59 | Computer Name = LUKASL | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung wlmail.exe, Version 14.0.8089.726, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.08.2010 06:04:12 | Computer Name = LUKASL | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3814, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b. Error - 24.08.2010 12:18:49 | Computer Name = LUKASL | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung ts3client_win32.exe, Version 1.0.0.0, fehlgeschlagenes Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x00036fa3. [ System Events ] Error - 15.08.2010 06:54:31 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 16.08.2010 02:19:58 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 23.08.2010 11:19:02 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 24.08.2010 01:39:01 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 25.08.2010 06:36:14 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 25.08.2010 10:01:45 | Computer Name = LUKASL | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 10.0.0.49 für die Netzwerkkarte mit der Netzwerkadresse 0018E74C9D88 wurde durch den DHCP-Server 10.0.0.138 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 25.08.2010 15:21:37 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 26.08.2010 05:11:12 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 27.08.2010 10:20:06 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 28.08.2010 15:15:42 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 < End of report > |
|
28.08.2010, 22:55
| #5 |
| | Malware, Trojaner? Hi, und hoffentlich das Ergebniss der Files die Du nacheinander hochgeladen hast... Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\DOKUME~1\XXXL~1\LOKALE~1\Temp\Bvc.exe
C:\WINDOWS\Bxebya.exe
Danach MAM im Fullscanmodus nach update der Signaturen... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
28.08.2010, 22:56
| #6 |
| | Malware, Trojaner? Hier mal das von Olt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.08.2010 23:42:58 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Lukas L\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 551,00 Mb Available Physical Memory | 54,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19,53 Gb Total Space | 1,64 Gb Free Space | 8,39% Space Free | Partition Type: NTFS Drive D: | 29,29 Gb Total Space | 14,36 Gb Free Space | 49,01% Space Free | Partition Type: NTFS Drive E: | 54,99 Gb Total Space | 22,03 Gb Free Space | 40,07% Space Free | Partition Type: NTFS Drive F: | 47,39 Gb Total Space | 45,77 Gb Free Space | 96,57% Space Free | Partition Type: NTFS Unable to calculate disk information. H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LUKASL Current User Name: Lukas L Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Temp\Bvc.exe (OpenSC Project) PRC - C:\WINDOWS\Bxebya.exe (OpenSC Project) PRC - C:\Programme\Mozilla Firefox 3.6 Beta 4\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe () PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avnotify.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\system32\UAService.exe () PRC - C:\WINDOWS\system32\UAService7.exe (Sony DADC Austria AG.) PRC - C:\Programme\Browser MOUSE\mouse32a.exe () PRC - C:\Programme\Muiltmedia keyboard Utility\1.3\KBDAP32A.EXE () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe () PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe (hablamax) PRC - C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies) PRC - C:\Programme\MSI\LAN Utility\DiagAP8169.exe () PRC - C:\Programme\Pinnacle\Studio PCTV\bin\Vision.exe (Pinnacle Systems) PRC - C:\Programme\Pinnacle\Shared Files\Filter\server.exe (Pinnacle Systems) PRC - C:\Programme\Pinnacle\Shared Files\Filter\VBI_Server2.exe (PRIVAT) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\quartz.dll (Microsoft Corporation) MOD - C:\Programme\Browser MOUSE\mouDL32A.dll () MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (gusvc) -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File not found SRV - (gupdate) Google Update Service (gupdate) -- C:\Programme\Google\Update\GoogleUpdate.exe File not found SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (UserAccess) -- C:\WINDOWS\system32\UAService.exe () SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\WINDOWS\system32\UAService7.exe (Sony DADC Austria AG.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AdminSVCff) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe (hablamax) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (XDva332) -- C:\WINDOWS\System32\XDva332.sys File not found DRV - (XDva306) -- C:\WINDOWS\System32\XDva306.sys File not found DRV - (HWIONT) -- C:\Programme\MoreTV.353\HWIONT.sys File not found DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC) DRV - (SSHDRV82) -- C:\WINDOWS\system32\drivers\SSHDRV82.sys () DRV - (sony_ssm.sys) -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Temp\sony_ssm.sys (Sony DADC Austria AG.) DRV - (litsgt) -- C:\WINDOWS\system32\drivers\litsgt.sys () DRV - (tansgt) -- C:\WINDOWS\system32\drivers\tansgt.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (LANPkt) -- C:\WINDOWS\system32\drivers\LANPkt.sys (Windows (R) 2000 DDK provider) DRV - (Diag69xp) -- C:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation) DRV - (nvnforce) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation) DRV - (nvax) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation) DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation) DRV - (SjyPkt) -- C:\WINDOWS\system32\drivers\SjyPkt.sys (Windows (R) 2000 DDK provider) DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation) DRV - (cportclm) -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Temp\cportclm.sys () DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (pctvNT) -- C:\WINDOWS\system32\drivers\pctvw2k.sys (Pinnacle Systems) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Plus! IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.3 FF - prefs.js..extensions.enabledItems: beamgeraet@web.de:4.11.0.5 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.14 23:07:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.14 23:07:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Programme\Mozilla Firefox 3.6 Beta 4\components [2010.08.27 20:54:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Programme\Mozilla Firefox 3.6 Beta 4\plugins [2010.08.27 20:54:07 | 000,000,000 | ---D | M] [2009.10.07 19:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Extensions [2009.10.07 19:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org [2010.08.28 22:59:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions [2010.04.27 20:52:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.20 14:30:48 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010.04.27 20:52:18 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.04.27 20:52:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\beamgeraet@web.de [2010.04.27 20:52:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\youtube2mp3@mondayx.de [2010.01.24 20:25:10 | 000,001,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\searchplugins\ask.uk.xml [2009.12.15 17:34:17 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.03.25 12:42:28 | 000,114,688 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2009.07.31 00:59:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.07.31 00:59:14 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.07.31 00:59:14 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.10.02 21:24:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.07.31 00:59:14 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll File not found O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DiagAP8169] C:\Programme\MSI\LAN Utility\DiagAP8169.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FLMK08KB] C:\Programme\Muiltmedia keyboard Utility\1.3\KBDAP32A.EXE () O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe () O4 - HKLM..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WARN POP TRUST LIES] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Camp Mess Warn Pop\README WAIT.exe File not found O4 - HKCU..\Run: [Bike Store] C:\DOKUME~1\LUKASL~1\ANWEND~1\HECKOO~1\BluePeak.exe File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found O4 - HKCU..\Run: [XBV6RD5SZF] C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Temp\Bvc.exe (OpenSC Project) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Wireless Configuration Utility HW.15.lnk = C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe () O4 - Startup: C:\Dokumente und Einstellungen\Lukas L\Startmenü\Programme\Autostart\LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKCU\..Trusted Domains: ([]msn in Arbeitsplatz) O15 - HKCU\..Trusted Domains: localhost ([]* in Lokales Intranet) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.08.13 16:42:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.08.14 08:49:42 | 000,000,000 | ---D | M] - E:\Autorun -- [ NTFS ] O33 - MountPoints2\{660ef0f4-881f-11de-9070-0018e74c9d88}\Shell - "" = AutoRun O33 - MountPoints2\{660ef0f4-881f-11de-9070-0018e74c9d88}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{660ef0f4-881f-11de-9070-0018e74c9d88}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.28 23:44:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Malwarebytes [2010.08.28 23:43:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.28 23:43:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.28 23:43:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.28 23:43:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.28 23:42:30 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\mbam-setup.exe [2010.08.28 23:41:58 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe [2010.08.28 23:34:43 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.08.28 23:00:45 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\WINDOWS\Bxebya.exe [2010.08.15 00:05:38 | 000,000,000 | ---D | C] -- C:\Programme\Carambis [2010.08.14 23:09:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lukas L\Eigene Dateien\BattleForge [2010.08.14 23:06:54 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.08.14 23:06:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer [2010.08.14 23:05:03 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple [2010.08.10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [2010.08.08 