|
Plagegeister aller Art und deren Bekämpfung: Norman Ad-Aware SE Profesional kann Trojaner nicht entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.10.2010, 17:23 | #1 |
| Norman Ad-Aware SE Profesional kann Trojaner nicht entfernen Hi Leute. Ich habe folgendes Problem. Ich wollte gestern das Programm Steam Updaten (falls ihr das programm nicht kennt das ist ein Programm wo spiele drüber laufen wie zum Beispiel Call of Duty Modern Warfare 2 usw.). Bei 99% hat mir Norman Ad-Aware gesagt: Norman Virus Control hat ein Trojanisches Pferd entdeckt, konnte es jedoch nicht entfernen. Datei: C:\Programme\Steam\GameOverlayRende...(mehr steht da nicht sorry) Trojanisches Pferd: W32/Malware.OHZZ Ich habe mehrmals Meine Virus Programm durchlaufen lassen und auch diverse dinge entfernt aber nie konnte man diesen Virus entfernen. Der Computer ist zur zeit Sehr Sehr langsam und ich kann kaum noch was machen mit dem Pc, und das in den Ferien . Ich hoffe ihr Könnt mir schnell helfen. Wäre echt super. Danke im Vorraus MFG |
13.10.2010, 17:43 | #2 |
/// Malware-holic | Norman Ad-Aware SE Profesional kann Trojaner nicht entfernen ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt Geändert von markusg (13.10.2010 um 18:40 Uhr) |
13.10.2010, 17:58 | #3 |
| Norman Ad-Aware SE Profesional kann Trojaner nicht entfernen Ähm. Ich danke dir das du dir so eine große mühe gemacht hast. Aber es tut mir leid. Ich habe zu 90% nicht kappiert was ich machen soll. Ich habe nicht besonders Ahnung von PCs. Ich kann ins Internet und spiele Spiele auf dem PC. Ist das denn wirklich alles nötig und einen Trojaner zu entfernen? Hoffe es gibt noch eine andere möglichkeit. Sonst muss ich mir einen Spezialisten suchen der mit mir die ganzen Punkte von dir durchgeht. Mfg
__________________ |
13.10.2010, 18:14 | #4 |
/// Malware-holic | Norman Ad-Aware SE Profesional kann Trojaner nicht entfernen ja klar gibts ne möglichkeit, formatieren... hast du dir das programm schon angesehen, dann kannst mir ja sagen wo du hängst. |
13.10.2010, 18:28 | #5 |
| Norman Ad-Aware SE Profesional kann Trojaner nicht entfernen Direkt am anfang. Was soll ich in die word datei reinposten? Weil du meinstest DIE aber es ist ja nur ein Virus. Und ich weiß nicht genau was du damit meinst |
13.10.2010, 18:40 | #6 |
/// Malware-holic | Norman Ad-Aware SE Profesional kann Trojaner nicht entfernen sorry schau mal, habs oben bearbeitet. |
13.10.2010, 18:44 | #7 |
| Norman Ad-Aware SE Profesional kann Trojaner nicht entfernen so wenn der fertig ist was mach ich dann? danke dir habs jetz hingekriegt^^ |
13.10.2010, 18:45 | #8 |
/// Malware-holic | Norman Ad-Aware SE Profesional kann Trojaner nicht entfernen na die beiden texte hier reinkopieren. du musst die evtl. aufteilen |
13.10.2010, 18:46 | #9 |
| Norman Ad-Aware SE Profesional kann Trojaner nicht entfernen okay mach ich |
13.10.2010, 19:03 | #10 |
| Norman Ad-Aware SE Profesional kann Trojaner nicht entfernen soll ich einfach den text hier rein kopieren oder wie soll ichs machen? |
13.10.2010, 19:14 | #11 |
| Norman Ad-Aware SE Profesional kann Trojaner nicht entfernen naja ich machs einfach mal hier der Extras.Txt - Editor:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.10.2010 19:45:26 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Dokumente und Einstellungen\jojo\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 209,00 Mb Available Physical Memory | 20,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 127,99 Gb Total Space | 42,19 Gb Free Space | 32,96% Space Free | Partition Type: NTFS Computer Name: HOME-5B7GXWKYIH | User Name: jojo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung "80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend) ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\World of Warcraft\WoW-3.2.0-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- () "C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- () "C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen -- (Microsoft Corporation) "C:\Programme\Vuze\Azureus.exe" = C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus -- File not found "C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- () "C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- () "C:\Programme\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" = C:\Programme\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade -- File not found "C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies) "C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Kopie von World of Warcraft\WoW-3.2.0-deDE-downloader.exe" = C:\Programme\Kopie von World of Warcraft\WoW-3.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Programme\Kopie von World of Warcraft\Launcher.exe" = C:\Programme\Kopie von World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "C:\Programme\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Programme\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- File not found "C:\Programme\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Programme\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- File not found "C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) "C:\Programme\Xfire\Xfire.exe" = C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.) "C:\Programme\World of Warcraft Public Test\Launcher.exe" = C:\Programme\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "C:\Programme\World of Warcraft Public Test\Launcher.patch.exe" = C:\Programme\World of Warcraft Public Test\Launcher.patch.exe:*:Enabled:Blizzard Launcher -- File not found "C:\Programme\Steam\SteamApps\common\medal