![]() |
Plagegeister aller Art und deren Bekämpfung: Gozi-Befall auf einem oder mehreren von 4 Rechnern.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
| ![]() Gozi-Befall auf einem oder mehreren von 4 Rechnern. Hallo, heute hat die comdirect mein Konto gesperrt. Auf Anfrage bekam ich die Info, das ich mich von einem Rechner mit Gozi-Befall eingeloggt habe. In verschiedenen Foren habe ich gelesen, das Gozi nicht nur Zugangsdaten stiehlt sondern auch zur Eingabe von Tans auffordert. Laut comdirect ist dem nicht so, sondern es würden nur Zugangsdaten abgefragt. Komischerweise wurde ich vor ca. 4 Wochen beim Einloggen von einem meiner Rechner aus (Fernsehzimmer) zur Eingabe von Tans aufgefordert. Also ist dort ein anderer Schädling unterwegs gewesen oder die Aussage der comdirect ist nicht korrekt. Wie dem auch sei, irgendeiner oder mehrere meiner Rechner sind befallen. AnitVir Premium Suite hat mit den Standardeinstellungen nicht reagiert. Daher poste ich heute abend schonmal die OTL-Dateien von den ersten beiden Rechnern, morgen im Laufe des Tages die der beiden anderen. Sollte sich herausstellen, das es sich um nur einen Rechner halten, macht es dann Sinn, diesen erstmal stillzulegen und darauf zu hoffen, das in nächster Zeit ein Virenprogramm fähig ist, den Gozi zu entfernen oder ist das nicht ratsam? Hier auf jeden Fall schon mal die Dateien von den ersten beiden Rechnern. Dabei gehe ich nach dieser Beschreibung vor: Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten. Rechner 1 (Windows 7 Wohnzimmer): OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.11.2010 21:01:43 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Uwe\Downloads\Orbit Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 355,34 Gb Total Space | 168,75 Gb Free Space | 47,49% Space Free | Partition Type: NTFS Drive E: | 97,65 Gb Total Space | 83,72 Gb Free Space | 85,74% Space Free | Partition Type: NTFS Drive F: | 155,84 Gb Total Space | 116,55 Gb Free Space | 74,79% Space Free | Partition Type: NTFS Computer Name: ACER-LAPTOP-UWE | User Name: Uwe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Users\Uwe\Downloads\Orbit\OTL.exe (OldTimer Tools) PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) PRC - C:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) PRC - C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) PRC - C:\Programme\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\XSManager\WTGService.exe () PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Uwe\Downloads\Orbit\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe File not found SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (IGBASVC) -- C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe () SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (HFGService) -- C:\Windows\System32\HFGService.dll (CSR, plc) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (int15) -- C:\Windows\System32\drivers\int15.sys File not found DRV - (cpuz130) -- C:\Users\Uwe\AppData\Local\Temp\cpuz130\cpuz_x32.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH) DRV - (NETwNs32) ___ Intel(R) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (BthAudioHF) -- C:\Windows\System32\drivers\BthAudioHF.sys (CSR, plc) DRV - (csr_a2dp) -- C:\Windows\System32\drivers\bthav.sys (CSR, plc) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\System32\drivers\FPSensor.sys (EgisTec) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys () DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys () DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation) DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Win 7 DDK provider) DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (VWiFiFlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (CA561) -- C:\Windows\System32\drivers\SPCA561.SYS (SP) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1109&m=aspire_7738 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1109&m=aspire_7738 IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1109&m=aspire_7738 IE - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.n-tv.de/ IE - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?referrer=theme_ign" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:1.0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}: FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.31 11:45:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.19 05:52:16 | 000,000,000 | ---D | M] [2010.02.24 08:34:06 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\mozilla\Extensions [2010.02.10 20:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.02.24 08:34:06 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.11.13 09:54:49 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxjpuw4o.default\extensions [2010.04.28 03:22:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxjpuw4o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.12 14:44:37 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxjpuw4o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.09.09 03:16:38 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxjpuw4o.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2010.05.21 04:57:03 | 000,000,000 | ---D | M] (Ecosia (eco-friendly search engine)) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxjpuw4o.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0} [2010.11.07 09:28:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxjpuw4o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.10.01 19:24:23 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxjpuw4o.default\extensions\firefox@tvunetworks.com [2010.09.12 14:35:51 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxjpuw4o.default\extensions\vshare@toolbar [2010.05.21 04:54:22 | 000,002,354 | ---- | M] () -- C:\Users\Uwe\AppData\Roaming\Mozilla\FireFox\Profiles\dxjpuw4o.default\searchplugins\ecosia.xml [2010.09.12 14:36:03 | 000,001,583 | ---- | M] () -- C:\Users\Uwe\AppData\Roaming\Mozilla\FireFox\Profiles\dxjpuw4o.default\searchplugins\web-search.xml [2010.11.01 11:10:16 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.06.14 06:27:47 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.08.23 04:54:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.19 19:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.31 11:45:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.31 11:45:17 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.31 11:45:17 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.31 11:45:17 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.31 11:45:17 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKU\S-1-5-21-2293441134-2681655422-36759374-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKU\S-1-5-21-2293441134-2681655422-36759374-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/ (System Requirements Lab Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab (SysInfo Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.11.21 06:21:45 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{4c34d0f2-f489-11de-b43e-001f16c0fe23}\Shell - "" = AutoRun O33 - MountPoints2\{4c34d0f2-f489-11de-b43e-001f16c0fe23}\Shell\AutoRun\command - "" = K:\autorun.exe -- File not found O33 - MountPoints2\{894bf66f-0d9c-11df-b41e-001f16c0fe23}\Shell - "" = AutoRun O33 - MountPoints2\{894bf66f-0d9c-11df-b41e-001f16c0fe23}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found O33 - MountPoints2\{b167293c-ac02-11df-ba65-001f16c0fe23}\Shell - "" = AutoRun O33 - MountPoints2\{b167293c-ac02-11df-ba65-001f16c0fe23}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found O33 - MountPoints2\{d4bc936c-fdf0-11de-b59d-001f16c0fe23}\Shell - "" = AutoRun O33 - MountPoints2\{d4bc936c-fdf0-11de-b59d-001f16c0fe23}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O33 - MountPoints2\{f661c02a-2745-11df-a204-000a94f54b73}\Shell - "" = AutoRun O33 - MountPoints2\{f661c02a-2745-11df-a204-000a94f54b73}\Shell\AutoRun\command - "" = I:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Azureus - hkey= - key= - C:\Programme\Vuze\Azureus.exe (Vuze Inc.) MsConfig - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: Steam - hkey= - key= - c:\program files\steam\steam.exe (Valve Corporation) MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) MsConfig - StartUpReg: WatchMyCam - hkey= - key= - C:\Programme\WatchMyCam\WatchMyCam.exe (www.WatchMyCam.de) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm () Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Packed With Joy !) Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll () Drivers32: VIDC.I420 - MSH263.DRV File not found Drivers32: vidc.vp60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.vp61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.vp62 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2010.11.05 06:35:25 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2010.11.05 06:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2010.11.05 06:14:49 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2010.11.05 06:13:35 | 000,105,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys [2010.11.05 06:13:35 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll [2010.11.05 06:13:27 | 011,008,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2010.11.05 06:13:27 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd [2010.11.05 06:13:26 | 005,107,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll [2010.11.05 06:13:26 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2010.11.05 06:13:25 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2010.11.05 06:13:25 | 009,818,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2010.11.05 06:13:25 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2010.11.05 06:13:25 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2010.11.05 06:13:25 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2010.11.05 06:13:25 | 000,314,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll [2010.11.05 06:13:23 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2010.11.05 06:13:23 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1922.dll [2010.11.05 06:13:23 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll [2010.11.05 06:13:17 | 000,000,000 | ---D | C] -- C:\NVIDIA [2010.11.05 05:03:12 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Roaming\GetRightToGo [2010.11.03 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Roaming\Avira [2010.11.03 19:57:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.11.03 19:57:11 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.11.03 19:57:11 | 000,102,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys [2010.11.03 19:57:11 | 000,079,432 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys [2010.11.03 19:57:11 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.03 19:57:11 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.10.26 19:37:42 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.10.26 19:37:42 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.10.26 19:37:42 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.10.26 19:37:42 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.10.26 19:37:34 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2009.11.10 22:21:36 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2010.11.22 21:03:01 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.11.22 20:43:29 | 000,015,432 | ---- | M] () -- C:\Users\Uwe\Desktop\OTL.exe [2010.11.22 20:24:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.22 20:07:01 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.11.22 19:23:53 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.22 19:23:53 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.22 19:19:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.11.22 19:16:50 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.22 19:16:33 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2010.11.22 19:16:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.22 19:16:22 | 2411,929,600 | -HS- | M] () -- C:\hiberfil.sys [2010.11.22 18:38:53 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.22 17:13:35 | 000,014,848 | ---- | M] () -- C:\Users\Uwe\Desktop\Bowlingtunier.xls [2010.11.22 17:13:23 | 000,018,432 | ---- | M] () -- C:\Users\Uwe\Desktop\Stadionbegehung 28112010.xls [2010.11.22 16:57:29 | 000,004,086 | ---- | M] () -- C:\Users\Uwe\Documents\zensus 2011.ideva [2010.11.20 13:30:31 | 000,000,065 | ---- | M] () -- C:\Windows\Wor.INI [2010.11.19 07:37:45 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.19 07:37:45 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.19 07:37:45 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.19 07:37:45 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.19 06:25:34 | 000,000,084 | ---- | M] () -- C:\Windows\Was.INI [2010.11.16 06:07:46 | 000,000,085 | ---- | M] () -- C:\Windows\Wks.INI [2010.11.14 11:49:19 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk [2010.11.10 18:31:18 | 000,018,432 | ---- | M] () -- C:\Users\Uwe\Desktop\Stadionbegehung.xls [2010.11.10 06:14:52 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\ZVPlan.lnk [2010.11.04 21:54:07 | 000,000,027 | ---- | M] () -- C:\Windows\Wop.INI [2010.11.04 18:40:00 | 000,255,263 | ---- | M] () -- C:\Users\Uwe\Desktop\Uwe_1000x600.jpg [2010.11.03 19:57:27 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.10.24 10:13:36 | 000,011,776 | ---- | M] () -- C:\Users\Uwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2010.11.22 20:42:09 | 000,015,432 | ---- | C] () -- C:\Users\Uwe\Desktop\OTL.exe [2010.11.22 16:57:29 | 000,004,086 | ---- | C] () -- C:\Users\Uwe\Documents\zensus 2011.ideva [2010.11.14 11:49:19 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk [2010.11.10 18:31:28 | 000,018,432 | ---- | C] () -- C:\Users\Uwe\Desktop\Stadionbegehung 28112010.xls [2010.11.05 06:13:27 | 000,009,596 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2010.11.04 18:40:00 | 000,255,263 | ---- | C] () -- C:\Users\Uwe\Desktop\Uwe_1000x600.jpg [2010.11.03 19:57:27 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.11.01 14:24:13 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\ZVPlan.lnk [2010.10.25 05:57:16 | 000,018,432 | ---- | C] () -- C:\Users\Uwe\Desktop\Stadionbegehung.xls [2010.09.06 04:32:19 | 008,676,883 | ---- | C] () -- C:\Windows\System32\NCMedia2.dll [2010.09.02 08:15:18 | 000,004,096 | -H-- | C] () -- C:\Users\Uwe\AppData\Local\keyfile3.drm [2010.07.01 11:26:25 | 000,000,035 | ---- | C] () -- C:\Windows\Wmv.INI [2010.05.09 03:34:13 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll [2010.05.04 06:25:47 | 000,000,051 | ---- | C] () -- C:\Windows\Wds.INI [2010.04.04 06:06:01 | 000,000,027 | ---- | C] () -- C:\Windows\Wop.INI [2010.03.18 07:47:59 | 000,000,060 | ---- | C] () -- C:\Windows\Wis.INI [2010.02.07 10:49:08 | 000,011,776 | ---- | C] () -- C:\Users\Uwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.07 09:58:40 | 000,000,000 | ---- | C] () -- C:\Windows\Waa.INI [2010.02.03 19:06:44 | 000,000,028 | ---- | C] () -- C:\Windows\WPE.INI [2009.12.09 18:33:55 | 000,000,084 | ---- | C] () -- C:\Windows\Was.INI [2009.12.02 10:16:27 | 000,000,000 | ---- | C] () -- C:\Windows\WSB.INI [2009.12.02 10:16:24 | 000,000,065 | ---- | C] () -- C:\Windows\Wor.INI [2009.12.02 10:16:23 | 000,000,085 | ---- | C] () -- C:\Windows\Wks.INI [2009.12.02 09:37:33 | 000,000,130 | ---- | C] () -- C:\Windows\uno.ini [2009.11.26 19:09:42 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.11.26 08:25:35 | 000,008,114 | ---- | C] () -- C:\Users\Uwe\AppData\Local\MyWinLockerInstaller.txt-20091126.log [2009.11.26 08:19:08 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.11.23 19:23:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.23 13:08:56 | 000,001,641 | ---- | C] () -- C:\Users\Uwe\AppData\Local\MyWinLockerInstaller.txt-20091123.log [2009.11.19 20:25:18 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2009.11.19 20:25:18 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2009.11.19 20:25:18 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2009.11.14 11:37:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.11.10 13:58:07 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini [2009.08.27 20:04:44 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2009.08.27 20:04:32 | 000,811,835 | ---- | C] () -- C:\Windows\System32\ff_x264.dll [2009.08.27 20:03:52 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2009.08.25 19:07:36 | 000,683,520 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll [2009.08.25 18:38:04 | 000,238,080 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2009.08.25 17:56:56 | 000,791,742 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.08.25 17:37:02 | 000,145,609 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.02 18:15:44 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2009.06.02 18:15:18 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll [2009.06.02 18:15:04 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2009.06.02 18:14:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2009.06.02 18:14:30 | 000,485,888 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2009.06.02 18:13:58 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2009.06.02 18:13:50 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2009.06.02 18:11:26 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2009.06.02 18:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.03.12 11:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.02.11 21:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.02.11 21:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.02.11 21:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2009.01.10 23:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll [2009.01.10 23:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll [2009.01.10 23:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll [2009.01.10 23:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll [2009.01.10 23:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll [2009.01.10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll [2009.01.10 23:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll [2009.01.10 23:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll [2009.01.10 23:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll [2009.01.10 23:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2009.01.10 23:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2008.12.03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007.10.13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2009.11.18 16:32:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console [2009.11.18 16:32:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console [2010.05.25 04:09:36 | 000,000,000 | -HSD | M] -- C:\Users\Uwe\AppData\Roaming\.# [2009.11.18 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Acer [2009.11.18 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Acer GameZone Console [2010.01.12 21:02:44 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Ashampoo [2010.11.16 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Azureus [2009.12.07 12:53:50 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1 [2010.09.03 04:49:18 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\DaCamYoWebcam [2009.11.26 08:32:50 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\DAEMON Tools Lite [2009.12.26 08:07:37 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Funambol [2010.11.05 05:09:20 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\GetRightToGo [2010.04.16 11:10:55 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\GrabPro [2010.02.26 06:05:23 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\hdbADS [2010.09.19 03:44:46 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\JLC's Software [2010.11.22 21:03:20 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\NetSpeedMonitor [2010.11.22 20:59:24 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Orbit [2009.11.19 06:26:38 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\PowerCinema [2010.08.20 04:27:08 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\ProgSense [2010.05.09 03:33:31 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\ShareTV [2009.12.05 14:41:41 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\SoftDMA [2010.08.25 07:05:30 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Spamihilator [2010.10.05 05:40:23 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\TeamViewer [2010.02.10 20:25:50 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Thunderbird [2010.02.24 08:34:05 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\TomTom [2009.12.04 16:25:03 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\TuneUp Software [2010.08.13 04:13:53 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\XSManager [2010.11.13 13:59:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.11.22 21:03:01 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.11.22 20:07:01 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.05.25 04:09:36 | 000,000,000 | -HSD | M] -- C:\Users\Uwe\AppData\Roaming\.# [2009.11.18 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Acer [2009.11.18 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Acer GameZone Console [2009.12.07 12:53:19 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Adobe [2010.01.12 21:02:44 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Ashampoo [2010.11.03 20:01:27 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Avira [2010.11.16 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Azureus [2009.12.07 12:53:50 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1 [2010.06.30 16:23:12 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\CyberLink [2010.09.03 04:49:18 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\DaCamYoWebcam [2009.11.26 08:32:50 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\DAEMON Tools Lite [2010.06.15 17:46:58 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\DivX [2010.09.23 17:21:47 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\dvdcss [2009.12.26 08:07:37 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Funambol [2010.11.05 05:09:20 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\GetRightToGo [2009.11.18 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Google [2010.04.16 11:10:55 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\GrabPro [2010.02.26 06:05:23 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\hdbADS [2009.11.18 22:14:33 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Identities [2009.11.18 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\InstallShield [2010.09.19 03:44:46 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\JLC's Software [2009.11.18 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Macromedia [2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Media Center Programs [2010.10.27 10:38:04 | 000,000,000 | --SD | M] -- C:\Users\Uwe\AppData\Roaming\Microsoft [2009.11.23 08:29:29 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Mozilla [2010.11.22 21:03:20 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\NetSpeedMonitor [2010.11.22 20:59:24 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Orbit [2009.11.19 06:26:38 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\PowerCinema [2010.08.20 04:27:08 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\ProgSense [2010.02.06 17:52:48 | 000,000,000 | RH-D | M] -- C:\Users\Uwe\AppData\Roaming\SecuROM [2010.05.09 03:33:31 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\ShareTV [2010.11.19 18:44:47 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Skype [2010.11.19 18:41:43 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\skypePM [2009.12.05 14:41:41 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\SoftDMA [2010.08.25 07:05:30 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Spamihilator [2009.12.17 19:19:47 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\teamspeak2 [2010.10.05 05:40:23 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\TeamViewer [2010.02.10 20:25:50 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Thunderbird [2010.02.24 08:34:05 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\TomTom [2009.12.04 16:25:03 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\TuneUp Software [2010.11.13 09:14:32 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\vlc [2010.08.13 04:13:53 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\XSManager < %APPDATA%\*.exe /s > [2010.09.10 05:31:28 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Uwe\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe [2009.12.07 12:53:13 | 000,038,208 | ---- | M] () -- C:\Users\Uwe\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.02.03 06:53:00 | 000,049,334 | R--- | M] () -- C:\Users\Uwe\AppData\Roaming\Microsoft\Installer\{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}\_6F5BD9A189C47F56F83B7E.exe [2010.02.03 06:53:00 | 000,049,334 | R--- | M] () -- C:\Users\Uwe\AppData\Roaming\Microsoft\Installer\{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}\_6FEFF9B68218417F98F549.exe [2010.02.03 06:53:00 | 000,049,334 | R--- | M] () -- C:\Users\Uwe\AppData\Roaming\Microsoft\Installer\{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}\_C46CDCCA9E79F204FAD883.