21:09:01 | 000,000,000 | ---D | C] -- C:\Programme\DuckLife_at [2010.08.01 11:35:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.08.01 11:35:02 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.08.01 11:34:17 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.01 11:34:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.01 11:34:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.01 11:34:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.07.30 20:29:09 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.28 23:48:17 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.08.28 23:43:44 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.28 23:42:43 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\mbam-setup.exe [2010.08.28 23:42:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe [2010.08.28 23:40:02 | 000,000,292 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.28 23:34:43 | 000,001,988 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.lnk [2010.08.28 23:34:21 | 001,402,880 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.msi [2010.08.28 23:10:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.08.28 23:09:19 | 004,194,304 | -H-- | M] () -- C:\Dokumente und Einstellungen\Lukas L\NTUSER.DAT [2010.08.28 23:00:37 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\WINDOWS\Bxebya.exe [2010.08.28 23:00:00 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\AF1787DF91B43833.job [2010.08.28 21:16:39 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.08.28 21:15:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.28 21:15:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.28 21:15:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.27 23:15:42 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Lukas L\ntuser.ini [2010.08.26 13:16:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.08.25 15:26:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.08.24 17:30:12 | 000,203,867 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Eigene Dateien\ts3_clientui-win32-11315-2010-08-24 17_30_07.515625.dmp [2010.08.23 19:28:10 | 070,017,677 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\sd_icc_lichking_10n.flv [2010.08.15 00:06:48 | 000,001,012 | ---- | M] () -- C:\WINDOWS\ATICIM.INI [2010.08.15 00:04:46 | 049,877,904 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\6-12_xp_dd_ccc_wdm_enu_38463.zip [2010.08.14 23:07:14 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.08.14 23:01:49 | 000,001,440 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BattleForge™.lnk [2010.08.14 22:13:49 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\Verknüpfung mit Papierkorb.lnk [2010.08.12 22:59:26 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.12 00:18:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.12 00:16:21 | 001,032,092 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.12 00:16:21 | 000,461,986 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.12 00:16:21 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.12 00:16:21 | 000,085,328 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.12 00:16:21 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [2010.08.10 00:05:00 | 004,286,722 | -H-- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.08.08 21:19:18 | 000,001,514 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\DuckLife.lnk [2010.07.31 11:06:35 | 000,010,283 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\Neu Microsoft Office Word-Dokument.docx [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.28 23:43:44 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.28 23:34:43 | 000,001,988 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.lnk [2010.08.28 23:34:21 | 001,402,880 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.msi [2010.08.28 23:00:51 | 000,000,292 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.28 23:00:39 | 000,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.08.24 17:30:07 | 000,203,867 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Eigene Dateien\ts3_clientui-win32-11315-2010-08-24 17_30_07.515625.dmp [2010.08.23 19:14:13 | 070,017,677 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\sd_icc_lichking_10n.flv [2010.08.15 00:06:48 | 000,001,012 | ---- | C] () -- C:\WINDOWS\ATICIM.INI [2010.08.15 00:01:58 | 049,877,904 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\6-12_xp_dd_ccc_wdm_enu_38463.zip [2010.08.14 23:07:14 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.08.14 23:01:49 | 000,001,440 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BattleForge™.lnk [2010.08.14 22:13:49 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\Verknüpfung mit Papierkorb.lnk [2010.08.08 21:19:18 | 000,001,514 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\DuckLife.lnk [2010.05.20 17:44:47 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\$_hpcst$.hpc [2010.04.02 15:51:56 | 000,000,510 | ---- | C] () -- C:\WINDOWS\PCTV.ini [2010.04.02 15:51:53 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL [2010.04.02 15:51:53 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL [2010.04.02 15:51:53 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL [2010.04.02 15:51:53 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL [2010.04.02 15:51:53 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL [2010.04.02 15:51:50 | 000,014,025 | ---- | C] () -- C:\WINDOWS\TWAINCAP.INI [2010.04.02 15:51:44 | 000,029,408 | ---- | C] () -- C:\WINDOWS\System32\Mcipctv.dll [2010.04.02 14:40:13 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2010.04.02 14:40:06 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2010.03.09 18:27:46 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.22 08:44:46 | 000,076,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV82.sys [2009.10.22 08:44:09 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.09.26 12:42:13 | 000,000,109 | ---- | C] () -- C:\WINDOWS\disney.ini [2009.09.26 11:23:34 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2009.09.26 11:23:34 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2009.09.26 11:23:34 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2009.09.26 00:21:54 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2009.09.17 16:09:30 | 000,000,177 | ---- | C] () -- C:\WINDOWS\game.ini [2009.09.13 13:10:38 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009.08.24 11:05:58 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.08.14 09:02:47 | 000,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\litsgt.sys [2009.08.14 09:02:47 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\tansgt.sys [2009.08.13 19:54:25 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll [2007.01.12 17:48:16 | 000,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll [2007.01.05 23:23:06 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2007.01.05 23:23:06 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2007.01.05 23:23:04 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2007.01.05 23:23:04 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2001.08.23 14:00:00 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini und OTL Extras logfile created on: 28.08.2010 23:42:58 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Lukas L\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 551,00 Mb Available Physical Memory | 54,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19,53 Gb Total Space | 1,64 Gb Free Space | 8,39% Space Free | Partition Type: NTFS Drive D: | 29,29 Gb Total Space | 14,36 Gb Free Space | 49,01% Space Free | Partition Type: NTFS Drive E: | 54,99 Gb Total Space | 22,03 Gb Free Space | 40,07% Space Free | Partition Type: NTFS Drive F: | 47,39 Gb Total Space | 45,77 Gb Free Space | 96,57% Space Free | Partition Type: NTFS Unable to calculate disk information. H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LUKASL Current User Name: Lukas L Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox 3.6 Beta 4\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "57764:TCP" = 57764:TCP:*:Enabled:Pando Media Booster "57764:UDP" = 57764:UDP:*:Enabled:Pando Media Booster "8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher "8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher "56897:TCP" = 56897:TCP:*:Enabled:Pando Media Booster "56897:UDP" = 56897:UDP:*:Enabled:Pando Media Booster "1890:TCP" = 1890:TCP:*:Enabled:Akamai NetSession Interface "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe:*:Enabled:GMX Update -- (AccSys GmbH) "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "D:\Spiele\DoW\W40k.exe" = D:\Spiele\DoW\W40k.exe:*:Enabled:W40k -- (THQ Canada Inc.) "D:\Spiele\TQIT\Tqit.exe" = D:\Spiele\TQIT\Tqit.exe:*:Enabled:Tqit -- () "D:\Spiele\HdRDSuM2\game.dat" = D:\Spiele\HdRDSuM2\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II -- File not found "C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "F:\Spiele\SMC4\Civilization4.exe" = F:\Spiele\SMC4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games) "E:\World of Warcraft\Launcher.exe" = E:\World of Warcraft\Launcher.exe:*:Enabled:Launcher -- (Blizzard Entertainment) "E:\S4League\patcher_s4.exe" = E:\S4League\patcher_s4.exe:*:Enabled:S4League -- File not found "E:\S4League\HShield\HSUpdate.exe" = E:\S4League\HShield\HSUpdate.exe:*:Enabled:HSUpdate -- File not found "E:\S4League\HShield\hslogmgr.exe" = E:\S4League\HShield\hslogmgr.exe:*:Enabled:hslogmgr -- File not found "E:\S4League\HShield\ahnrpt.exe" = E:\S4League\HShield\ahnrpt.exe:*:Enabled:ahnrpt -- File not found "E:\S4League\S4Client.exe" = E:\S4League\S4Client.exe:*:Enabled:S4Client -- File not found "E:\League of Legends\Air\LolClient.exe" = E:\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- File not found "E:\League of Legends\Game\League of Legends.exe" = E:\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- File not found "C:\Dokumente und Einstellungen\Lukas L\Desktop\FOGDownloader-RoM_2_1_0_1871.exe" = C:\Dokumente und Einstellungen\Lukas L\Desktop\FOGDownloader-RoM_2_1_0_1871.exe:*:Enabled:YuLeech -- File not found "C:\Programme\Sony Ericsson\Update Service\Update Service.exe" = C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- () "C:\Programme\BitLord\BitLord.exe" = C:\Programme\BitLord\BitLord.exe:*:Enabled:BitLord -- (BitLord - The Ultimate Torrent