of honor beta\MoHMPGame.exe" = C:\Programme\Steam\SteamApps\common\medal of honor beta\MoHMPGame.exe:*:Enabled:Medal of Honor Beta -- File not found "C:\Programme\Steam\SteamApps\common\medal of honor beta\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Programme\Steam\SteamApps\common\medal of honor beta\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Medal of Honor Beta -- File not found "C:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe" = C:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment) "C:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = C:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft) "C:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = C:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment) "C:\Programme\Ubisoft\Gearbox Software\BrothersInArms\System\bia.exe" = C:\Programme\Ubisoft\Gearbox Software\BrothersInArms\System\bia.exe:*:Enabled:Brothers In Arms: Road to Hill 30 -- (Gearbox Software) "C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1 "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations "{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update "{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK "{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config "{2466E904-7E48-4597-9321-722CF02930EB}" = 5600 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21 "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp "{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DECFC9F-2310-4C02-009A-B6758306EF00}" = FIFA 06 "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater "{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy "{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg "{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1 "{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch "{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder "{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{704C87B4-B089-4415-BCE0-CBE76172F104}" = Norman Virus Control "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder "{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext "{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver "{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone "{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2 "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm "{BE686891-3C56-4714-AFEF-341A7867BA80}" = Wireless Network Utility "{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help "{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2 "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "a-squared Free_is1" = a-squared Free 4.5 "BrothersInArms" = Brothers In Arms "Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "HP Document Viewer" = HP Document Viewer 5.3 "HP Imaging Device Functions" = HP Imaging Device Functions 5.3 "HP Photo & Imaging" = HP Image Zone 5.3 "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3 "HPExtendedCapabilities" = HP Extended Capabilities 5.3 "ICQToolbar" = ICQ Toolbar "ie8" = Windows Internet Explorer 8 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "Language pack for Ad-Aware SE 1.2" = Language pack for Ad-Aware SE 1.2 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Norman Ad-Aware SE Professional" = Norman Ad-Aware SE Professional "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "PunkBusterSvc" = PunkBuster Services "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Trust keyboard utility 1.0" = Trust keyboard utility 1.0 "Trust mouse utility 1.0" = Trust mouse utility 1.0 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.2 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "World of Warcraft" = World of Warcraft "World of Warcraft Public Test" = World of Warcraft Public Test "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xfire" = Xfire (remove only) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.10.2010 19:27:39 | Computer Name = HOME-5B7GXWKYIH | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/10/13 01:27:39] -------------------------------------------------------- Application: NVC Cats Claw Node address: 192.168.178.31 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'W32/Malware.OHZZ' Login information: User 'jojo' on host 'HOME-5B7GXWKYIH'. File infected: C:/Programme/Steam/GameOverlayRenderer.dll Virus repair error: Virus name: 'W32/Malware.OHZZ'. Repair failed. Error - 12.10.2010 19:42:21 | Computer Name = HOME-5B7GXWKYIH | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/10/13 01:42:21] -------------------------------------------------------- Application: NVC Cats Claw Node address: 192.168.178.31 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'W32/Malware.OHZZ' Login information: User 'jojo' on host 'HOME-5B7GXWKYIH'. File infected: C:/Programme/Steam/GameOverlayRenderer.dll Virus repair error: Virus name: 'W32/Malware.OHZZ'. Repair failed. Error - 12.10.2010 19:46:26 | Computer Name = HOME-5B7GXWKYIH | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/10/13 01:46:26] -------------------------------------------------------- Application: NVC Cats Claw Node address: 192.168.178.31 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'W32/Malware.OHZZ' Login information: User 'jojo' on host 'HOME-5B7GXWKYIH'. File infected: C:/Programme/Steam/GameOverlayRenderer.dll Virus repair error: Virus name: 'W32/Malware.OHZZ'. Repair failed. Error - 12.10.2010 19:47:40 | Computer Name = HOME-5B7GXWKYIH | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.5512, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 12.10.2010 