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2009.02.12 02:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver64\IaStor.sys [2009.02.12 02:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver\IaStor.sys [2009.02.12 02:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e0c941a8b0e04b56\iaStor.sys [2009.02.12 02:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_7009a7672ee571e2\iaStor.sys [2009.06.04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009.06.04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys [2009.06.04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys < MD5 for: IASTORV.SYS > [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2009.11.26 08:19:08 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914 @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:814B9485 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:BB24555F @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CE0A077E < End of report > Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.11.2010 21:01:43 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Uwe\Downloads\Orbit Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 355,34 Gb Total Space | 168,75 Gb Free Space | 47,49% Space Free | Partition Type: NTFS Drive E: | 97,65 Gb Total Space | 83,72 Gb Free Space | 85,74% Space Free | Partition Type: NTFS Drive F: | 155,84 Gb Total Space | 116,55 Gb Free Space | 74,79% Space Free | Partition Type: NTFS Computer Name: ACER-LAPTOP-UWE | User Name: Uwe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2293441134-2681655422-36759374-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8 "{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}" = STRATO Backup Manager "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22 "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D "{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations "{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.6 "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor x86 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003 "{92975DF9-EA36-4F36-A9AC-D412BC1D709E}" = Nuvoton EC Generic HID Driver "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver: "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "7-Zip" = 7-Zip 9.10 beta "8461-7759-5462-8226" = Vuze "Acer Screensaver" = Acer ScreenSaver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010 "Avira AntiVir Desktop" = Avira Premium Security Suite "CCleaner" = CCleaner "D-i-v-X - AVI Codec Pack Pro" = D-i-v-X AVI Codec Pack Pro 2.4.0 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.1.1 Home Edition "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter "Google Chrome" = Google Chrome "Google Updater" = Google Updater "GridVista" = Acer GridVista "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection "IsoBuster_is1" = IsoBuster 2.8 "LManager" = Launch Manager "LSI Soft Modem" = LSI HDA Modem "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "OpenAL" = OpenAL "Orbit_is1" = Orbit Downloader "Picasa 3" = Picasa 3 "POI FINDER (iGO My way 8)_is1" = POI FINDER 3.67 (iGO My way 8) "RarZilla Free Unrar" = RarZilla Free Unrar "SopCast" = SopCast 3.2.9 "Steam App 10" = Counter-Strike "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 240" = Counter-Strike: Source "Steam App 260" = Counter-Strike: Source Beta "Steam App 320" = Half-Life 2: Deathmatch "STRATO Outlook Sync" = STRATO Outlook Sync 8.2.7 "Suunto Dive Manager_is1" = Suunto Dive Manager 3.1.0 "SuuntoUSBFTDIVista_is1" = Suunto USB Driver "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamViewer 5" = TeamViewer 5 "TomTom HOME" = TomTom HOME "TuneUp Utilities" = TuneUp Utilities "TVUPlayer" = TVUPlayer "Veetle TV" = Veetle TV 0.9.17 "VLC media player" = VLC media player 1.1.3 "Vuze_Remote Toolbar" = Vuze Remote Toolbar "WatchMyCam_is1" = WatchMyCam - Live Video Streaming "WinLiveSuite_Wave3" = Windows Live Essentials "XSManager" = XSManager "ZVPLAN" = ZVPLAN 1.0.14 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07.07.2010 04:04:36 | Computer Name = Acer-Laptop-Uwe | Source = WinMgmt | ID = 10 Description = Error - 07.07.2010 07:32:53 | Computer Name = Acer-Laptop-Uwe | Source = WinMgmt | ID = 10 Description = Error - 07.07.2010 08:02:05 | Computer Name = Acer-Laptop-Uwe | Source = Google Update | ID = 20 Description = Error - 07.07.2010 08:10:29 | Computer Name = Acer-Laptop-Uwe | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 07.07.2010 08:11:35 | Computer Name = Acer-Laptop-Uwe | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\windows live\messenger\wlcsdk.exe". Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version=""" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 07.07.2010 09:02:05 | Computer Name = Acer-Laptop-Uwe | Source = Google Update | ID = 20 Description = Error - 07.07.2010 11:40:53 | Computer Name = Acer-Laptop-Uwe | Source = WinMgmt | ID = 10 Description = Error - 07.07.2010 14:24:04 | Computer Name = Acer-Laptop-Uwe | Source = WinMgmt | ID = 10 Description = Error - 07.07.2010 23:30:37 | Computer Name = Acer-Laptop-Uwe | Source = WinMgmt | ID = 10 Description = Error - 08.07.2010 03:00:21 | Computer Name = Acer-Laptop-Uwe | Source = Google Update | ID = 20 Description = [ Media Center Events ] Error - 24.09.2010 21:17:37 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0 Description = 08:17:37 - Fehler beim Herstellen der Internetverbindung. 08:17:37 - Serververbindung konnte nicht hergestellt werden.. Error - 24.09.2010 21:17:43 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0 Description = 08:17:42 - Fehler beim Herstellen der Internetverbindung. 08:17:42 - Serververbindung konnte nicht hergestellt werden.. Error - 24.09.2010 23:19:01 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0 Description = 10:19:01 - Fehler beim Herstellen der Internetverbindung. 10:19:01 - Serververbindung konnte nicht hergestellt werden.. Error - 24.09.2010 23:19:11 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0 Description = 10:19:06 - Fehler beim Herstellen der Internetverbindung. 10:19:06 - Serververbindung konnte nicht hergestellt werden.. Error - 26.09.2010 02:48:42 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0 Description = 13:48:42 - Fehler beim Herstellen der Internetverbindung. 13:48:42 - Serververbindung konnte nicht hergestellt werden.. Error - 26.09.2010 02:48:51 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0 Description = 13:48:47 - Fehler beim Herstellen der Internetverbindung. 13:48:47 - Serververbindung konnte nicht hergestellt werden.. Error - 26.09.2010 04:01:16 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0 Description = 15:01:16 - Fehler beim Herstellen der Internetverbindung. 15:01:16 - Serververbindung konnte nicht hergestellt werden.. Error - 26.09.2010 04:01:21 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0 Description = 15:01:21 - Fehler beim Herstellen der Internetverbindung. 15:01:21 - Serververbindung konnte nicht hergestellt werden.. Error - 08.11.2010 15:38:50 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0 Description = 20:38:50 - Fehler beim Herstellen der Internetverbindung. 20:38:50 - Serververbindung konnte nicht hergestellt werden.. Error - 08.11.2010 15:39:24 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0 Description = 20:39:20 - Fehler beim Herstellen der Internetverbindung. 20:39:20 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 19.11.2010 13:38:07 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000 Description = Der Dienst "int15" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 19.11.2010 13:38:07 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MyWinLocker Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 20.11.2010 01:05:43 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000 Description = Der Dienst "int15" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 20.11.2010 01:05:43 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MyWinLocker Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 21.11.2010 04:23:20 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000 Description = Der Dienst "int15" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 21.11.2010 04:23:20 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MyWinLocker Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 22.11.2010 11:38:45 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000 Description = Der Dienst "int15" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 22.11.2010 11:38:45 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MyWinLocker Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 22.11.2010 14:16:33 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000 Description = Der Dienst "int15" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 22.11.2010 14:16:33 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MyWinLocker Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > Geändert von Uwe P. (22.11.2010 um 21:55 Uhr) |
![]() | #2 |
| ![]() Gozi-Befall auf einem oder mehreren von 4 Rechnern. Rechner 2 (Windows XP Fernsehzimmer Partition Werkbank)
__________________OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.11.2010 21:48:49 - Run 1 OTL by OldTimer - Version Folder = C:\Dokumente und Einstellungen\Cold Turkey\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 23,33 Gb Free Space | 47,77% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 2,88 Gb Free Space | 7,37% Space Free | Partition Type: NTFS Drive E: | 137,48 Gb Total Space | 76,99 Gb Free Space | 56,00% Space Free | Partition Type: NTFS Drive G: | 39,06 Gb Total Space | 24,55 Gb Free Space | 62,85% Space Free | Partition Type: NTFS Drive H: | 219,96 Gb Total Space | 25,38 Gb Free Space | 11,54% Space Free | Partition Type: NTFS Computer Name: ZENTRALE | User Name: Cold Turkey | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Cold Turkey\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\WINDOWS\system32\msfeedssync.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\WINDOWS\vsnpstd3.exe () PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd) PRC - C:\Programme\Ahead\InCD\InCDsrv.exe (Nero AG) PRC - C:\WINDOWS\tsnpstd3.exe () PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Cold Turkey\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\nvueemon.dll () MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirFirewallService) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (ASKUpgrade) -- C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe () SRV - (ASKService) -- C:\Programme\AskBarDis\bar\bin\AskService.exe () SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe () SRV - (InCDsrv) -- C:\Programme\Ahead\InCD\InCDsrv.exe (Nero AG) SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys File not found DRV - (CTERFXFX.DLL) -- C:\WINDOWS\System32\CTERFXFX.DLL File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avfwot) -- C:\WINDOWS\system32\drivers\avfwot.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (avfwim) -- C:\WINDOWS\system32\drivers\avfwim.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI) DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc) DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola) DRV - (CTHWIUT.DLL) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.) DRV - (CT20XUT.DLL) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.) DRV - (CTEXFIFX.DLL) -- C:\WINDOWS\system32\CTEXFIFX.dll (Creative Technology Ltd.) DRV - (CTSBLFX.DLL) -- C:\WINDOWS\system32\ctsblfx.dll (Creative Technology Ltd) DRV - (CTEAPSFX.DLL) -- C:\WINDOWS\system32\cteapsfx.dll (Creative Technology Ltd) DRV - (CTAUDFX.DLL) -- C:\WINDOWS\system32\ctaudfx.dll (Creative Technology Ltd) DRV - (COMMONFX.DLL) -- C:\WINDOWS\system32\commonfx.dll (Creative Technology Ltd) DRV - (CTEDSPSY.DLL) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd) DRV - (CTEDSPIO.DLL) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd) DRV - (CTEDSPFX.DLL) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd) DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (HCW88BDA) -- C:\WINDOWS\system32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc) DRV - (hcw88rc5) -- C:\WINDOWS\system32\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.) DRV - (HCW88AUD) -- C:\WINDOWS\system32\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc) DRV - (HCW88TSE) -- C:\WINDOWS\system32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc) DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG) DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG) DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation) DRV - (CoolerXPDriver) -- C:\Programme\MSI\PC Alert 4\NTCooler.sys (Your Corporation) DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation) DRV - (TBPanel) -- C:\WINDOWS\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1417001333-725345543-1583954581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-1417001333-725345543-1583954581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-1417001333-725345543-1583954581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1417001333-725345543-1583954581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Nachrichten, aktuelle Schlagzeilen und Videos - n-tv.de IE - HKU\S-1-5-21-1417001333-725345543-1583954581-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKU\S-1-5-21-1417001333-725345543-1583954581-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}: FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.04 18:28:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.12 13:29:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.11.20 12:36:41 | 000,000,000 | ---D | M] [2008.11.22 18:42:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla\Extensions [2008.04.29 14:14:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2010.11.15 16:01:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla\Firefox\Profiles\48vnv62d.default\extensions [2010.10.01 16:57:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla\Firefox\Profiles\48vnv62d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.01 15:36:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla\Firefox\Profiles\48vnv62d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.11.20 13:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla\Firefox\Profiles\48vnv62d.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010.11.15 16:01:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2008.08.14 16:19:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.08.14 16:19:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\google-gzfb@partners.mozilla.com [2010.11.12 13:29:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.11.12 13:29:54 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.11.12 13:29:54 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.11.12 13:29:54 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.11.12 13:29:54 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.02 06:47:42 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF-XChange Lite 3\PDF-XChange PDF Viewer\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKU\S-1-5-21-1417001333-725345543-1583954581-1003\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe () O4 - HKU\S-1-5-21-1417001333-725345543-1583954581-1003..