Downloader) "E:\Age of Empires 2\age2_x1.exe" = E:\Age of Empires 2\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation) "C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation) "C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "E:\BattleForge\Bootstrapper.exe" = E:\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher -- (EA Phenomic) "E:\BattleForge\BattleForge.exe" = E:\BattleForge\BattleForge.exe:*:Enabled:BattleForge™ -- (EA Phenomic) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{11BBAE1C-27AE-4ABA-A54C-9FFE3844CCEC}" = GMX Firefox Paket "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater "{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}" = MorphVOX Pro "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War "{8BAD4440-26D7-4A40-B844-066D2AF3550C}" = Two Worlds "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1 "{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™ "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU "{E2BE1618-AF5F-4F7D-8484-42E080EDF609}" = AGEIA PhysX v7.01.12 "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = 802.11g Wireless Adapter HW.15 V.1.00 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FB15BACA-8F2E-421C-A214-F9065EA15A92}" = LAN Utility "{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BitLord" = BitLord 1.1 "Browser MOUSE" = Browser MOUSE "DivX Setup.divx.com" = DivX-Setup "DuckLife_is1" = DuckLife "ENTERPRISE" = Microsoft Office Enterprise 2007 "Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.02.026 "GMX Firefox Browser Update" = GMX Firefox Browser Update "Google Updater" = Google Updater "Ideal DVD to iPod Converter_is1" = Ideal DVD to iPod Converter V2.5.0 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "InstallShield_{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = 802.11g Wireless Adapter HW.15 V.1.00 "LimeWire" = LimeWire 5.5.7 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "miroMEDIA_PCTV_Tools" = Studio PCTV "miroVIDEO PCTV" = Studio PCTV "MoreTV" = MoreTV 3.53 "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5) "Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Muiltmedia keyboard Utility 1.3" = Muiltmedia keyboard Utility 1.3 "Mumble" = Mumble and Murmur "NVIDIAnForce" = NVIDIA Windows 2000/XP nForce Drivers "PhotoScape" = PhotoScape "softonic-de3 Toolbar" = softonic-de3 Toolbar "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Update Service" = Update Service "VLC media player" = VLC media player 1.0.3 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xfire" = Xfire (remove only) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 23.08.2010 12:13:17 | Computer Name = LUKASL | Source = MSSOAP | ID = 16 Description = Soap error: One of the parameters supplied is invalid.. Error - 23.08.2010 12:13:39 | Computer Name = LUKASL | Source = MSSOAP | ID = 16 Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason is: A connection with the server could not be established . Error - 23.08.2010 12:13:39 | Computer Name = LUKASL | Source = MSSOAP | ID = 16 Description = Soap error: Loading of the WSDL file failed. Error - 23.08.2010 12:13:39 | Computer Name = LUKASL | Source = MSSOAP | ID = 16 Description = Soap error: One of the parameters supplied is invalid.. Error - 23.08.2010 12:14:00 | Computer Name = LUKASL | Source = MSSOAP | ID = 16 Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason is: A connection with the server could not be established . Error - 23.08.2010 12:14:00 | Computer Name = LUKASL | Source = MSSOAP | ID = 16 Description = Soap error: Loading of the WSDL file failed. Error - 23.08.2010 12:14:00 | Computer Name = LUKASL | Source = MSSOAP | ID = 16 Description = Soap error: One of the parameters supplied is invalid.. Error - 23.08.2010 16:44:59 | Computer Name = LUKASL | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung wlmail.exe, Version 14.0.8089.726, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.08.2010 06:04:12 | Computer Name = LUKASL | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3814, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b. Error - 24.08.2010 12:18:49 | Computer Name = LUKASL | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung ts3client_win32.exe, Version 1.0.0.0, fehlgeschlagenes Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x00036fa3. [ System Events ] Error - 15.08.2010 06:54:31 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 16.08.2010 02:19:58 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 23.08.2010 11:19:02 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 24.08.2010 01:39:01 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 25.08.2010 06:36:14 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 25.08.2010 10:01:45 | Computer Name = LUKASL | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 10.0.0.49 für die Netzwerkkarte mit der Netzwerkadresse 0018E74C9D88 wurde durch den DHCP-Server 10.0.0.138 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 25.08.2010 15:21:37 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 26.08.2010 05:11:12 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 27.08.2010 10:20:06 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 28.08.2010 15:15:42 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 < End of report > |
|
28.08.2010, 22:57
| #7 |
| | Malware, Trojaner? Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4495 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 28.08.2010 23:56:08 mbam-log-2010-08-28 (23-56-08).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 143422 Laufzeit: 10 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbv6rd5szf (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Temp\Bvc.exe (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. |
|
28.08.2010, 23:00
| #8 |
| | Malware, Trojaner? also bei Virustotal hab ich beide hochgeladen aber was ich nicht ganz verstehe ist was ich posten muss :> |
|
28.08.2010, 23:08
| #9 |
| | Malware, Trojaner? File name: Bvc.exe Submission date: 2010-08-28 21:48:29 (UTC) Current status: queued queued analysing finished Result: 9/ 41 (22.0%) Antivirus Version Last Update Result AhnLab-V3 2010.08.29.00 2010.08.28 - AntiVir 8.2.4.46 2010.08.28 - Antiy-AVL 2.0.3.7 2010.08.26 - Authentium 5.2.0.5 2010.08.28 W32/Renos.A!Generic Avast 4.8.1351.0 2010.08.28 - Avast5 5.0.594.0 2010.08.28 - AVG 9.0.0.851 2010.08.28 - BitDefender 7.2 2010.08.28 Gen:Variant.Renos.41 CAT-QuickHeal 11.00 2010.08.28 - ClamAV 0.96.2.0-git 2010.08.28 - Comodo 5890 2010.08.28 - DrWeb 5.0.2.03300 2010.08.28 - Emsisoft 5.0.0.37 2010.08.28 - eSafe 7.0.17.0 2010.08.26 - eTrust-Vet 36.1.7823 2010.08.27 Win32/Renos.D!generic F-Prot 4.6.1.107 2010.08.28 W32/Renos.A!Generic F-Secure 9.0.15370.0 2010.08.28 - Fortinet 4.1.143.0 2010.08.28 - GData 21 2010.08.28 Gen:Variant.Renos.41 Ikarus T3.1.1.88.0 2010.08.28 - Jiangmin 13.0.900 2010.08.28 - Kaspersky 7.0.0.125 2010.08.28 - McAfee 5.400.0.1158 2010.08.28 - Microsoft 1.6103 2010.08.28 - NOD32 5405 2010.08.28 - Norman 6.05.11 2010.08.28 - nProtect 2010-08-28.01 2010.08.28 - Panda 10.0.2.7 2010.08.28 Suspicious file PCTools 7.0.3.5 2010.08.28 - Prevx 3.0 2010.08.28 High Risk Cloaked Malware Rising 22.62.05.03 2010.08.28 - Sophos 4.56.0 2010.08.28 Mal/FakeAV-CX Sunbelt 6807 2010.08.28 VirTool.Win32.Obfuscator.hg!b (v) SUPERAntiSpyware 4.40.0.1006 2010.08.28 - Symantec 20101.1.1.7 2010.08.28 - TheHacker 6.5.2.1.357 2010.08.28 - TrendMicro 9.120.0.1004 2010.08.28 - TrendMicro-HouseCall 9.120.0.1004 2010.08.28 - VBA32 3.12.14.0 2010.08.27 - ViRobot 2010.8.28.4013 2010.08.28 - VirusBuster 5.0.27.0 2010.08.28 - Additional information Show all MD5 : 3728beee24c06274e8a1870844c66c13 SHA1 : ffb40eb3347178f7118ee99905d2c26eee5366ad SHA256: 05ca6c1a1f3ab5eb030431b23e74cff0c0df44a0242703804f700fc1569ae48c und File name: Bxebya.exe Submission date: 2010-08-28 21:49:04 (UTC) Current status: finished Result: 10 /42 (23.8%) Antivirus Version Last Update Result AhnLab-V3 2010.08.29.00 2010.08.28 - AntiVir 8.2.4.46 2010.08.28 - Antiy-AVL 2.0.3.7 2010.08.26 - Authentium 5.2.0.5 2010.08.28 W32/Renos.A!Generic Avast 4.8.1351.0 2010.08.28 - Avast5 5.0.594.0 2010.08.28 - AVG 9.0.0.851 2010.08.28 - BitDefender 7.2 2010.08.28 Gen:Variant.Renos.41 CAT-QuickHeal 11.00 2010.08.28 - ClamAV 0.96.2.0-git 2010.08.28 - Comodo 5890 2010.08.28 - DrWeb 5.0.2.03300 2010.08.28 Trojan.Packed.160 Emsisoft 5.0.0.37 2010.08.28 - eSafe 7.0.17.0 2010.08.26 - eTrust-Vet 36.1.7823 2010.08.27 Win32/Renos.D!generic F-Prot 4.6.1.107 2010.08.28 W32/Renos.A!Generic F-Secure 9.0.15370.0 2010.08.28 - Fortinet 4.1.143.0 2010.08.28 - GData 21 2010.08.28 Gen:Variant.Renos.41 Ikarus T3.1.1.88.0 2010.08.28 - Jiangmin 13.0.900 2010.08.28 - Kaspersky 7.0.0.125 2010.08.28 - McAfee 5.400.0.1158 2010.08.28 - McAfee-GW-Edition 2010.1B 2010.08.28 Heuristic.BehavesLike.Win32.Obfuscated.H Microsoft 1.6103 2010.08.28 - NOD32 5405 2010.08.28 - Norman 6.05.11 2010.08.28 - nProtect 2010-08-28.01 2010.08.28 - Panda 10.0.2.7 2010.08.28 Suspicious file PCTools 7.0.3.5 2010.08.28 - Prevx 3.0 2010.08.28 - Rising 22.62.05.03 2010.08.28 - Sophos 4.56.0 2010.08.28 Mal/FakeAV-CX Sunbelt 6807 2010.08.28 VirTool.Win32.Obfuscator.hg!b (v) SUPERAntiSpyware 4.40.0.1006 2010.08.28 - Symantec 20101.1.1.7 2010.08.28 - TheHacker 6.5.2.1.357 2010.08.28 - TrendMicro 9.120.0.1004 2010.08.28 - TrendMicro-HouseCall 9.120.0.1004 2010.08.28 - VBA32 3.12.14.0 2010.08.27 - ViRobot 2010.8.28.4013 2010.08.28 - VirusBuster 5.0.27.0 2010.08.28 - Additional information Show all MD5 : f01397c3d9de3c4035c7cc07b5c0d4bb SHA1 : 5b082e506ae1df4da7cb88620e97c6459ea3984c SHA256: 98663e86d3aed9ac5e3d1915538c09f7be7ccab8831766088d0fb0a6d2181639 mehr steht dort nicht... |
|
28.08.2010, 23:12
| #10 |
| | Malware, Trojaner? Hi, Fix für OTL:
Code:
ATTFilter :OTL
O4 - HKLM..\Run: [WARN POP TRUST LIES] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Camp Mess Warn Pop\README WAIT.exe File not found
O4 - HKCU..\Run: [Bike Store] C:\DOKUME~1\LUKASL~1\ANWEND~1\HECKOO~1\BluePeak.exe File not found
O4 - HKCU..\Run: [XBV6RD5SZF] C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Temp\Bvc.exe (OpenSC Project)
[2010.08.28 23:00:45 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\WINDOWS\Bxebya.exe
[2010.08.28 23:48:17 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.08.28 23:40:02 | 000,000,292 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.08.28 23:00:00 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\AF1787DF91B43833.job