19:48:01 | Computer Name = HOME-5B7GXWKYIH | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/10/13 01:48:01] -------------------------------------------------------- Application: NVC Cats Claw Node address: 192.168.178.31 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'W32/Malware.OHZZ' Login information: User 'jojo' on host 'HOME-5B7GXWKYIH'. File infected: C:/Programme/Steam/GameOverlayRenderer.dll Virus repair error: Virus name: 'W32/Malware.OHZZ'. Repair failed. Error - 12.10.2010 19:50:18 | Computer Name = HOME-5B7GXWKYIH | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/10/13 01:50:18] -------------------------------------------------------- Application: NVC Cats Claw Node address: 192.168.178.31 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'W32/Malware.OHZZ' Login information: User 'jojo' on host 'HOME-5B7GXWKYIH'. File infected: C:/Programme/Steam/GameOverlayRenderer.dll Virus repair error: Virus name: 'W32/Malware.OHZZ'. Repair failed. Error - 13.10.2010 12:03:51 | Computer Name = HOME-5B7GXWKYIH | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/10/13 18:03:51] -------------------------------------------------------- Application: NVC Cats Claw Node address: 192.168.178.31 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'W32/Malware.OHZZ' Login information: User 'jojo' on host 'HOME-5B7GXWKYIH'. File infected: C:/Programme/Steam/GameOverlayRenderer.dll Virus repair error: Virus name: 'W32/Malware.OHZZ'. Repair failed. Error - 13.10.2010 12:21:03 | Computer Name = HOME-5B7GXWKYIH | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/10/13 18:21:03] -------------------------------------------------------- Application: NVC Cats Claw Node address: 192.168.178.31 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'W32/Malware.OHZZ' Login information: User 'jojo' on host 'HOME-5B7GXWKYIH'. File infected: C:/Programme/Steam/GameOverlayRenderer.dll Virus repair error: Virus name: 'W32/Malware.OHZZ'. Repair failed. Error - 13.10.2010 13:39:52 | Computer Name = HOME-5B7GXWKYIH | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/10/13 19:39:52] -------------------------------------------------------- Application: NVC Cats Claw Node address: 127.0.0.1 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'W32/Malware.OHZZ' Login information: User 'jojo' on host 'HOME-5B7GXWKYIH'. File infected: C:/Programme/Steam/GameOverlayRenderer.dll Virus repair error: Virus name: 'W32/Malware.OHZZ'. Repair failed. Error - 13.10.2010 13:43:28 | Computer Name = HOME-5B7GXWKYIH | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/10/13 19:43:28] -------------------------------------------------------- Application: NVC Cats Claw Node address: 127.0.0.1 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'W32/Malware.OHZZ' Login information: User 'jojo' on host 'HOME-5B7GXWKYIH'. File infected: C:/Programme/Steam/GameOverlayRenderer.dll Virus repair error: Virus name: 'W32/Malware.OHZZ'. Repair failed. [ System Events ] Error - 13.10.2010 13:31:51 | Computer Name = HOME-5B7GXWKYIH | Source = Service Control Manager | ID = 7034 Description = Dienst "Norman ZANDA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 13.10.2010 13:31:51 | Computer Name = HOME-5B7GXWKYIH | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Emsisoft Anti-Malware 5.0 - Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Starten Sie den Dienst neu.. Error - 13.10.2010 13:31:51 | Computer Name = HOME-5B7GXWKYIH | Source = Service Control Manager | ID = 7034 Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 13.10.2010 13:31:53 | Computer Name = HOME-5B7GXWKYIH | Source = Service Control Manager | ID = 7034 Description = Dienst "ICQ Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 13.10.2010 13:31:53 | Computer Name = HOME-5B7GXWKYIH | Source = Service Control Manager | ID = 7034 Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 13.10.2010 13:31:53 | Computer Name = HOME-5B7GXWKYIH | Source = Service Control Manager | ID = 7034 Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 13.10.2010 13:31:53 | Computer Name = HOME-5B7GXWKYIH | Source = Service Control Manager | ID = 7034 Description = Dienst "Norman NJeeves" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 13.10.2010 13:32:02 | Computer Name = HOME-5B7GXWKYIH | Source = Service Control Manager | ID = 7034 Description = Dienst "Norman Virus Control Scheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 13.10.2010 13:32:02 | Computer Name = HOME-5B7GXWKYIH | Source = Service Control Manager | ID = 7034 Description = Dienst "Norman Virus Control on-access component" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 13.10.2010 13:37:18 | Computer Name = HOME-5B7GXWKYIH | Source = Service Control Manager | ID = 7000 Description = Der Dienst "PCASp50 NDIS Protocol Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > |
13.10.2010, 19:15 | #12 |