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1417001333-725345543-1583954581-1003..\Run: [Helper] C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Helper\bin\liveu.exe () O4 - HKU\S-1-5-21-1417001333-725345543-1583954581-1003..\Run: [Setinx] C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Adobe\Update\widnat.exe () O4 - HKU\S-1-5-21-1417001333-725345543-1583954581-1003..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-1417001333-725345543-1583954581-1003..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd) O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1417001333-725345543-1583954581-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157 O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/ (System Requirements Lab Class) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/ (System Requirements Lab Class) O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} hxxp://static.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/su/ocx/15031/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.12.28 15:48:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.01.23 17:23:57 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{9a7ac880-15eb-11dd-8b14-00000000cc8a}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: cleaarts - (C:\WINDOWS\system32\nvueemon.dll) - C:\WINDOWS\system32\nvueemon.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PC Alert 4.lnk - C:\Programme\MSI\PC Alert 4\PCAlert4.exe - () MsConfig - StartUpReg: C66 - hkey= - key= - File not found MsConfig - StartUpReg: LiveMonitor - hkey= - key= - C:\Programme\MSI\Live Update 3\LMonitor.exe () MsConfig - StartUpReg: Steam - hkey= - key= - C:\Programme\Steam\Steam.exe File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {81F4E000-934B-44B4-3F11-97DA48E258CD} - Microsoft Windows Media Player ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv40 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17746534284132352) ========== Files/Folders - Created Within 30 Days ========== [2010.11.22 21:47:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\OTL.exe [2010.11.20 12:45:04 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Cold Turkey\Recent [2010.11.12 14:52:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Cold Turkey\Lokale Einstellungen\Anwendungsdaten\eSupport.com [2010.11.12 14:45:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV34843120.TMP [2010.11.12 14:35:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\GrabPro [2010.11.12 14:34:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation [2010.11.12 14:31:13 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2010.11.12 14:23:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX [2010.11.12 14:16:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\ProgSense [2010.11.12 14:16:04 | 000,000,000 | ---D | C] -- C:\Programme\Orbitdownloader [2010.11.12 14:16:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Orbit [2010.11.12 14:07:10 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2010.11.12 13:55:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\vlc [2010.11.12 13:49:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Cold Turkey\Eigene Dateien\Downloads [2007.07.07 06:23:17 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll [2007.07.07 06:23:17 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\vsnpstd3.dll [2007.03.12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2005.11.23 11:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.22 21:50:06 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6206F2BB-D5C6-4556-8E05-8E5D3AD15B96}.job [2010.11.22 21:48:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\OTL.exe [2010.11.22 21:45:01 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.11.22 21:45:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.11.22 21:44:15 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.11.22 21:43:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.11.20 12:45:30 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.11.20 12:45:30 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.11.20 12:45:30 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.11.20 12:45:30 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.11.20 12:45:30 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.11.20 12:45:30 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010.11.20 12:45:30 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010.11.20 12:45:18 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.CDF [2010.11.20 12:45:18 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.BAK [2010.11.15 16:48:25 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.11.15 16:48:25 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2010.11.15 16:11:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.11.12 14:52:48 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys [2010.11.12 14:32:43 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010.11.12 14:32:43 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2010.11.12 14:32:39 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010.11.12 14:32:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk [2010.11.12 14:16:08 | 000,000,706 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\Orbit.lnk [2010.11.12 13:55:33 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2010.11.12 13:43:14 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010.11.12 10:58:08 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2010.11.08 18:13:16 | 000,000,662 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\Verknüpfung mit CCleaner.lnk [2010.11.02 17:56:02 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.11.02 17:56:02 | 000,102,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwot.sys [2010.11.02 17:56:02 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.11.01 13:58:09 | 000,761,378 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.11.01 13:58:09 | 000,710,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.11.01 13:58:09 | 000,203,184 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.11.01 13:58:09 | 000,012,784 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.10.29 13:40:17 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.10.29 13:40:11 | 000,055,808 | -H-- | M] () -- C:\WINDOWS\System32\nvueemon.dll [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.15 16:49:42 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.BAK [2010.11.15 16:48:25 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2010.11.15 16:48:25 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2010.11.12 14:16:08 | 000,000,706 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\Orbit.lnk [2010.11.12 13:55:33 | 000,000,699 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2010.11.08 18:13:16 | 000,000,662 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\Verknüpfung mit CCleaner.lnk [2010.10.29 13:40:11 | 000,055,808 | -H-- | C] () -- C:\WINDOWS\System32\nvueemon.dll [2010.10.22 05:04:12 | 000,079,944 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2009.09.11 15:31:37 | 000,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008.12.24 12:54:33 | 000,006,253 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Kommagetrennte Werte (Windows).EML [2008.12.23 21:44:36 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\$_hpcst$.hpc [2008.10.07 17:33:15 | 001,914,216 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll [2008.10.07 17:33:15 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008.10.07 17:33:14 | 000,247,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll [2008.08.05 06:21:07 | 000,000,091 | ---- | C] () -- C:\WINDOWS\FENSTER.INI [2008.08.05 06:20:44 | 000,000,102 | ---- | C] () -- C:\WINDOWS\GSAUF.INI [2008.06.22 13:59:12 | 000,062,665 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\mdb.bin [2008.06.06 18:20:57 | 000,000,430 | ---- | C] () -- C:\WINDOWS\wiso.ini [2008.06.06 18:19:32 | 000,000,253 | ---- | C] () -- C:\WINDOWS\BUHL.INI [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007.11.18 15:57:46 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI [2007.11.11 11:44:34 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2007.11.11 11:44:34 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2007.10.22 11:56:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL [2007.09.11 19:54:49 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007.09.11 19:54:49 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\PnkBstrK.sys [2007.09.11 17:37:39 | 000,000,313 | ---- | C] () -- C:\WINDOWS\game.ini [2007.09.07 09:03:26 | 000,162,304 | ---- | C] () -- C:\Programme\UNWISE.EXE [2007.09.07 09:03:26 | 000,005,933 | ---- | C] () -- C:\Programme\INSTALL.LOG [2007.08.03 21:56:36 | 000,000,051 | ---- | C] () -- C:\WINDOWS\Wds.INI [2007.07.24 21:15:54 | 000,000,028 | ---- | C] () -- C:\WINDOWS\WPE.INI [2007.07.24 14:04:32 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Wmv.INI [2007.07.24 14:03:58 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Wsv.INI [2007.07.24 12:25:15 | 000,000,066 | ---- | C] () -- C:\WINDOWS\WSB.INI [2007.07.24 12:24:36 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Wis.INI [2007.07.24 12:23:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Waa.INI [2007.07.24 12:22:50 | 000,000,077 | ---- | C] () -- C:\WINDOWS\Wks.INI [2007.07.24 12:21:48 | 000,000,080 | ---- | C] () -- C:\WINDOWS\Was.INI [2007.07.24 12:21:23 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Wop.INI [2007.07.24 12:21:07 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Wor.INI [2007.07.24 12:16:22 | 000,000,130 | ---- | C] () -- C:\WINDOWS\uno.ini [2007.07.07 06:24:31 | 000,032,345 | ---- | C] () -- C:\WINDOWS\unvpeye.ini [2007.07.02 18:48:56 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL [2007.07.01 06:30:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\gidReg.dll [2007.07.01 06:30:27 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\sx32w.dll [2007.07.01 06:30:26 | 000,202,240 | ---- | C] () -- C:\WINDOWS\System32\TUTILITY.DLL [2007.04.26 15:37:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI [2007.04.19 11:13:53 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2007.04.10 19:37:26 | 000,009,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Microsoft Excel.CAL [2007.04.10 19:01:43 | 000,025,732 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Microsoft Excel.ADR [2007.04.10 18:27:40 | 000,022,249 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Kommagetrennte Werte (DOS).ADR [2007.04.10 10:31:39 | 000,022,607 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR [2007.03.24 09:12:29 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2007.03.10 11:32:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2007.02.21 14:57:39 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI [2007.02.15 13:53:17 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2007.02.13 19:22:40 | 000,036,864 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\linRegedit.exe [2007.02.13 19:22:40 | 000,024,576 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\liNearInstallGuard.exe [2007.02.07 12:01:40 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\gsbest32.dll [2007.02.01 14:30:56 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2007.02.01 10:53:40 | 000,030,706 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2007.02.01 10:44:35 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll [2007.02.01 10:44:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll [2007.02.01 10:43:40 | 000,001,998 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2007.01.25 13:45:04 | 000,130,560 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll [2007.01.25 12:40:09 | 000,000,476 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2007.01.25 09:10:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.01.22 19:40:22 | 000,000,497 | ---- | C] () -- C:\WINDOWS\WINCMD.INI [2007.01.22 12:51:16 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2007.01.22 06:14:59 | 000,000,507 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.01.21 10:45:22 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll [2006.10.31 15:44:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2006.09.15 21:14:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2006.08.11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL [2006.07.01 15:13:24 | 000,001,365 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2006.06.01 22:07:34 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006.05.23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2006.02.08 13:38:10 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.01.28 11:22:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2006.01.27 15:32:24 | 000,221,696 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.01.07 08:37:57 | 000,000,297 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2005.12.28 16:43:12 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI [2005.12.28 15:37:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005.06.16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [2004.12.20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004.12.20 11:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2004.02.27 