:Commands
[emptytemp]
[Reboot]
chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) Geändert von Chris4You (29.08.2010 um 00:08 Uhr) |
|
28.08.2010, 23:27
| #11 |
| | Malware, Trojaner? Also ich hab das jetzt durchgeführt allerdings musste ich den pc 5-mal neu starten bis ich auf meinem Bildschirm was anderes sehe als blau (weiß nicht ob das normal ist) und All processes killed Error: Unable to interpret <O4 - HKLM..\Run: [WARN POP TRUST LIES] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Camp Mess Warn Pop\README WAIT.exe File not found> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [Bike Store] C:\DOKUME~1\LUKASL~1\ANWEND~1\HECKOO~1\BluePeak.exe File not found> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [XBV6RD5SZF] C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Temp\Bvc.exe (OpenSC Project)> in the current context! Error: Unable to interpret <[2010.08.28 23:00:45 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\WINDOWS\Bxebya.exe> in the current context! Error: Unable to interpret <[2010.08.28 23:48:17 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job> in the current context! Error: Unable to interpret <[2010.08.28 23:42:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe> in the current context! Error: Unable to interpret <[2010.08.28 23:40:02 | 000,000,292 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job> in the current context! Error: Unable to interpret <[2010.08.28 23:00:00 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\AF1787DF91B43833.job> in the current context! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 49152 bytes ->Temporary Internet Files folder emptied: 49554 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Lukas L ->Temp folder emptied: 1206265447 bytes ->Temporary Internet Files folder emptied: 84497205 bytes ->Java cache emptied: 76197012 bytes ->FireFox cache emptied: 88739854 bytes ->Flash cache emptied: 90664 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 593589 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1138908 bytes %systemroot%\System32 .tmp files removed: 3690375 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 41515152 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.433,00 mb OTL by OldTimer - Version 3.2.11.0 log created on 08292010_001407 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
28.08.2010, 23:29
| #12 |
| | Malware, Trojaner? ich hab das jetzt gemacht (und musste den Pc 5-mal neustarten bis ich wieder was anderes als blau gesehen habe...) und der bericht All processes killed Error: Unable to interpret <O4 - HKLM..\Run: [WARN POP TRUST LIES] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Camp Mess Warn Pop\README WAIT.exe File not found> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [Bike Store] C:\DOKUME~1\LUKASL~1\ANWEND~1\HECKOO~1\BluePeak.exe File not found> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [XBV6RD5SZF] C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Temp\Bvc.exe (OpenSC Project)> in the current context! Error: Unable to interpret <[2010.08.28 23:00:45 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\WINDOWS\Bxebya.exe> in the current context! Error: Unable to interpret <[2010.08.28 23:48:17 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job> in the current context! Error: Unable to interpret <[2010.08.28 23:42:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe> in the current context! Error: Unable to interpret <[2010.08.28 23:40:02 | 000,000,292 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job> in the current context! Error: Unable to interpret <[2010.08.28 23:00:00 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\AF1787DF91B43833.job> in the current context! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 49152 bytes ->Temporary Internet Files folder emptied: 49554 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Lukas L ->Temp folder emptied: 1206265447 bytes ->Temporary Internet Files folder emptied: 84497205 bytes ->Java cache emptied: 76197012 bytes ->FireFox cache emptied: 88739854 bytes ->Flash cache emptied: 90664 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 593589 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1138908 bytes %systemroot%\System32 .tmp files removed: 3690375 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 41515152 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.433,00 mb OTL by OldTimer - Version 3.2.11.0 log created on 08292010_001407 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
28.08.2010, 23:40
| #13 |
| | Malware, Trojaner? Hi, nein ist nicht normal.... Hast du das :OTL mitkopiert? was macht der rechner? bitte ein neues otl-log... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) Geändert von Chris4You (28.08.2010 um 23:53 Uhr) |
|
28.08.2010, 23:45
| #14 |
| | Malware, Trojaner? Erstens sorry fürs 2-mal posten, hab noch nicht herausgefunden wie mans löscht und :OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.08.2010 00:41:53 - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Lukas L\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 578,00 Mb Available Physical Memory | 56,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19,53 Gb Total Space | 2,53 Gb Free Space | 12,96% Space Free | Partition Type: NTFS Drive D: | 29,29 Gb Total Space | 14,36 Gb Free Space | 49,01% Space Free | Partition Type: NTFS Drive E: | 54,99 Gb Total Space | 22,03 Gb Free Space | 40,07% Space Free | Partition Type: NTFS Drive F: | 47,39 Gb Total Space | 45,77 Gb Free Space | 96,57% Space Free | Partition Type: NTFS Unable to calculate disk information. H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LUKASL Current User Name: Lukas L Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox 3.6 Beta 4\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox 3.6 Beta 4\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe () PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\system32\UAService.exe () PRC - C:\WINDOWS\system32\UAService7.exe (Sony DADC Austria AG.) PRC - C:\Programme\Browser MOUSE\mouse32a.exe () PRC - C:\Programme\Muiltmedia keyboard Utility\1.3\KBDAP32A.EXE () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe () PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe (hablamax) PRC - C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies) PRC - C:\Programme\MSI\LAN Utility\DiagAP8169.exe () PRC - C:\Programme\Pinnacle\Studio PCTV\bin\Vision.exe (Pinnacle Systems) PRC - C:\Programme\Pinnacle\Shared Files\Filter\server.exe (Pinnacle Systems) PRC - C:\Programme\Pinnacle\Shared Files\Filter\VBI_Server2.exe (PRIVAT) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\quartz.dll (Microsoft Corporation) MOD - C:\Programme\Browser MOUSE\mouDL32A.dll () MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (gusvc) -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File not found SRV - (gupdate) Google Update Service (gupdate) -- C:\Programme\Google\Update\GoogleUpdate.exe File not found SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (UserAccess) -- C:\WINDOWS\system32\UAService.exe () SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\WINDOWS\system32\UAService7.exe (Sony DADC Austria AG.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AdminSVCff) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe (hablamax) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (XDva332) -- C:\WINDOWS\System32\XDva332.sys File not found DRV - (XDva306) -- C:\WINDOWS\System32\XDva306.sys File not found DRV - (sony_ssm.sys) -- C:\DOKUME~1\LUKASL~1\LOKALE~1\Temp\sony_ssm.sys File not found DRV - (HWIONT) -- C:\Programme\MoreTV.353\HWIONT.sys File not found DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found DRV - (cportclm) -- C:\DOKUME~1\LUKASL~1\LOKALE~1\Temp\cportclm.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC) DRV - (SSHDRV82) -- C:\WINDOWS\system32\drivers\SSHDRV82.sys () DRV - (litsgt) -- C:\WINDOWS\system32\drivers\litsgt.sys () DRV - (tansgt) -- C:\WINDOWS\system32\drivers\tansgt.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (LANPkt) -- C:\WINDOWS\system32\drivers\LANPkt.sys (Windows (R) 2000 DDK provider) DRV - (Diag69xp) -- C:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation) DRV - (nvnforce) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation) DRV - (nvax) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation) DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation) DRV - (SjyPkt) -- C:\WINDOWS\system32\drivers\SjyPkt.sys (Windows (R) 2000 DDK provider) DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (pctvNT) -- C:\WINDOWS\system32\drivers\pctvw2k.sys (Pinnacle Systems) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Plus! IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.3 FF - prefs.js..extensions.enabledItems: beamgeraet@web.de:4.11.0.5 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.14 23:07:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.14 23:07:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Programme\Mozilla Firefox 3.6 Beta 4\components [2010.08.27 20:54:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Programme\Mozilla Firefox 3.6 Beta 4\plugins [2010.08.27 20:54:07 | 000,000,000 | ---D | M] [2009.10.07 19:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Extensions [2009.10.07 19:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org [2010.08.28 22:59:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions [2010.04.27 20:52:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.20 14:30:48 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010.04.27 20:52:18 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.04.27 20:52:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\beamgeraet@web.de [2010.04.27 20:52:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\youtube2mp3@mondayx.de [2010.01.24 20:25:10 | 000,001,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\searchplugins\ask.uk.xml [2009.12.15 17:34:17 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.03.25 12:42:28 | 000,114,688 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2009.07.31 00:59:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.07.31 00:59:14 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.07.31 00:59:14 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.10.02 21:24:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.07.31 00:59:14 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll File not found O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DiagAP8169] C:\Programme\MSI\LAN Utility\DiagAP8169.