| Norman Ad-Aware SE Profesional kann Trojaner nicht entfernen so und hier die OTL.Txt - Editor datei:OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.10.2010 19:45:26 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Dokumente und Einstellungen\jojo\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 209,00 Mb Available Physical Memory | 20,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 127,99 Gb Total Space | 42,19 Gb Free Space | 32,96% Space Free | Partition Type: NTFS Computer Name: HOME-5B7GXWKYIH | User Name: jojo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\jojo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) PRC - C:\Programme\Uniblue\RegistryBooster\registrybooster.exe (Uniblue Systems Limited) PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited) PRC - C:\Programme\Xfire\Xfire.exe (Xfire Inc.) PRC - C:\Programme\Norman\Nse\Bin\Nsesvc.exe (Norman ASA) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Trust mouse utility\1.0\mouse32a.exe () PRC - C:\Programme\Trust keyboard utility\1.0\KBDAP32A.EXE () PRC - C:\Programme\Norman\Nvc\Bin\Nip.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\Njeeves.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\Zlh.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA) PRC - C:\Programme\Norman\Nvc\Bin\Nvcsched.exe (Norman ASA) PRC - C:\Programme\Norman\Nvc\Bin\CClaw.exe (Norman ASA) PRC - C:\Programme\Norman\Nvc\Bin\Nvcoas.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Wireless Network Utility\RtWLan.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Co.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\jojo\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Emsisoft Anti-Malware\a2hooks32.dll (Emsi Software GmbH) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Xfire\xfire_toucan_43094.dll (Xfire Inc.) MOD - C:\Programme\Trust mouse utility\1.0\MouseDll.dll () MOD - C:\Programme\Norman\Nvc\Bin\Niphk.dll (Norman ASA) MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) SRV - (nsesvc) -- C:\Programme\Norman\nse\bin\NSESVC.EXE (Norman ASA) SRV - (a2free) -- C:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Norman NJeeves) -- C:\Programme\Norman\Npm\Bin\Njeeves.exe (Norman ASA) SRV - (Norman ZANDA) -- C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA) SRV - (NVCScheduler) -- C:\Programme\Norman\Nvc\Bin\Nvcsched.exe (Norman ASA) SRV - (nvcoas) -- C:\Programme\Norman\Nvc\bin\nvcoas.exe (Norman ASA) SRV - (eLoggerSvc6) -- C:\Programme\Norman\Npm\Bin\Elogsvc.exe (Norman ASA) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (rt2870) -- C:\WINDOWS\System32\DRIVERS\rt2870.sys File not found DRV - (PCASp50) -- C:\WINDOWS\System32\Drivers\PCASp50.sys File not found DRV - (FXDrv32) -- E:\FXDrv32.sys File not found DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH) DRV - (a2injectiondriver) -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys (Emsi Software GmbH) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (a2util) -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH) DRV - (Ndiskio) -- C:\Programme\Norman\Nse\Bin\Ndiskio.sys (Norman ASA) DRV - (NvcMFlt) -- C:\WINDOWS\system32\drivers\nvcw32mf.sys (Norman ASA) DRV - (NGS) -- c:\Programme\Norman\Nvc\Bin\ngs.sys (Norman ASA) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc) DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation) DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1220945662-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1220945662-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-1220945662-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1220945662-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-1220945662-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKU\S-1-5-21-1220945662-1580436667-725345543-1003\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1220945662-1580436667-725345543-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-1220945662-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1220945662-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.04.07 19:39:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2010.04.20 11:22:53 | 000,000,000 | ---D | M] [2010.06.10 13:14:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Mozilla\Extensions [2010.06.10 13:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010.07.07 14:25:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Mozilla\Firefox\Profiles\mty9cdja.default\extensions [2010.07.07 14:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Mozilla\Firefox\Profiles\mty9cdja.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Mozilla\Firefox\Profiles\mty9cdja.default\searchplugins\icqplugin.xml O1 HOSTS File: ([2001.08.23 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKU\S-1-5-21-1220945662-1580436667-725345543-1003\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1220945662-1580436667-725345543-1003\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1220945662-1580436667-725345543-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [FLMTRUSTKB] C:\Programme\Trust keyboard utility\1.0\KBDAP32A.EXE () O4 - HKLM..\Run: [FLMTRUSTMOUSE] C:\Programme\Trust mouse utility\1.0\mouse32a.exe () O4 - HKLM..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [Norman ZANDA] C:\Programme\Norman\Npm\bin\ZLH.EXE (Norman ASA) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] File not found O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1220945662-1580436667-725345543-1003..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1220945662-1580436667-725345543-1003..\Run: [MSMSGS] C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1220945662-1580436667-725345543-1003..\Run: [Skype] C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKU\S-1-5-21-1220945662-1580436667-725345543-1003..\Run: [Steam] C:\Programme\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1220945662-1580436667-725345543-1003..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found O4 - HKU\S-1-5-21-1220945662-1580436667-725345543-1003..