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FLMK08KB] C:\Programme\Muiltmedia keyboard Utility\1.3\KBDAP32A.EXE () O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe () O4 - HKLM..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WARN POP TRUST LIES] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Camp Mess Warn Pop\README WAIT.exe File not found O4 - HKCU..\Run: [Bike Store] C:\DOKUME~1\LUKASL~1\ANWEND~1\HECKOO~1\BluePeak.exe File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Wireless Configuration Utility HW.15.lnk = C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe () O4 - Startup: C:\Dokumente und Einstellungen\Lukas L\Startmenü\Programme\Autostart\LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKCU\..Trusted Domains: ([]msn in Arbeitsplatz) O15 - HKCU\..Trusted Domains: localhost ([]* in Lokales Intranet) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.08.13 16:42:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.08.14 08:49:42 | 000,000,000 | ---D | M] - E:\Autorun -- [ NTFS ] O33 - MountPoints2\{660ef0f4-881f-11de-9070-0018e74c9d88}\Shell - "" = AutoRun O33 - MountPoints2\{660ef0f4-881f-11de-9070-0018e74c9d88}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{660ef0f4-881f-11de-9070-0018e74c9d88}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.29 00:14:07 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.28 23:44:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Malwarebytes [2010.08.28 23:43:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.28 23:43:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.28 23:43:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.28 23:43:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.28 23:42:30 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\mbam-setup.exe [2010.08.28 23:41:58 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe [2010.08.28 23:34:43 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.08.28 23:00:45 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\WINDOWS\Bxebya.exe [2010.08.15 00:05:38 | 000,000,000 | ---D | C] -- C:\Programme\Carambis [2010.08.14 23:09:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lukas L\Eigene Dateien\BattleForge [2010.08.14 23:06:54 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.08.14 23:06:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer [2010.08.14 23:05:03 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple [2010.08.10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [2010.08.08 21:09:01 | 000,000,000 | ---D | C] -- C:\Programme\DuckLife_at [2010.08.01 11:35:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.08.01 11:35:02 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.08.01 11:34:17 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.01 11:34:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.01 11:34:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.01 11:34:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.07.30 20:29:09 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe ========== Files - Modified Within 30 Days ========== [2010.08.29 00:23:59 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.08.29 00:23:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.29 00:23:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.29 00:22:33 | 004,194,304 | -H-- | M] () -- C:\Dokumente und Einstellungen\Lukas L\NTUSER.DAT [2010.08.29 00:15:13 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Lukas L\ntuser.ini [2010.08.29 00:10:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.08.29 00:00:00 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\AF1787DF91B43833.job [2010.08.28 23:43:44 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.28 23:42:43 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\mbam-setup.exe [2010.08.28 23:42:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe [2010.08.28 23:34:43 | 000,001,988 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.lnk [2010.08.28 23:34:21 | 001,402,880 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.msi [2010.08.28 23:00:37 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\WINDOWS\Bxebya.exe [2010.08.28 21:15:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.26 13:16:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.08.25 15:26:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.08.24 17:30:12 | 000,203,867 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Eigene Dateien\ts3_clientui-win32-11315-2010-08-24 17_30_07.515625.dmp [2010.08.23 19:28:10 | 070,017,677 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\sd_icc_lichking_10n.flv [2010.08.15 00:06:48 | 000,001,012 | ---- | M] () -- C:\WINDOWS\ATICIM.INI [2010.08.15 00:04:46 | 049,877,904 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\6-12_xp_dd_ccc_wdm_enu_38463.zip [2010.08.14 23:07:14 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.08.14 23:01:49 | 000,001,440 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BattleForge™.lnk [2010.08.14 22:13:49 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\Verknüpfung mit Papierkorb.lnk [2010.08.12 22:59:26 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.12 00:18:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.12 00:16:21 | 001,032,092 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.12 00:16:21 | 000,461,986 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.12 00:16:21 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.12 00:16:21 | 000,085,328 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.12 00:16:21 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [2010.08.10 00:05:00 | 004,286,722 | -H-- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.08.08 21:19:18 | 000,001,514 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\DuckLife.lnk [2010.07.31 11:06:35 | 000,010,283 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\Neu Microsoft Office Word-Dokument.docx ========== Files Created - No Company Name ========== [2010.08.28 23:43:44 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.28 23:34:43 | 000,001,988 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.lnk [2010.08.28 23:34:21 | 001,402,880 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.msi [2010.08.24 17:30:07 | 000,203,867 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Eigene Dateien\ts3_clientui-win32-11315-2010-08-24 17_30_07.515625.dmp [2010.08.23 19:14:13 | 070,017,677 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\sd_icc_lichking_10n.flv [2010.08.15 00:06:48 | 000,001,012 | ---- | C] () -- C:\WINDOWS\ATICIM.INI [2010.08.15 00:01:58 | 049,877,904 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\6-12_xp_dd_ccc_wdm_enu_38463.zip [2010.08.14 23:07:14 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.08.14 23:01:49 | 000,001,440 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BattleForge™.lnk [2010.08.14 22:13:49 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\Verknüpfung mit Papierkorb.lnk [2010.08.08 21:19:18 | 000,001,514 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\DuckLife.lnk [2010.05.20 17:44:47 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\$_hpcst$.hpc [2010.04.02 15:51:56 | 000,000,510 | ---- | C] () -- C:\WINDOWS\PCTV.ini [2010.04.02 15:51:53 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL [2010.04.02 15:51:53 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL [2010.04.02 15:51:53 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL [2010.04.02 15:51:53 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL [2010.04.02 15:51:53 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL [2010.04.02 15:51:50 | 000,014,025 | ---- | C] () -- C:\WINDOWS\TWAINCAP.INI [2010.04.02 15:51:44 | 000,029,408 | ---- | C] () -- C:\WINDOWS\System32\Mcipctv.dll [2010.04.02 14:40:13 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2010.04.02 14:40:06 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2010.03.09 18:27:46 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.22 08:44:46 | 000,076,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV82.sys [2009.10.22 08:44:09 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.09.26 12:42:13 | 000,000,109 | ---- | C] () -- C:\WINDOWS\disney.ini [2009.09.26 11:23:34 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2009.09.26 11:23:34 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2009.09.26 11:23:34 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2009.09.26 00:21:54 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2009.09.17 16:09:30 | 000,000,177 | ---- | C] () -- C:\WINDOWS\game.ini [2009.09.13 13:10:38 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009.08.24 11:05:58 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.08.14 09:02:47 | 000,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\litsgt.sys [2009.08.14 09:02:47 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\tansgt.sys [2009.08.13 19:54:25 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll [2007.01.12 17:48:16 | 000,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll [2007.01.05 23:23:06 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2007.01.05 23:23:06 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2007.01.05 23:23:04 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2007.01.05 23:23:04 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2001.08.23 14:00:00 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.08.2010 00:41:53 - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Lukas L\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 578,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19,53 Gb Total Space | 2,53 Gb Free Space | 12,96% Space Free | Partition Type: NTFS
Drive D: | 29,29 Gb Total Space | 14,36 Gb Free Space | 49,01% Space Free | Partition Type: NTFS
Drive E: | 54,99 Gb Total Space | 22,03 Gb Free Space | 40,07% Space Free | Partition Type: NTFS
Drive F: | 47,39 Gb Total Space | 45,77 Gb Free Space | 96,57% Space Free | Partition Type: NTFS
Unable to calculate disk information.
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LUKASL
Current User Name: Lukas L
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox 3.6 Beta 4\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"57764:TCP" = 57764:TCP:*:Enabled:Pando Media Booster
"57764:UDP" = 57764:UDP:*:Enabled:Pando Media Booster
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"56897:TCP" = 56897:TCP:*:Enabled:Pando Media Booster
"56897:UDP" = 56897:UDP:*:Enabled:Pando Media Booster
"1890:TCP" = 1890:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe:*:Enabled:GMX Update -- (AccSys GmbH)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"D:\Spiele\DoW\W40k.exe" = D:\Spiele\DoW\W40k.exe:*:Enabled:W40k -- (THQ Canada Inc.)
"D:\Spiele\TQIT\Tqit.exe" = D:\Spiele\TQIT\Tqit.exe:*:Enabled:Tqit -- ()
"D:\Spiele\HdRDSuM2\game.dat" = D:\Spiele\HdRDSuM2\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II -- File not found
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"F:\Spiele\SMC4\Civilization4.exe" = F:\Spiele\SMC4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"E:\World of Warcraft\Launcher.exe" = E:\World of Warcraft\Launcher.exe:*:Enabled:Launcher -- (Blizzard Entertainment)
"E:\S4League\patcher_s4.exe" = E:\S4League\patcher_s4.exe:*:Enabled:S4League -- File not found
"E:\S4League\HShield\HSUpdate.exe" = E:\S4League\HShield\HSUpdate.exe:*:Enabled:HSUpdate -- File not found
"E:\S4League\HShield\hslogmgr.exe" = E:\S4League\HShield\hslogmgr.exe:*:Enabled:hslogmgr -- File not found
"E:\S4League\HShield\ahnrpt.exe" = E:\S4League\HShield\ahnrpt.exe:*:Enabled:ahnrpt -- File not found
"E:\S4League\S4Client.exe" = E:\S4League\S4Client.exe:*:Enabled:S4Client -- File not found
"E:\League of Legends\Air\LolClient.exe" = E:\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- File not found
"E:\League of Legends\Game\League of Legends.exe" = E:\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- File not found
"C:\Dokumente und Einstellungen\Lukas L\Desktop\FOGDownloader-RoM_2_1_0_1871.exe" = C:\Dokumente und Einstellungen\Lukas L\Desktop\FOGDownloader-RoM_2_1_0_1871.exe:*:Enabled:YuLeech -- File not found
"C:\Programme\Sony Ericsson\Update Service\Update Service.exe" = C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Programme\BitLord\BitLord.exe" = C:\Programme\BitLord\BitLord.exe:*:Enabled:BitLord -- (BitLord - The Ultimate Torrent Downloader)
"E:\Age of Empires 2\age2_x1.exe" = E:\Age of Empires 2\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"E:\BattleForge\Bootstrapper.exe" = E:\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher -- (EA Phenomic)
"E:\BattleForge\BattleForge.exe" = E:\BattleForge\BattleForge.exe:*:Enabled:BattleForge™ -- (EA Phenomic)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{11BBAE1C-27AE-4ABA-A54C-9FFE3844CCEC}" = GMX Firefox Paket
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater
"{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}" = MorphVOX Pro
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{8BAD4440-26D7-4A40-B844-066D2AF3550C}" = Two Worlds
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU
"{E2BE1618-AF5F-4F7D-8484-42E080EDF609}" = AGEIA PhysX v7.01.12
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = 802.11g Wireless Adapter HW.15 V.1.00
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15BACA-8F2E-421C-A214-F9065EA15A92}" = LAN Utility
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitLord" = BitLord 1.1
"Browser MOUSE" = Browser MOUSE
"DivX Setup.divx.com" = DivX-Setup
"DuckLife_is1" = DuckLife
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.02.026
"GMX Firefox Browser Update" = GMX Firefox Browser Update
"Google Updater" = Google Updater
"Ideal DVD to iPod Converter_is1" = Ideal DVD to iPod Converter V2.5.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = 802.11g Wireless Adapter HW.15 V.1.00
"LimeWire" = LimeWire 5.5.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"miroMEDIA_PCTV_Tools" = Studio PCTV
"miroVIDEO PCTV" = Studio PCTV
"MoreTV" = MoreTV 3.53
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Muiltmedia keyboard Utility 1.3" = Muiltmedia keyboard Utility 1.3
"Mumble" = Mumble and Murmur
"NVIDIAnForce" = NVIDIA Windows 2000/XP nForce Drivers
"PhotoScape" = PhotoScape
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Update Service" = Update Service
"VLC media player" = VLC media player 1.0.3
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.08.2010 12:13:17 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
Error - 23.08.2010 12:13:39 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason
is: A connection with the server could not be established .
Error - 23.08.2010 12:13:39 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: Loading of the WSDL file failed.
Error - 23.08.2010 12:13:39 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
Error - 23.08.2010 12:14:00 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason
is: A connection with the server could not be established .
Error - 23.08.2010 12:14:00 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: Loading of the WSDL file failed.
Error - 23.08.2010 12:14:00 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
Error - 23.08.2010 16:44:59 | Computer Name = LUKASL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung wlmail.exe, Version 14.0.8089.726, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 24.08.2010 06:04:12 | Computer Name = LUKASL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3814,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.
Error - 24.08.2010 12:18:49 | Computer Name = LUKASL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ts3client_win32.exe, Version 1.0.0.0, fehlgeschlagenes
Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x00036fa3.