\Run: [UniblueRegistryBooster] C:\Programme\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Wireless Network Utility.lnk = C:\Programme\Wireless Network Utility\RtWLan.exe (Realtek Semiconductor Corp.) O4 - Startup: C:\Dokumente und Einstellungen\jojo\Startmenü\Programme\Autostart\Xfire.lnk = C:\Programme\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1220945662-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268562049671 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\jojo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\jojo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.03.14 12:14:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* CREATERESTOREPOINT Restore point Set: OTL Restore Point (66723124397211648) ========== Files/Folders - Created Within 30 Days ========== [2010.10.13 19:31:48 | 000,000,000 | ---D | C] -- C:\_OTL [2010.10.13 19:29:50 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jojo\Desktop\OTL.exe [2010.10.13 01:39:12 | 000,000,000 | ---D | C] -- C:\Programme\Steam [2010.10.12 22:01:16 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.10.12 22:01:13 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.10.12 21:59:58 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010.10.12 19:55:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\EurekaLog [2010.10.12 19:54:05 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue [2010.10.12 19:53:42 | 000,000,000 | ---D | C] -- C:\Programme\Emsisoft Anti-Malware [2010.10.12 19:53:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jojo\Eigene Dateien\Anti-Malware [2010.10.12 19:53:12 | 096,140,336 | ---- | C] (Emsi Software GmbH ) -- C:\Dokumente und Einstellungen\jojo\Eigene Dateien\a2AntiMalwareSetup.exe [2010.10.12 19:52:11 | 005,273,520 | ---- | C] (Uniblue Systems Ltd ) -- C:\Dokumente und Einstellungen\jojo\Eigene Dateien\registrybooster.exe [2010.10.12 19:43:09 | 000,000,000 | ---D | C] -- C:\Programme\a-squared Free [2010.10.12 19:43:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jojo\Eigene Dateien\a-squared Free [2010.10.12 19:36:31 | 086,402,920 | ---- | C] (Emsi Software GmbH ) -- C:\Dokumente und Einstellungen\jojo\Eigene Dateien\a2FreeSetup.exe [2010.10.12 18:40:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Gearbox Software [2010.10.12 18:31:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages [2010.10.12 18:31:09 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll [2010.10.12 18:31:09 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys [2010.10.12 18:31:09 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys [2010.10.12 18:31:09 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys [2010.10.12 18:31:09 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstdecod.dll [2010.10.12 18:31:09 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax [2010.10.12 18:31:09 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax [2010.10.12 18:31:09 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys [2010.10.12 18:31:09 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys [2010.10.12 18:31:09 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys [2010.10.12 18:31:09 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys [2010.10.12 18:31:09 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys [2010.10.12 18:31:09 | 000,010,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys [2010.10.12 18:31:08 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qedit.dll [2010.10.12 18:31:08 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qdvd.dll [2010.10.12 18:31:08 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qdv.dll [2010.10.12 18:31:08 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax [2010.10.12 18:31:08 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax [2010.10.12 18:31:08 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qcap.dll [2010.10.12 18:31:08 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax [2010.10.12 18:31:08 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax [2010.10.12 18:31:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qasf.dll [2010.10.12 18:31:08 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\devenum.dll [2010.10.12 18:31:08 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax [2010.10.12 18:31:08 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax [2010.10.12 18:31:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys [2010.10.12 18:31:08 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax [2010.10.12 18:31:08 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax [2010.10.12 18:31:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax [2010.10.12 18:31:08 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys [2010.10.12 18:31:08 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys [2010.10.12 18:31:08 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys [2010.10.12 18:31:07 | 001,201,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8.dll [2010.10.12 18:31:07 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiag.exe [2010.10.12 18:31:07 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput8.dll [2010.10.12 18:31:07 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll [2010.10.12 18:31:07 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.dll [2010.10.12 18:31:07 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmsynth.dll [2010.10.12 18:31:07 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmstyle.dll [2010.10.12 18:31:07 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmscript.dll [2010.10.12 18:31:07 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmcompos.dll [2010.10.12 18:31:07 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe [2010.10.12 18:31:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmloader.dll [2010.10.12 18:31:07 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmband.dll [2010.10.12 18:31:07 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dswave.dll [2010.10.12 18:31:06 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll [2010.10.12 18:31:06 | 001,189,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll [2010.10.12 18:31:06 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim700.dll [2010.10.12 18:31:06 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll [2010.10.12 18:31:06 | 000,648,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput.dll [2010.10.12 18:31:06 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll [2010.10.12 18:31:06 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmoprp.dll [2010.10.12 18:31:06 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound.dll [2010.10.12 18:31:06 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll [2010.10.12 18:31:06 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddraw.dll [2010.10.12 18:31:06 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll [2010.10.12 18:31:06 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\joy.cpl [2010.10.12 18:31:06 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll [2010.10.12 18:31:06 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvvox.dll [2010.10.12 18:31:06 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvsetup.exe [2010.10.12 18:31:06 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpwsockx.dll [2010.10.12 18:31:06 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpmodemx.dll [2010.10.12 18:31:06 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhupnp.dll [2010.10.12 18:31:06 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhpast.dll [2010.10.12 18:31:06 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pid.dll [2010.10.12 18:31:06 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplaysvr.exe [2010.10.12 18:31:06 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrawex.dll [2010.10.12 18:31:06 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvacm.dll [2010.10.12 18:31:06 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnsvr.exe [2010.10.12 18:31:06 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8thk.dll [2010.10.12 18:31:06 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnlobby.dll [2010.10.12 18:31:06 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnaddr.dll [2010.10.12 18:08:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jojo\Eigene Dateien\My Games [2010.10.12 17:56:34 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft [2010.10.05 21:21:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jojo\Lokale Einstellungen\Anwendungsdaten\PunkBuster [2010.10.05 21:21:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jojo\Eigene Dateien\EA Games [2010.10.03 17:04:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jojo\Eigene Dateien\ICQ [2010.09.27 14:43:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jojo\Eigene Dateien\DVDVideoSoft [2010.09.18 17:05:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jojo\Eigene Dateien\EAMECEPSE [2010.09.18 12:22:58 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll [2010.09.17 20:14:59 | 000,000,000 | ---D | C] -- C:\Programme\World of Warcraft Public Test [2010.09.15 19:48:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Xfire [2010.09.15 19:47:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Xfire [2010.09.14 23:03:02 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar [2010.09.14 23:02:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.09.14 23:02:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\ICQ [2010.09.14 23:02:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jojo\Lokale Einstellungen\Anwendungsdaten\AOL [2010.09.14 23:01:50 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2 ========== Files - Modified Within 30 Days ========== [2010.10.13 19:37:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.13 19:37:22 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.10.13 19:37:19 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job [2010.10.13 19:37:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.13 19:29:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jojo\Desktop\OTL.exe [2010.10.13 19:04:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.10.13 18:13:10 | 000,002,183 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steam.lnk [2010.10.13 15:26:01 | 000,124,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.13 02:48:19 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.10.13 01:38:39 | 010,969,088 | ---- | M] () -- C:\Dokumente und Einstellungen\jojo\Eigene Dateien\SteamInstall_German.msi [2010.10.12 19:54:08 | 000,000,729 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RegistryBooster.lnk [2010.10.12 19:54:02 | 000,000,668 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Emsisoft Anti-Malware.lnk [2010.10.12 19:53:14 | 096,140,336 | ---- | M] (Emsi Software GmbH ) -- C:\Dokumente und Einstellungen\jojo\Eigene Dateien\a2AntiMalwareSetup.exe [2010.10.12 19:52:11 | 005,273,520 | ---- | M] (Uniblue Systems Ltd ) -- C:\Dokumente und Einstellungen\jojo\Eigene Dateien\registrybooster.exe [2010.10.12 19:43:26 | 000,000,628 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\a-squared Free.lnk [2010.10.12 19:37:00 | 086,402,920 | ---- | M] (Emsi Software GmbH ) -- C:\Dokumente und Einstellungen\jojo\Eigene Dateien\a2FreeSetup.exe [2010.10.12 18:30:53 | 000,001,943 | ---- | M] () -- C:\Dokumente und Einstellungen\jojo\Desktop\Brothers In Arms.lnk [2010.10.12 18:04:11 | 000,001,726 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Far*Cry®*2.lnk [2010.10.12 18:01:58 | 000,139,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010.10.12 18:01:58 | 000,139,152 | ---- | M] () -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\PnkBstrK.sys [2010.10.12 18:01:36 | 002,793,768 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe [2010.10.10 18:19:20 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.10.10 17:10:33 | 806,227,984 | ---- | M] () -- C:\Dokumente und Einstellungen\jojo\Eigene Dateien\CoDMW2EnglishPatch.exe [2010.10.06 22:08:26 | 000,218,496 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010.10.05 21:16:00 | 002,601,752 | ---- | M] () -- C:\WINDOWS\System32\pbsvc_moh.exe [2010.10.04 14:11:32 | 000,538,434 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.04 14:11:32 | 000,511,542 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.04 14:11:32 | 000,110,198 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.04 14:11:32 | 000,091,552 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.18 12:22:58 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll [2010.09.18 12:22:58 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll [2010.09.18 08:52:56 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll [2010.09.18 08:52:56 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.09.18 08:52:56 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll [2010.09.18 08:52:56 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010.09.18 08:52:56 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll [2010.09.18 08:52:56 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.09.15 19:47:52 | 000,000,622 | ---- | M] () -- C:\Dokumente und Einstellungen\jojo\Startmenü\Programme\Autostart\Xfire.lnk ========== Files Created - No Company Name ========== [2010.10.13 01:39:15 | 000,002,183 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steam.lnk [2010.10.13 01:38:39 | 010,969,088 | ---- | C] () -- C:\Dokumente und Einstellungen\jojo\Eigene Dateien\SteamInstall_German.msi [2010.10.12 19:54:17 | 000,000,254 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job [2010.10.12 19:54:08 | 000,000,729 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RegistryBooster.lnk [2010.10.12 19:54:02 | 000,000,668 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Emsisoft Anti-Malware.lnk [2010.10.12 19:43:26 | 000,000,628 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\a-squared Free.lnk [2010.10.12 18:31:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010.10.12 18:31:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll [2010.10.12 18:31:09 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax [2010.10.12 18:31:09 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax [2010.10.12 18:31:09 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax [2010.10.12 18:31:09 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax [2010.10.12 18:31:08 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll [2010.10.12 18:31:08 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax [2010.10.12 18:31:08 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll [2010.10.12 18:31:08 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll [2010.10.12 18:31:08 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll [2010.10.12 18:30:53 | 000,001,943 | ---- | C] () -- C:\Dokumente und Einstellungen\jojo\Desktop\Brothers In Arms.lnk [2010.10.12 18:04:11 | 000,001,726 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Far*Cry®*2.lnk [2010.10.10 17:07:04 | 806,227,984 | ---- | C] () -- C:\Dokumente und Einstellungen\jojo\Eigene Dateien\CoDMW2EnglishPatch.exe [2010.10.05 21:21:18 | 000,218,496 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010.10.05 21:20:02 | 002,601,752 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_moh.exe [2010.09.15 19:47:52 | 000,000,622 | ---- | C] () -- C:\Dokumente und Einstellungen\jojo\Startmenü\Programme\Autostart\Xfire.lnk [2010.07.09 21:00:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2010.05.09 13:39:10 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini [2010.04.24 20:11:46 | 000,013,312 | ---- | C] () -- C:\Dokumente und Einstellungen\jojo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.09 14:10:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010.04.09 12:45:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010.04.01 18:29:03 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010.04.01 18:29:03 | 000,139,152 | ---- | C] () -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\PnkBstrK.sys [2010.03.14 18:48:49 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\jojo\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010.03.14 15:42:09 | 000,000,741 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log [2010.03.14 12:07:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2001.07.06 16:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI ========== LOP Check ========== [2010.03.15 11:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2010.09.14 23:03:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.04.06 13:08:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1 [2010.04.10 21:31:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{840F1DFF-CB7C-4489-A648-ED35A19AF232} [2010.04.10 21:31:39 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D7462C20-CB60-4322-81C9-47EDF287BFD9} [2010.03.14 19:10:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Acreon [2010.03.15 13:51:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Azureus [2010.05.28 22:32:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\DVDVideoSoftIEHelpers [2010.10.12 19:55:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\EurekaLog [2010.10.12 18:40:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Gearbox Software [2010.10.12 16:15:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\ICQ [2010.04.05 16:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Norman [2010.03.14 17:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\TS3Client [2010.03.14 16:10:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Uniblue [2010.08.14 21:04:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Windows Search [2010.10.13 19:37:19 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryBooster.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.03.14 19:10:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Acreon [2010.03.15 13:55:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Adobe [2010.03.15 13:51:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Azureus [2010.05.28 22:32:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\DVDVideoSoftIEHelpers [2010.10.12 19:55:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\EurekaLog [2010.10.12 18:40:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Gearbox Software [2010.07.01 21:00:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Google [2010.03.14 15:42:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\HP [2010.10.12 16:15:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\ICQ [2010.03.14 12:19:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Identities [2010.08.15 16:32:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\InstallShield [2010.03.14 12:57:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Macromedia [2010.07.31 13:40:11 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Microsoft [2010.06.10 13:14:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Mozilla [2010.08.01 16:33:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\MSN6 [2010.04.05 16:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Norman [2010.10.13 19:41:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Skype [2010.10.13 16:07:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\skypePM [2010.03.14 15:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Sun [2010.04.27 14:19:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\teamspeak2 [2010.03.14 17:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\TS3Client [2010.03.14 16:10:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Uniblue [2010.08.15 16:40:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\vlc [2010.08.14 21:04:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Windows Search [2010.03.14 23:30:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\WinRAR [2010.10.12 18:55:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Xfire < %APPDATA%\*.exe /s > [2010.03.14 19:10:27 | 000,272,384 | ---- | M] () -- C:\Dokumente und Einstellungen\jojo\Anwendungsdaten\Acreon\WowMatrix\Modules\curl.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2010.03.14 12:31:03 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.07.10 08:16:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2010.03.14 12:31:03 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2010.07.10 08:16:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2010.03.14 12:31:03 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.07.10 08:16:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010.03.14 12:31:03 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2010.07.10 08:16:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys [2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 09:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 09:57:53 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 09:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 09:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 09:57:36 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 09:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 09:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2010.03.14 13:05:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2010.03.14 13:05:28 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2010.03.14 13:05:28 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2009.03.08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll < End of report > |
13.10.2010, 19:19 | #13 |
/// Malware-holic | Norman Ad-Aware SE Profesional kann Trojaner nicht entfernen mal ne frage, irgendwie siehts so aus als hättest du emsisoft 2 mal instaliert? nutzt du die free oder die bezahl version? |
13.10.2010, 19:27 | #14 |
| Norman Ad-Aware SE Profesional kann Trojaner nicht entfernen ích weiß zwar nicht was das ist aber dann auf jeden fall die kostenlose. Weil bezahlen tu ich für sowas nicht |
13.10.2010, 19:28 | #15 |
/// Malware-holic | Norman Ad-Aware SE Profesional kann Trojaner nicht entfernen download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten. naja gut die machen ihren job damit du geschützt sind, ich halte es nicht für falsch zu bezahlen bzw geld zu verlangen für arbeit, machen ja andere arbeitgeber auch oder gehst du für lauh arbeiten :d |
Themen zu Norman Ad-Aware SE Profesional kann Trojaner nicht entfernen |
ad-aware, call of duty, computer, control, dinge, diverse, entdeck, entdeckt, entfernen, entfernt, folge, folgendes, langsam, norman, pferd, programm, programme, schnell, sehr langsam, spiele, steam, trojaner, trojanisches, trojanisches pferd, update, updaten, virus |