[ System Events ]
Error - 28.08.2010 18:14:08 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7034
Description = Dienst "GMX Firefox Update" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 28.08.2010 18:14:08 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 28.08.2010 18:14:08 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7034
Description = Dienst "SecuROM User Access Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 28.08.2010 18:14:08 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7034
Description = Dienst "SecuROM User Access Service (V7)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 28.08.2010 18:16:32 | Computer Name = LUKASL | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 28.08.2010 18:16:43 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 28.08.2010 18:16:50 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
nv_agp PCIIde ViaIde
Error - 28.08.2010 18:18:23 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 28.08.2010 18:20:33 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 28.08.2010 18:24:01 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
< End of report >
|
|
28.08.2010, 23:46
| #15 |
| | Malware, Trojaner? Erstens sorry fürs 2-mal posten, hab noch nicht herausgefunden wie mans löscht und :OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.08.2010 00:41:53 - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Lukas L\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 578,00 Mb Available Physical Memory | 56,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19,53 Gb Total Space | 2,53 Gb Free Space | 12,96% Space Free | Partition Type: NTFS Drive D: | 29,29 Gb Total Space | 14,36 Gb Free Space | 49,01% Space Free | Partition Type: NTFS Drive E: | 54,99 Gb Total Space | 22,03 Gb Free Space | 40,07% Space Free | Partition Type: NTFS Drive F: | 47,39 Gb Total Space | 45,77 Gb Free Space | 96,57% Space Free | Partition Type: NTFS Unable to calculate disk information. H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LUKASL Current User Name: Lukas L Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox 3.6 Beta 4\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox 3.6 Beta 4\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe () PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\system32\UAService.exe () PRC - C:\WINDOWS\system32\UAService7.exe (Sony DADC Austria AG.) PRC - C:\Programme\Browser MOUSE\mouse32a.exe () PRC - C:\Programme\Muiltmedia keyboard Utility\1.3\KBDAP32A.EXE () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe () PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe (hablamax) PRC - C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies) PRC - C:\Programme\MSI\LAN Utility\DiagAP8169.exe () PRC - C:\Programme\Pinnacle\Studio PCTV\bin\Vision.exe (Pinnacle Systems) PRC - C:\Programme\Pinnacle\Shared Files\Filter\server.exe (Pinnacle Systems) PRC - C:\Programme\Pinnacle\Shared Files\Filter\VBI_Server2.exe (PRIVAT) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\quartz.dll (Microsoft Corporation) MOD - C:\Programme\Browser MOUSE\mouDL32A.dll () MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (gusvc) -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File not found SRV - (gupdate) Google Update Service (gupdate) -- C:\Programme\Google\Update\GoogleUpdate.exe File not found SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (UserAccess) -- C:\WINDOWS\system32\UAService.exe () SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\WINDOWS\system32\UAService7.exe (Sony DADC Austria AG.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AdminSVCff) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe (hablamax) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (XDva332) -- C:\WINDOWS\System32\XDva332.sys File not found DRV - (XDva306) -- C:\WINDOWS\System32\XDva306.sys File not found DRV - (sony_ssm.sys) -- C:\DOKUME~1\LUKASL~1\LOKALE~1\Temp\sony_ssm.sys File not found DRV - (HWIONT) -- C:\Programme\MoreTV.353\HWIONT.sys File not found DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found DRV - (cportclm) -- C:\DOKUME~1\LUKASL~1\LOKALE~1\Temp\cportclm.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC) DRV - (SSHDRV82) -- C:\WINDOWS\system32\drivers\SSHDRV82.sys () DRV - (litsgt) -- C:\WINDOWS\system32\drivers\litsgt.sys () DRV - (tansgt) -- C:\WINDOWS\system32\drivers\tansgt.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (LANPkt) -- C:\WINDOWS\system32\drivers\LANPkt.sys (Windows (R) 2000 DDK provider) DRV - (Diag69xp) -- C:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation) DRV - (nvnforce) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation) DRV - (nvax) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation) DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation) DRV - (SjyPkt) -- C:\WINDOWS\system32\drivers\SjyPkt.sys (Windows (R) 2000 DDK provider) DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (pctvNT) -- C:\WINDOWS\system32\drivers\pctvw2k.sys (Pinnacle Systems) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Plus! IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.3 FF - prefs.js..extensions.enabledItems: beamgeraet@web.de:4.11.0.5 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.14 23:07:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.14 23:07:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Programme\Mozilla Firefox 3.6 Beta 4\components [2010.08.27 20:54:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Programme\Mozilla Firefox 3.6 Beta 4\plugins [2010.08.27 20:54:07 | 000,000,000 | ---D | M] [2009.10.07 19:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Extensions [2009.10.07 19:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org [2010.08.28 22:59:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions [2010.04.27 20:52:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.20 14:30:48 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010.04.27 20:52:18 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.04.27 20:52:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\beamgeraet@web.de [2010.04.27 20:52:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\extensions\youtube2mp3@mondayx.de [2010.01.24 20:25:10 | 000,001,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Mozilla\Firefox\Profiles\q79mzi9o.default\searchplugins\ask.uk.xml [2009.12.15 17:34:17 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.03.25 12:42:28 | 000,114,688 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2009.07.31 00:59:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.07.31 00:59:14 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.07.31 00:59:14 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.10.02 21:24:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.07.31 00:59:14 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll File not found O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DiagAP8169] C:\Programme\MSI\LAN Utility\DiagAP8169.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FLMK08KB] C:\Programme\Muiltmedia keyboard Utility\1.3\KBDAP32A.EXE () O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe () O4 - HKLM..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WARN POP TRUST LIES] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Camp Mess Warn Pop\README WAIT.exe File not found O4 - HKCU..\Run: [Bike Store] C:\DOKUME~1\LUKASL~1\ANWEND~1\HECKOO~1\BluePeak.exe File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Wireless Configuration Utility HW.15.lnk = C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe () O4 - Startup: C:\Dokumente und Einstellungen\Lukas L\Startmenü\Programme\Autostart\LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKCU\..Trusted Domains: ([]msn in Arbeitsplatz) O15 - HKCU\..Trusted Domains: localhost ([]* in Lokales Intranet) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.08.13 16:42:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.08.14 08:49:42 | 000,000,000 | ---D | M] - E:\Autorun -- [ NTFS ] O33 - MountPoints2\{660ef0f4-881f-11de-9070-0018e74c9d88}\Shell - "" = AutoRun O33 - MountPoints2\{660ef0f4-881f-11de-9070-0018e74c9d88}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{660ef0f4-881f-11de-9070-0018e74c9d88}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.29 00:14:07 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.28 23:44:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\Malwarebytes [2010.08.28 23:43:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.28 23:43:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.28 23:43:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.28 23:43:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.28 23:42:30 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\mbam-setup.exe [2010.08.28 23:41:58 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe [2010.08.28 23:34:43 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.08.28 23:00:45 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\WINDOWS\Bxebya.exe [2010.08.15 00:05:38 | 000,000,000 | ---D | C] -- C:\Programme\Carambis [2010.08.14 23:09:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lukas L\Eigene Dateien\BattleForge [2010.08.14 23:06:54 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.08.14 23:06:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer [2010.08.14 23:05:03 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple [2010.08.10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [2010.08.08 21:09:01 | 000,000,000 | ---D | C] -- C:\Programme\DuckLife_at [2010.08.01 11:35:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.08.01 11:35:02 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.08.01 11:34:17 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.01 11:34:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.01 11:34:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.01 11:34:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.07.30 20:29:09 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe ========== Files - Modified Within 30 Days ========== [2010.08.29 00:23:59 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.08.29 00:23:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.29 00:23:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.29 00:22:33 | 004,194,304 | -H-- | M] () -- C:\Dokumente und Einstellungen\Lukas L\NTUSER.DAT [2010.08.29 00:15:13 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Lukas L\ntuser.ini [2010.08.29 00:10:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.08.29 00:00:00 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\AF1787DF91B43833.job [2010.08.28 23:43:44 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.28 23:42:43 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\mbam-setup.exe [2010.08.28 23:42:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lukas L\Desktop\OTL.exe [2010.08.28 23:34:43 | 000,001,988 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.lnk [2010.08.28 23:34:21 | 001,402,880 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.msi [2010.08.28 23:00:37 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\WINDOWS\Bxebya.exe [2010.08.28 21:15:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.26 13:16:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.08.25 15:26:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.08.24 17:30:12 | 000,203,867 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Eigene Dateien\ts3_clientui-win32-11315-2010-08-24 17_30_07.515625.dmp [2010.08.23 19:28:10 | 070,017,677 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\sd_icc_lichking_10n.flv [2010.08.15 00:06:48 | 000,001,012 | ---- | M] () -- C:\WINDOWS\ATICIM.INI [2010.08.15 00:04:46 | 049,877,904 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\6-12_xp_dd_ccc_wdm_enu_38463.zip [2010.08.14 23:07:14 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.08.14 23:01:49 | 000,001,440 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BattleForge™.lnk [2010.08.14 22:13:49 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\Verknüpfung mit Papierkorb.lnk [2010.08.12 22:59:26 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.12 00:18:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.12 00:16:21 | 001,032,092 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.12 00:16:21 | 000,461,986 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.12 00:16:21 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.12 00:16:21 | 000,085,328 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.12 00:16:21 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [2010.08.10 00:05:00 | 004,286,722 | -H-- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.08.08 21:19:18 | 000,001,514 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\DuckLife.lnk [2010.07.31 11:06:35 | 000,010,283 | ---- | M] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\Neu Microsoft Office Word-Dokument.docx ========== Files Created - No Company Name ========== [2010.08.28 23:43:44 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.28 23:34:43 | 000,001,988 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.lnk [2010.08.28 23:34:21 | 001,402,880 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\HiJackThis.msi [2010.08.24 17:30:07 | 000,203,867 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Eigene Dateien\ts3_clientui-win32-11315-2010-08-24 17_30_07.515625.dmp [2010.08.23 19:14:13 | 070,017,677 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\sd_icc_lichking_10n.flv [2010.08.15 00:06:48 | 000,001,012 | ---- | C] () -- C:\WINDOWS\ATICIM.INI [2010.08.15 00:01:58 | 049,877,904 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\6-12_xp_dd_ccc_wdm_enu_38463.zip [2010.08.14 23:07:14 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.08.14 23:01:49 | 000,001,440 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BattleForge™.lnk [2010.08.14 22:13:49 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\Verknüpfung mit Papierkorb.lnk [2010.08.08 21:19:18 | 000,001,514 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Desktop\DuckLife.lnk [2010.05.20 17:44:47 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Anwendungsdaten\$_hpcst$.hpc [2010.04.02 15:51:56 | 000,000,510 | ---- | C] () -- C:\WINDOWS\PCTV.ini [2010.04.02 15:51:53 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL [2010.04.02 15:51:53 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL [2010.04.02 15:51:53 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL [2010.04.02 15:51:53 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL [2010.04.02 15:51:53 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL [2010.04.02 15:51:50 | 000,014,025 | ---- | C] () -- C:\WINDOWS\TWAINCAP.INI [2010.04.02 15:51:44 | 000,029,408 | ---- | C] () -- C:\WINDOWS\System32\Mcipctv.dll [2010.04.02 14:40:13 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2010.04.02 14:40:06 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2010.03.09 18:27:46 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.22 08:44:46 | 000,076,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV82.sys [2009.10.22 08:44:09 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Lukas L\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.09.26 12:42:13 | 000,000,109 | ---- | C] () -- C:\WINDOWS\disney.ini [2009.09.26 11:23:34 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2009.09.26 11:23:34 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2009.09.26 11:23:34 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2009.09.26 00:21:54 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2009.09.17 16:09:30 | 000,000,177 | ---- | C] () -- C:\WINDOWS\game.ini [2009.09.13 13:10:38 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009.08.24 11:05:58 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.08.14 09:02:47 | 000,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\litsgt.sys [2009.08.14 09:02:47 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\tansgt.sys [2009.08.13 19:54:25 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll [2007.01.12 17:48:16 | 000,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll [2007.01.05 23:23:06 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2007.01.05 23:23:06 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2007.01.05 23:23:04 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2007.01.05 23:23:04 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2007.01.05 23:23:02 | 000,058,920 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2001.08.23 14:00:00 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.08.2010 00:41:53 - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Lukas L\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 578,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19,53 Gb Total Space | 2,53 Gb Free Space | 12,96% Space Free | Partition Type: NTFS
Drive D: | 29,29 Gb Total Space | 14,36 Gb Free Space | 49,01% Space Free | Partition Type: NTFS
Drive E: | 54,99 Gb Total Space | 22,03 Gb Free Space | 40,07% Space Free | Partition Type: NTFS
Drive F: | 47,39 Gb Total Space | 45,77 Gb Free Space | 96,57% Space Free | Partition Type: NTFS
Unable to calculate disk information.
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LUKASL
Current User Name: Lukas L
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox 3.6 Beta 4\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"57764:TCP" = 57764:TCP:*:Enabled:Pando Media Booster
"57764:UDP" = 57764:UDP:*:Enabled:Pando Media Booster
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"56897:TCP" = 56897:TCP:*:Enabled:Pando Media Booster
"56897:UDP" = 56897:UDP:*:Enabled:Pando Media Booster
"1890:TCP" = 1890:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe:*:Enabled:GMX Update -- (AccSys GmbH)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"D:\Spiele\DoW\W40k.exe" = D:\Spiele\DoW\W40k.exe:*:Enabled:W40k -- (THQ Canada Inc.)
"D:\Spiele\TQIT\Tqit.exe" = D:\Spiele\TQIT\Tqit.exe:*:Enabled:Tqit -- ()
"D:\Spiele\HdRDSuM2\game.dat" = D:\Spiele\HdRDSuM2\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II -- File not found
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"F:\Spiele\SMC4\Civilization4.exe" = F:\Spiele\SMC4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"E:\World of Warcraft\Launcher.exe" = E:\World of Warcraft\Launcher.exe:*:Enabled:Launcher -- (Blizzard Entertainment)
"E:\S4League\patcher_s4.exe" = E:\S4League\patcher_s4.exe:*:Enabled:S4League -- File not found
"E:\S4League\HShield\HSUpdate.exe" = E:\S4League\HShield\HSUpdate.exe:*:Enabled:HSUpdate -- File not found
"E:\S4League\HShield\hslogmgr.exe" = E:\S4League\HShield\hslogmgr.exe:*:Enabled:hslogmgr -- File not found
"E:\S4League\HShield\ahnrpt.exe" = E:\S4League\HShield\ahnrpt.exe:*:Enabled:ahnrpt -- File not found
"E:\S4League\S4Client.exe" = E:\S4League\S4Client.exe:*:Enabled:S4Client -- File not found
"E:\League of Legends\Air\LolClient.exe" = E:\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- File not found
"E:\League of Legends\Game\League of Legends.exe" = E:\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- File not found
"C:\Dokumente und Einstellungen\Lukas L\Desktop\FOGDownloader-RoM_2_1_0_1871.exe" = C:\Dokumente und Einstellungen\Lukas L\Desktop\FOGDownloader-RoM_2_1_0_1871.exe:*:Enabled:YuLeech -- File not found
"C:\Programme\Sony Ericsson\Update Service\Update Service.exe" = C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Programme\BitLord\BitLord.exe" = C:\Programme\BitLord\BitLord.exe:*:Enabled:BitLord -- (BitLord - The Ultimate Torrent Downloader)
"E:\Age of Empires 2\age2_x1.exe" = E:\Age of Empires 2\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"E:\BattleForge\Bootstrapper.exe" = E:\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher -- (EA Phenomic)
"E:\BattleForge\BattleForge.exe" = E:\BattleForge\BattleForge.exe:*:Enabled:BattleForge™ -- (EA Phenomic)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{11BBAE1C-27AE-4ABA-A54C-9FFE3844CCEC}" = GMX Firefox Paket
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater
"{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}" = MorphVOX Pro
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{8BAD4440-26D7-4A40-B844-066D2AF3550C}" = Two Worlds
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU
"{E2BE1618-AF5F-4F7D-8484-42E080EDF609}" = AGEIA PhysX v7.01.12
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = 802.11g Wireless Adapter HW.15 V.1.00
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15BACA-8F2E-421C-A214-F9065EA15A92}" = LAN Utility
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitLord" = BitLord 1.1
"Browser MOUSE" = Browser MOUSE
"DivX Setup.divx.com" = DivX-Setup
"DuckLife_is1" = DuckLife
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.02.026
"GMX Firefox Browser Update" = GMX Firefox Browser Update
"Google Updater" = Google Updater
"Ideal DVD to iPod Converter_is1" = Ideal DVD to iPod Converter V2.5.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = 802.11g Wireless Adapter HW.15 V.1.00
"LimeWire" = LimeWire 5.5.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"miroMEDIA_PCTV_Tools" = Studio PCTV
"miroVIDEO PCTV" = Studio PCTV
"MoreTV" = MoreTV 3.53
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Muiltmedia keyboard Utility 1.3" = Muiltmedia keyboard Utility 1.3
"Mumble" = Mumble and Murmur
"NVIDIAnForce" = NVIDIA Windows 2000/XP nForce Drivers
"PhotoScape" = PhotoScape
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Update Service" = Update Service
"VLC media player" = VLC media player 1.0.3
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.08.2010 12:13:17 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
Error - 23.08.2010 12:13:39 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason
is: A connection with the server could not be established .
Error - 23.08.2010 12:13:39 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: Loading of the WSDL file failed.
Error - 23.08.2010 12:13:39 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
Error - 23.08.2010 12:14:00 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason
is: A connection with the server could not be established .
Error - 23.08.2010 12:14:00 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: Loading of the WSDL file failed.
Error - 23.08.2010 12:14:00 | Computer Name = LUKASL | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
Error - 23.08.2010 16:44:59 | Computer Name = LUKASL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung wlmail.exe, Version 14.0.8089.726, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 24.08.2010 06:04:12 | Computer Name = LUKASL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3814,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.
Error - 24.08.2010 12:18:49 | Computer Name = LUKASL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ts3client_win32.exe, Version 1.0.0.0, fehlgeschlagenes
Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x00036fa3.
[ System Events ]
Error - 28.08.2010 18:14:08 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7034
Description = Dienst "GMX Firefox Update" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 28.08.2010 18:14:08 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 28.08.2010 18:14:08 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7034
Description = Dienst "SecuROM User Access Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 28.08.2010 18:14:08 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7034
Description = Dienst "SecuROM User Access Service (V7)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 28.08.2010 18:16:32 | Computer Name = LUKASL | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 28.08.2010 18:16:43 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 28.08.2010 18:16:50 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
nv_agp PCIIde ViaIde
Error - 28.08.2010 18:18:23 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 28.08.2010 18:20:33 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 28.08.2010 18:24:01 | Computer Name = LUKASL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
< End of report >
|
|
| Themen zu Malware, Trojaner? |
| adobe, antivir, antivir guard, avira, bho, browser, desktop, einstellungen, firefox, frage, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, limewire, malware, mozilla, pando media booster, plug-in, senden, software, studio, system, trojaner, trojaner?, windows, windows xp, wireless lan |
Linear-Darstellung