15:36:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2003.02.19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2002.12.14 22:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll [2002.12.14 22:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2002.12.14 22:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2002.12.14 21:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2002.11.15 13:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll [2002.09.23 12:11:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll [2002.05.28 02:52:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\japi.dll [2002.03.21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL [2001.06.24 10:32:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\japi2.dll ========== LOP Check ========== [2007.02.09 13:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2007.01.22 13:05:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2008.09.21 10:41:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo [2008.01.20 00:38:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2009.06.11 12:51:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2010.10.01 13:53:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2008.07.09 04:36:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HSETU [2009.04.09 20:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PPLive [2009.04.10 07:07:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PPLiveVA [2007.09.13 17:37:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sage(2) [2010.10.13 17:57:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2008.10.08 19:30:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SnitchPlusData [2007.04.26 15:59:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2009.10.06 18:34:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2008.04.29 14:14:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2007.01.21 13:19:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2006.01.07 09:30:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\.bittorrent [2007.02.09 13:42:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\ACD Systems [2008.09.21 10:41:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Ashampoo [2010.11.08 18:11:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Azureus [2009.06.11 12:51:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Buhl Data Service [2008.05.21 17:45:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\concept design [2008.10.21 19:18:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\DAEMON Tools [2007.03.22 08:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\FUJIFILM [2010.01.04 16:57:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Funambol [2010.11.12 14:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\GrabPro [2008.07.09 04:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\HSETU [2009.11.26 18:40:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\ImgBurn [2007.05.15 06:48:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Kana Solution [2007.04.04 12:35:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Musicmatch [2009.07.31 15:22:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\MyPhoneExplorer [2009.06.27 08:32:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\OpenOffice.org [2010.11.22 21:47:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Orbit [2009.04.09 20:42:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\PPLiveVA [2010.11.12 14:16:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\ProgSense [2009.06.30 05:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\PTS_GetSolar [2010.10.14 05:06:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TeamViewer [2007.04.26 11:29:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Teleca [2008.04.29 14:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TomTom [2009.06.27 09:23:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Tracker Software [2010.10.13 16:42:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TrusteerHelp [2007.01.21 13:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TuneUp Software [2007.12.23 15:07:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TVcentral-Core [2009.06.06 07:31:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\WordToPDF [2010.10.15 16:25:25 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job [2010.11.22 21:50:06 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6206F2BB-D5C6-4556-8E05-8E5D3AD15B96}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2006.01.07 09:30:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\.bittorrent [2007.02.09 13:42:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\ACD Systems [2010.10.22 04:58:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Adobe [2008.05.15 04:14:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\AdobeUM [2007.02.02 17:49:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Ahead [2006.01.02 17:21:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Apple Computer [2008.09.21 10:41:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Ashampoo [2010.10.01 16:48:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Avira [2010.11.08 18:11:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Azureus [2009.06.11 12:51:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Buhl Data Service [2008.05.21 17:45:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\concept design [2007.10.23 05:42:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Creative [2008.10.21 19:18:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\DAEMON Tools [2007.07.08 19:00:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\DivX [2007.07.07 07:00:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\dvdcss [2007.03.22 08:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\FUJIFILM [2010.01.04 16:57:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Funambol [2006.05.28 14:06:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Google [2010.11.12 14:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\GrabPro [2006.05.26 17:57:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Help [2010.10.14 17:38:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Helper [2008.07.09 04:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\HSETU [2005.12.28 15:55:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Identities [2009.11.26 18:40:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\ImgBurn [2007.11.27 21:25:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\InstallShield [2007.05.15 06:48:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Kana Solution [2007.09.04 18:53:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Macromedia [2010.10.14 04:46:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Malwarebytes [2010.10.13 18:26:45 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Microsoft [2008.04.29 14:14:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla [2007.04.04 12:35:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Musicmatch [2009.07.31 15:22:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\MyPhoneExplorer [2009.06.27 08:32:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\OpenOffice.org [2010.11.22 21:47:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Orbit [2009.04.09 20:42:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\PPLiveVA [2010.11.12 14:16:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\ProgSense [2009.06.30 05:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\PTS_GetSolar [2009.09.12 06:28:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Real [2007.07.11 17:42:08 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\SecuROM [2010.11.22 21:46:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Skype [2010.11.22 21:46:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\skypePM [2007.04.26 16:02:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Sony Ericsson [2006.01.07 09:34:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Sun [2007.01.22 12:47:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Symantec [2008.08.14 16:19:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Talkback [2005.12.28 17:57:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\teamspeak2 [2010.10.14 05:06:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TeamViewer [2007.04.26 11:29:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Teleca [2008.04.29 14:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TomTom [2009.06.27 09:23:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Tracker Software [2010.10.13 16:42:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TrusteerHelp [2007.01.21 13:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TuneUp Software [2007.12.23 15:07:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TVcentral-Core [2005.12.28 17:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Ventrilo [2010.11.15 16:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\vlc [2009.06.06 07:31:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\WordToPDF < %APPDATA%\*.exe /s > [2007.02.06 09:35:11 | 023,813,608 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe [2008.05.15 04:16:59 | 022,319,360 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr710_de_DE.exe [2010.10.26 17:24:16 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Adobe\Update\widnat.exe [2009.09.29 19:22:29 | 007,154,255 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Azureus\plugins\azemp\azmplay.exe [2009.09.29 19:22:02 | 010,686,001 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Azureus\plugins\azump\mplayer.exe [2010.10.14 17:38:36 | 000,069,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Helper\bin\liveu.exe [2010.10.13 18:26:45 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2009.06.27 08:35:37 | 000,564,224 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\uno_packages\BA.tmp_\pdfimport[1].oxt\xpdfimport.exe [2009.06.27 09:23:10 | 000,449,816 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate.exe [2009.06.27 09:24:26 | 000,449,816 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate[1].exe [2009.06.27 10:00:11 | 000,449,816 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate[2].exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.10.13 20:46:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2010.10.13 20:46:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\XPCD\I386\sp2.cab:AGP440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.10.13 20:46:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010.10.13 20:46:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\XPCD\I386\sp2.cab:atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys [2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\EVENTLOG.DLL [2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\UBCD4Win\BartPE\I386\EXPLORER.EXE [2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\UBCD4Win\BartPE\I386\SYSTEM32\NETLOGON.DLL [2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: NVATABUS.SYS > [2004.06.03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\NVIDIA\nForceWin2KXP\5.10\IDE\Win2K\NvAtaBus.sys [2004.06.03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\NVIDIA\nForceWin2KXP\5.10\IDE\WinXP\NvAtaBus.sys [2004.06.03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\drivers\nvatabus.sys < MD5 for: SCECLI.DLL > [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\SCECLI.DLL [2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\USER32.DLL [2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\USERINIT.EXE [2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\WINLOGON.EXE [2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\DRIVERS\WS2IFSL.SYS [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.10.21 19:18:23 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2005.12.28 16:35:43 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2005.12.28 16:35:42 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2005.12.28 16:35:42 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2009.03.08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 < End of report > Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.11.2010 21:48:49 - Run 1 OTL by OldTimer - Version Folder = C:\Dokumente und Einstellungen\Cold Turkey\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 23,33 Gb Free Space | 47,77% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 2,88 Gb Free Space | 7,37% Space Free | Partition Type: NTFS Drive E: | 137,48 Gb Total Space | 76,99 Gb Free Space | 56,00% Space Free | Partition Type: NTFS Drive G: | 39,06 Gb Total Space | 24,55 Gb Free Space | 62,85% Space Free | Partition Type: NTFS Drive H: | 219,96 Gb Total Space | 25,38 Gb Free Space | 11,54% Space Free | Partition Type: NTFS Computer Name: ZENTRALE | User Name: Cold Turkey | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-1417001333-725345543-1583954581-1003\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe" "%1" (ACD Systems Ltd.) Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [FinePix] -- "C:\Programme\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "26675:TCP" = 26675:TCP: Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\concept design\onlineTV 3\onlineTV.exe" = C:\Programme\concept design\onlineTV 3\onlineTV.exe:*:Enabled:onlineTV -- File not found "C:\Programme\concept design\onlineTV 4\onlineTV.exe" = C:\Programme\concept design\onlineTV 4\onlineTV.exe:*:Enabled:onlineTV -- File not found "C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe: RAPI Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe: Connection Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe: Application -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Programme\Orbitdownloader\orbitdm.exe" = C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Programme\Orbitdownloader\orbitnet.exe" = C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.2 "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17 "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{53E4E432-2884-40CE-BCAF-88D925A299A6}" = SYNC 'N' GO "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{71E42058-1C26-4B3B-ACEE-9583AD5F20B8}" = ACDSee Pro "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{788A9E76-1079-445D-B9A1-6DBB9420F7C3}" = Sony Ericsson PC Suite "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer "{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003 "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B093990A-AAF2-44AC-9216-14BB7A2189B6}" = ImageMixer VCD2 LE for FinePix "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B184A2F7-3EC8-4B86-8412-27E0D53BA535}" = Philips GoGear HDD Device Manager "{B2395631-54D5-481E-B9A8-74B269546F40}" = Visual C++ CRT 8.0 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007 "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE "{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "7-Zip" = 7-Zip 4.65 "8461-7759-5462-8226" = Vuze "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Ask Toolbar_is1" = Vuze Toolbar "AudioConSole" = Creative-Audiokonsole "Avira AntiVir Desktop" = Avira Premium Security Suite "Azureus" = Azureus "BitTorrent" = BitTorrent 4.2.2 "CanonMyPrinter" = Canon My Printer "CCleaner" = CCleaner "ClearProg" = ClearProg 1.6.1 Beta 3 "C-Media Audio Driver" = C-Media WDM Audio Driver "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "DriverAgent.exe" = DriverAgent by eSupport.com "DTS Console" = DTS Neo:6-Einstellungen "DynGate" = DynGate "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Google Updater" = Google Updater "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ImgBurn" = ImgBurn "InCD!UninstallKey" = InCD "InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime "InstallShield_{53E4E432-2884-40CE-BCAF-88D925A299A6}" = SYNC 'N' GO "InstallShield_{B184A2F7-3EC8-4B86-8412-27E0D53BA535}" = Philips GoGear HDD Device Manager "LIDL Fotoservice_is1" = LIDL Fotoservice "LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MKV Minimum Set (LD-Anime) - MatroskaSplitter & VSFilter_is1" = Matroska Pack - Lazy Man's MKV 0.9.9 "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "MPE" = MyPhoneExplorer "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSI Live Update 3" = MSI Live Update 3 "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "NeroVision!UninstallKey" = Nero Digital "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NMPUninstallKey" = Nero Media Player "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "Orbit_is1" = Orbit Downloader "PC Alert 4" = PC Alert 4 "PDF-XChange Lite 3_is1" = PDF-XChange Lite 3 "Picasa 3" = Picasa 3 "RealPlayer 12.0" = RealPlayer "Scrolling Countdown ScreenSaver_is1" = Scrolling Countdown ScreenSaver 2.2 "Security Task Manager" = Security Task Manager 1.6f "SLD Codec Pack" = SLD Codec Pack "SSC Service Utility_is1" = SSC Service Utility v4.30 "STRATO Outlook Sync" = STRATO Outlook Sync 8.2.7 "SystemRequirementsLab" = System Requirements Lab "TeamViewer 3" = TeamViewer 3 "TomTom HOME" = TomTom HOME "Update Service" = Update Service "VDOTool_is1" = VDOTool 4.6 "VLC media player" = VLC media player 1.1.4 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Web Album Generator_is1" = Web Album Generator 1.8.2 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WM Recorder 12.1" = WM Recorder 12.1 "WM Recorder 12.2" = WM Recorder 12.2 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XMedia Recode" = XMedia Recode "Zattoo" = Zattoo 3.3.4 Beta ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1417001333-725345543-1583954581-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 21.10.2010 23:51:40 | Computer Name = ZENTRALE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes Modul unknown, Version, Fehleradresse 0x0257a611. Error - 21.10.2010 23:55:26 | Computer Name = ZENTRALE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes Modul unknown, Version, Fehleradresse 0x0264a611. Error - 26.10.2010 12:24:10 | Computer Name = ZENTRALE | Source = ESENT | ID = 490 Description = svchost (1636) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\edb.chk" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error - 26.10.2010 12:24:10 | Computer Name = ZENTRALE | Source = ESENT | ID = 439 Description = Catalog Database (1636) Die Shadowkopfzeile für Datei C:\WINDOWS\system32\CatRoot2\edb.chk konnte nicht geschrieben werden. Fehler -1032. Error - 01.11.2010 08:57:20 | Computer Name = ZENTRALE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.8325.0, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 04.11.2010 12:26:10 | Computer Name = ZENTRALE | Source = Microsoft Office 11 | ID = 1000 Description = Faulting application outlook.exe, version 11.0.8325.0, stamp 4bf591af, faulting module outllib.dll, version 11.0.8325.0, stamp 4bf59129, debug? 0, fault address 0x0025b71e. Error - 04.11.2010 12:26:23 | Computer Name = ZENTRALE | Source = Microsoft Office 11 | ID = 2000 Description = Accepted Safe Mode action : Microsoft Office Outlook. Error - 12.11.2010 08:30:23 | Computer Name = ZENTRALE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes Modul mshtml.dll, Version 8.0.6001.18975, Fehleradresse 0x000a0e71. Error - 12.11.2010 08:31:18 | Computer Name = ZENTRALE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes Modul mshtml.dll, Version 8.0.6001.18975, Fehleradresse 0x0042e98d. Error - 12.11.2010 10:58:22 | Computer Name = ZENTRALE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung orbitdm.exe, Version, fehlgeschlagenes Modul softupdater.dll, Version, Fehleradresse 0x00043fca. [ System Events ] Error - 12.10.2010 12:49:12 | Computer Name = ZENTRALE | Source = Service Control Manager | ID = 7034 Description = Dienst "TomTomHOMEService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 12.10.2010 12:49:22 | Computer Name = ZENTRALE | Source = Service Control Manager | ID = 7034 Description = Dienst "InCD Helper" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 12.10.2010 12:49:26 | Computer Name = ZENTRALE | Source = Service Control Manager | ID = 7031 Description = Der Dienst "ASKUpgrade" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Starten Sie den Dienst neu.. Error - 14.10.2010 02:23:19 | Computer Name = ZENTRALE | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. Error - 29.10.2010 08:40:52 | Computer Name = ZENTRALE | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {204810B9-73B2-11D4-BF42-00B0D0118B56} < End of report > |
![]() | #3 |
| ![]() Gozi-Befall auf einem oder mehreren von 4 Rechnern. Rechner 2 (Windows XP Fernsehzimmer Partition Spielbank)
__________________OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.11.2010 22:11:43 - Run 1 OTL by OldTimer - Version Folder = C:\Dokumente und Einstellungen\Cold Turkey\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 39,06 Gb Total Space | 2,81 Gb Free Space | 7,19% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 24,55 Gb Free Space | 62,85% Space Free | Partition Type: NTFS Drive E: | 219,96 Gb Total Space | 25,38 Gb Free Space | 11,54% Space Free | Partition Type: NTFS Drive H: | 48,83 Gb Total Space | 23,35 Gb Free Space | 47,81% Space Free | Partition Type: NTFS Drive I: | 137,48 Gb Total Space | 76,99 Gb Free Space | 56,00% Space Free | Partition Type: NTFS Drive N: | 1,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: KALTERENTZUG | User Name: Cold Turkey | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.11.22 22:11:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\OTL.exe PRC - [2010.11.15 18:36:02 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.15 18:36:01 | 000,539,304 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2010.11.15 18:36:01 | 000,403,624 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2010.11.15 18:36:01 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2010.11.15 18:36:01 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.15 18:36:01 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.10.22 05:11:04 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.05.14 10:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.01.11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe PRC - [2007.10.10 19:35:06 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2006.11.03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MsMpEng.exe PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe PRC - [2006.08.11 14:56:02 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE ========== Modules (SafeList) ========== MOD - [2010.11.22 22:11:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\OTL.exe MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2006.08.11 14:56:02 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010.11.15 18:36:02 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.15 18:36:01 | 000,539,304 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2010.11.15 18:36:01 | 000,403,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2010.11.15 18:36:01 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2010.11.15 18:36:01 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2010.11.15 18:36:02 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.15 18:36:02 | 000,102,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot) DRV - [2010.11.15 18:36:02 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.22 07:23:22 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2010.10.22 05:11:47 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.10.22 05:11:45 | 000,079,432 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim) DRV - [2010.10.22 05:11:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.04.13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008.04.13 19:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi) DRV - [2007.03.27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2007.01.25 14:58:36 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2006.08.11 14:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2006.08.11 14:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2006.08.11 14:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k) DRV - [2006.08.11 14:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2006.08.11 14:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k) DRV - [2006.08.11 14:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2006.08.11 14:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2006.08.11 14:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2006.08.11 14:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2005.11.10 17:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2004.04.30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus) DRV - [2004.04.30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi) DRV - [2004.04.02 15:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2004.01.29 01:45:50 | 000,093,764 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-507921405-1606980848-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.n-tv.de/ IE - HKU\S-1-5-21-507921405-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "hxxp://de.search.yahoo.com/search?fr=ffsp1&p=" FF - prefs.js..browser.startup.homepage: "hxxp://n-tv.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=ffds1&p=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.16 17:09:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.11.16 17:09:32 | 000,000,000 | ---D | M] [2010.03.19 21:53:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla\Extensions [2009.06.21 12:07:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla\Firefox\Profiles\4klqi675.default\extensions [2010.11.22 18:03:48 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.10.22 05:26:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.22 05:11:36 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.22 05:11:36 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.22 05:11:36 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.22 05:11:36 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.22 05:11:36 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-507921405-1606980848-725345543-1003..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\.DEFAULT..\RunOnce: [scan_after_setup] c:\programme\avira\antivir desktop\avcenter.exe (Avira GmbH) O4 - HKU\S-1-5-18..\RunOnce: [scan_after_setup] c:\programme\avira\antivir desktop\avcenter.exe (Avira GmbH) O4 - HKLM..\RunServices: [Messenger Service] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistrytools = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-507921405-1606980848-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/ (System Requirements Lab Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169572871140 (WUWebControl Class) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.nvidia.com/content/DriverDownload/srl/ (Reg Error: Key error.) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/su/ocx/15028/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.01.23 17:23:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005.12.28 15:48:39 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005.05.23 00:22:41 | 001,187,840 | R--- | M] () - N:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2005.05.23 00:22:41 | 001,187,840 | R--- | M] () - N:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2005.05.23 00:22:40 | 000,000,043 | R--- | M] () - N:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: WinDefend - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: WinDefend - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax () Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll () Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point (55182706186649600) ========== Files/Folders - Created Within 30 Days ========== [2010.11.22 22:10:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\OTL.exe [2010.11.22 18:23:08 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Cold Turkey\Recent [2010.11.15 18:37:11 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.11.15 18:15:25 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Cold Turkey\IECompatCache [2010.11.12 15:22:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation [2010.11.12 15:21:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.11.12 15:20:32 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll [2010.11.12 15:20:31 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll [2010.11.12 15:20:31 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll [2010.11.12 15:20:29 | 013,012,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll [2010.11.12 15:19:51 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2010.11.12 15:19:14 | 000,000,000 | ---D | C] -- C:\NVIDIA [2007.03.12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2007.01.25 14:50:35 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys [2007.01.25 14:50:35 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys [2005.11.23 11:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.22 22:11:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\OTL.exe [2010.11.22 22:09:41 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010.11.22 22:07:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.11.22 22:05:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.11.22 18:25:11 | 000,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.11.22 18:25:11 | 000,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.11.22 18:25:11 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.11.22 18:25:11 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.11.22 18:25:11 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.11.22 18:25:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010.11.22 18:25:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010.11.22 18:23:51 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.CDF [2010.11.22 18:23:51 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.BAK [2010.11.15 18:36:02 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.11.15 18:36:02 | 000,102,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwot.sys [2010.11.15 18:36:02 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.11.12 15:20:50 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010.11.12 15:20:50 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2010.11.12 15:20:48 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010.11.12 15:20:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk [2010.11.12 15:10:56 | 000,316,594 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.11.12 15:10:56 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.11.12 15:10:56 | 000,048,156 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.11.12 15:10:56 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.11.12 14:08:48 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010.11.12 14:08:35 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.22 18:23:51 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.BAK [2010.11.12 15:20:50 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010.11.12 15:20:48 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010.11.12 15:20:48 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010.11.12 15:20:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk [2010.11.12 15:20:29 | 000,003,739 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb [2008.01.09 12:18:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007.12.11 20:43:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007.10.12 16:18:15 | 000,079,360 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.10.10 20:04:05 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007.10.10 20:04:05 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\PnkBstrK.sys [2007.10.10 20:03:28 | 000,000,308 | ---- | C] () -- C:\WINDOWS\game.ini [2007.01.25 15:32:39 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2007.01.25 15:32:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL [2007.01.25 15:32:39 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2007.01.25 14:58:36 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2007.01.23 17:59:17 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.01.23 17:11:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.08.11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL [2006.05.23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2005.06.16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [2004.12.14 12:04:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004.12.14 12:02:49 | 001,175,552 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2004.08.04 13:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2004.08.04 13:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2004.08.04 13:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2004.08.04 13:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2004.08.04 13:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2004.08.04 13:00:00 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys [2004.02.27 15:36:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2003.02.19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll ========== LOP Check ========== [2008.03.30 11:11:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2010.11.15 18:38:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Azureus [2008.05.01 08:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TeamViewer [2010.11.22 22:09:41 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.02.23 11:08:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Adobe [2010.10.22 05:29:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Avira [2010.11.15 18:38:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Azureus [2007.01.25 15:32:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Creative [2007.10.13 18:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\DivX [2008.08.12 14:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\dvdcss [2007.01.25 15:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Google [2007.01.23 17:30:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Identities [2007.10.10 20:14:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\InstallShield [2007.01.23 17:56:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Macromedia [2008.10.03 21:46:57 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Microsoft [2010.03.19 21:53:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla [2008.10.04 22:23:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\MSN6 [2007.10.10 20:30:28 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\SecuROM [2008.09.26 20:19:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Skype [2008.10.13 08:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Sun [2007.01.25 16:27:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\teamspeak2 [2008.05.01 08:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TeamViewer [2008.08.12 14:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\vlc < %APPDATA%\*.exe /s > [2009.10.11 15:27:07 | 007,154,255 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Azureus\plugins\azemp\azmplay.exe [2009.10.11 17:20:23 | 010,686,001 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Azureus\plugins\azump\mplayer.exe [2008.02.26 21:32:17 | 000,029,184 | R--- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Microsoft\Installer\{52C8FAA0-68CA-4AF9-8A7A-92CF3174CC77}\IconTmpl5.26D6FF13_F77C_402E_8E96_9E49DFBBAF31.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.11.01 15:23:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.11.01 15:23:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.11.01 15:23:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.11.01 15:23:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.04.13 19:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys [2007.01.25 14:58:36 | 000,639,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2007.01.23 18:09:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2007.01.23 18:09:11 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2007.01.23 18:09:10 | 000,454,656 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2009.03.08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll [2010.09.10 06:47:46 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll [7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.11.2010 22:11:43 - Run 1 OTL by OldTimer - Version Folder = C:\Dokumente und Einstellungen\Cold Turkey\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 39,06 Gb Total Space | 2,81 Gb Free Space | 7,19% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 24,55 Gb Free Space | 62,85% Space Free | Partition Type: NTFS Drive E: | 219,96 Gb Total Space | 25,38 Gb Free Space | 11,54% Space Free | Partition Type: NTFS Drive H: | 48,83 Gb Total Space | 23,35 Gb Free Space | 47,81% Space Free | Partition Type: NTFS Drive I: | 137,48 Gb Total Space | 76,99 Gb Free Space | 56,00% Space Free | Partition Type: NTFS Drive N: | 1,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: KALTERENTZUG | User Name: Cold Turkey | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found "C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\HLSW\hlsw.exe" = C:\Programme\HLSW\hlsw.exe:*:Enabled:hlsw -- (Stripf Software) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Programme\EA GAMES\Battlefield 2\BF2.exe" = C:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- File not found "C:\Programme\Steam\SteamApps\onlineterror\counter-strike source\hl2.exe" = C:\Programme\Steam\SteamApps\onlineterror\counter-strike source\hl2.exe:*:Enabled:hl2 -- () "C:\Programme\Steam\SteamApps\onlineterror\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\onlineterror\team fortress 2\hl2.exe:*:Enabled:hl2 -- () "C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic.exe" = C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic.exe:*:Enabled:WORLD IN CONFLICT -- (Massive Entertainment) "C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic_online.exe" = C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic_online.exe:*:Enabled:WORLD IN CONFLICT - Nur Online -- (Massive Entertainment) "C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic_ds.exe" = C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic_ds.exe:*:Enabled:WORLD IN CONFLICT - Dedizierter Server -- () "C:\Programme\Steam\steam.exe" = C:\Programme\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation) "E:\Programme\THQ\Company of Heroes\RelicCOH.exe" = E:\Programme\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:RelicCOH -- File not found "C:\Programme\Steam\SteamApps\common\eve online\bin\ExeFile.exe" = C:\Programme\Steam\SteamApps\common\eve online\bin\ExeFile.exe:*:Enabled:CCP ExeFile -- File not found "H:\Programme\Azureus\Azureus.exe" = H:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.) "D:\THQ\Company of Heroes\RelicCOH.exe" = D:\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:RelicCOH -- File not found "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Programme\Xfire\xfire.exe" = C:\Programme\Xfire\xfire.exe:*:Enabled:Xfire -- File not found "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found "C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52C8FAA0-68CA-4AF9-8A7A-92CF3174CC77}" = Windows Media Player 9 Series Winter Fun Pack "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = "{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AudioConSole" = Creative-Audiokonsole "Avira AntiVir Desktop" = Avira Premium Security Suite "CCleaner" = CCleaner "C-Media Audio Driver" = C-Media WDM Audio Driver "EPSON Printer and Utilities" = EPSON-Drucker-Software "getPlus(R)_ocx" = getPlus(R)_ocx "HLSW_is1" = HLSW v1.2.0.1 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{0C5D0DC4-F5D3-46F9-AE2E-E45C99B4A6B6}" = Enemy Territory - QUAKE Wars(TM) 1.1 Patch "InstallShield_{2EC66D1C-4AF5-4811-BEDE-849D90461AF5}" = Enemy Territory - QUAKE Wars(TM) 1.2 Patch "InstallShield_{BCA71D05-6BC9-4735-BA3F-7218EBE6A023}" = Enemy Territory - QUAKE Wars(TM) 1.4 Patch "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "Steam App 440" = Team Fortress 2 "SystemRequirementsLab" = System Requirements Lab "VLC media player" = VideoLAN VLC media player 0.8.6i "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR Archivierer "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XviD" = XviD MPEG-4 Codec ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-507921405-1606980848-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "World of Warcraft Trial" = World of Warcraft Trial ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 21.06.2009 07:28:03 | Computer Name = KALTERENTZUG | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung mercenaries2.exe, Version, fehlgeschlagenes Modul mercenaries2.exe, Version, Fehleradresse 0x0005b590. Error - 11.10.2009 03:39:02 | Computer Name = KALTERENTZUG | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 8024400e, P2 unspecified, P3 unspecified, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL. Error - 11.10.2009 10:27:55 | Computer Name = KALTERENTZUG | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung Azureus.exe, Version, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 19.03.2010 14:55:13 | Computer Name = KALTERENTZUG | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80244015, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL. Error - 19.03.2010 14:58:22 | Computer Name = KALTERENTZUG | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL. Error - 22.10.2010 00:20:56 | Computer Name = KALTERENTZUG | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 22.10.2010 00:20:56 | Computer Name = KALTERENTZUG | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.11.2010 10:17:59 | Computer Name = KALTERENTZUG | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.11.2010 10:17:59 | Computer Name = KALTERENTZUG | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 16.11.2010 12:09:15 | Computer Name = KALTERENTZUG | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung plugin-container.exe, Version, fehlgeschlagenes Modul xul.dll, Version, Fehleradresse 0x00440ce2. [ System Events ] Error - 19.03.2010 15:51:37 | Computer Name = KALTERENTZUG | Source = Windows Update Agent | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer*8 für Windows*XP Error - 22.10.2010 00:11:53 | Computer Name = KALTERENTZUG | Source = SideBySide | ID = 16842784 Description = Abhängige Assemblierung "Microsoft.VC90.CRT" konnte nicht gefunden werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer installiert. Error - 22.10.2010 00:11:53 | Computer Name = KALTERENTZUG | Source = SideBySide | ID = 16842811 Description = Resolve Partial Assembly ist für Microsoft.VC90.CRT fehlgeschlagen. Referenzfehlermeldung: Die referenzierte Assemblierung ist nicht auf dem Computer installiert. . Error - 22.10.2010 00:11:53 | Computer Name = KALTERENTZUG | Source = SideBySide | ID = 16842811 Description = Generate Activation Context ist für C:\DOKUME~1\COLDTU~1\LOKALE~1\Temp\avnwldrtemp\setup\redist.dll fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. . Error - 22.10.2010 00:16:40 | Computer Name = KALTERENTZUG | Source = Windows Update Agent | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer*8 für Windows*XP < End of report > Geändert von Uwe P. (22.11.2010 um 22:20 Uhr) |
![]() | #4 |
| ![]() Gozi-Befall auf einem oder mehreren von 4 Rechnern. Rechner 3 (Windows XP Keller AMD): OTL.Txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.11.2010 07:10:39 - Run 1 OTL by OldTimer - Version Folder = C:\Dokumente und Einstellungen\Uwe P\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 480,00 Mb Available Physical Memory | 47,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 22,86 Gb Total Space | 7,39 Gb Free Space | 32,31% Space Free | Partition Type: NTFS Drive D: | 109,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 58,59 Gb Total Space | 32,05 Gb Free Space | 54,70% Space Free | Partition Type: NTFS Drive F: | 37,93 Gb Total Space | 11,30 Gb Free Space | 29,78% Space Free | Partition Type: NTFS Drive J: | 272,60 Gb Total Space | 109,63 Gb Free Space | 40,22% Space Free | Partition Type: NTFS Computer Name: BUERO | User Name: Uwe P | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Uwe P\Desktop\OTL.exe (OldTimer Tools) PRC - e:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) PRC - e:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - e:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\WINDOWS\system32\slserv.exe (Smart Link) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - E:\Programme\Gigaset DECT\talk&surf_6_0\semon21.exe (Siemens AG) PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\WINDOWS\vsnpstd3.exe () PRC - E:\Programme\Gigaset DECT\talk&surf_6_0\xcontrolcom.exe (Siemens) PRC - C:\WINDOWS\system32\SerExt.exe (Siemens AG) PRC - E:\Programme\Gigaset DECT\capi\Tools\CALLTRAY.exe (EllSoft Software Development & Design ) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Uwe P\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\IJPLMSVC.EXE File not found SRV - (TomTomHOMEService) -- e:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirFirewallService) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link) SRV - (xControlCOM) -- E:\Programme\Gigaset DECT\talk&surf_6_0\xcontrolcom.exe (Siemens) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avfwot) -- C:\WINDOWS\system32\drivers\avfwot.sys (Avira GmbH) DRV - (avfwim) -- C:\WINDOWS\system32\drivers\avfwim.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation) DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (Gigusb) -- C:\WINDOWS\system32\drivers\Gigusb.sys (Siemens AG) DRV - (DectEnum) -- C:\WINDOWS\system32\drivers\DectEnum.sys (Siemens AG) DRV - (siellif) -- C:\WINDOWS\system32\drivers\siellif.sys (Siemens AG) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (IUAPIWDM) ISDN USB Interface (Ver. 1.20.0032) -- C:\WINDOWS\system32\drivers\IUAPIWDM.sys (SIEMENS AG) DRV - (HRCMPA) ISDN Wan driver (Ver. 1.20.0032) -- C:\WINDOWS\system32\drivers\hrcmpa.sys (SIEMENS AG) DRV - (NDISCAPI) -- C:\WINDOWS\system32\drivers\ndiscapi.sys (SIEMENS AG) DRV - (CAPI) -- C:\WINDOWS\system32\drivers\capi.sys (SIEMENS AG) DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link) DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link) DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link) DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link) DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link) DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link) DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link) DRV - (STIrUsb) -- C:\WINDOWS\system32\drivers\irstusb.sys (SigmaTel, Inc.) DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.) DRV - (VIAudio) VIA AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.) DRV - (rtl8180) -- C:\WINDOWS\system32\drivers\RTL8180.sys (Realtek Semiconductor Corporation ) DRV - (BrParWdm) Brother WDM-Treiber (parallel) -- C:\WINDOWS\system32\drivers\BrParwdm.sys (Brother Industries Ltd.) DRV - (brparimg) -- C:\WINDOWS\system32\drivers\BrParImg.sys (Brother Industries Ltd.) DRV - (BrSerWDM) Brother WDM-Treiber (seriell) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1708537768-706699826-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Nachrichten, aktuelle Schlagzeilen und Videos - n-tv.de IE - HKU\S-1-5-21-1708537768-706699826-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.05 10:44:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.11.05 07:47:10 | 000,000,000 | ---D | M] [2009.07.30 08:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Mozilla\Extensions [2009.07.30 08:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2010.11.17 09:43:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Mozilla\Firefox\Profiles\5k0t6z2u.default\extensions [2010.08.16 11:50:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Mozilla\Firefox\Profiles\5k0t6z2u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.17 09:43:41 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.05 10:19:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.04 11:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.05 07:50:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.17 07:31:31 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.17 07:31:32 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.17 07:31:32 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.17 07:31:33 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.17 07:31:33 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.05.13 17:26:41 | 000,239,031 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: 007guard.com - 007guard and Free Antivirus O1 - Hosts: 007guard.com O1 - Hosts: 008i.com O1 - Hosts: 008k.com O1 - Hosts: 008k.com O1 - Hosts: 00hq.com O1 - Hosts: 00hq.com O1 - Hosts: 010402.com O1 - Hosts: www.032439.com O1 - Hosts: 032439.com O1 - Hosts: 1001-search.info O1 - Hosts: 1001-search.info O1 - Hosts: www.100888290cs.com O1 - Hosts: 100888290cs.com O1 - Hosts: 100sexlinks.com O1 - Hosts: 100sexlinks.com O1 - Hosts: 10sek.com O1 - Hosts: 10sek.com O1 - Hosts: www.123topsearch.com O1 - Hosts: 123topsearch.com O1 - Hosts: 132??? O1 - Hosts: 132.com O1 - Hosts: Naruto Episode 130 | Toyota Auris | Cash Advance | Debt Consolidation | Insurance at 136136.net O1 - Hosts: 136136.net O1 - Hosts: 8359 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - e:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - e:\Programme\Tracker Software\PDF-XChange Lite 3\PDF-XChange PDF Viewer\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-1708537768-706699826-854245398-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [SerExt] C:\WINDOWS\System32\SerExt.exe (Siemens AG) O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-1708537768-706699826-854245398-1003..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1708537768-706699826-854245398-1003..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Uwe P\Startmenü\Programme\Autostart\CAPI - Monitor.lnk = E:\Programme\Gigaset DECT\capi\Tools\CALLTRAY.exe (EllSoft Software Development & Design ) O4 - Startup: C:\Dokumente und Einstellungen\Uwe P\Startmenü\Programme\Autostart\talk&surf 6.0 - Monitor.lnk = E:\Programme\Gigaset DECT\talk&surf_6_0\semon21.exe (Siemens AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1708537768-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download by Orbit - e:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - e:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Do&wnload selected by Orbit - e:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - e:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210707207913 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} Java Plug-in Technology (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Uwe P\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Uwe P\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.13 16:50:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.05.26 08:34:58 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{62ce1b70-a11a-11df-b847-00030d0333d9}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{62ce1b70-a11a-11df-b847-00030d0333d9}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{aeac31e0-7cda-11de-b62e-00030d0333d9}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Start.exe -- [2010.06.28 09:32:32 | 001,255,424 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - e:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - File not found SafeBootNet: nm.sys - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm () Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax () Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax () Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll () Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point (55182706186649600) ========== Files/Folders - Created Within 30 Days ========== [2010.11.23 07:09:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Uwe P\Desktop\OTL.exe [2010.11.21 10:58:19 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Uwe P\Recent [2010.11.15 08:23:24 | 000,000,000 | ---D | C] -- C:\Programme\MSECache [2010.11.05 10:21:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\vlc [2010.11.05 10:10:57 | 000,000,000 | ---D | C] -- C:\Programme\ATI [2010.11.05 08:41:24 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2010.11.05 08:25:21 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2010.11.05 08:03:19 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll [2010.11.05 07:50:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.11.05 07:50:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.11.05 07:50:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.11.05 07:43:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX [2010.11.05 07:38:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\ProgSense [2010.11.05 07:38:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Orbit [2010.11.03 15:54:28 | 000,000,000 | ---D | C] -- C:\ATI [2010.11.03 13:15:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ConSoft [2010.11.03 11:46:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Avira [2010.11.03 11:44:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.10.28 07:55:01 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll [2007.03.12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2005.11.23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [2004.11.24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.23 07:10:30 | 000,000,066 | ---- | M] () -- C:\WINDOWS\Wor.INI [2010.11.23 07:09:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Uwe P\Desktop\OTL.exe [2010.11.23 07:04:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.11.23 07:04:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.11.22 14:36:10 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.11.22 14:15:05 | 000,000,086 | ---- | M] () -- C:\WINDOWS\Wks.INI [2010.11.22 13:41:34 | 000,000,087 | ---- | M] () -- C:\WINDOWS\Was.INI [2010.11.19 13:29:07 | 000,000,249 | ---- | M] () -- C:\WINDOWS\KASSBUCH.INI [2010.11.19 07:57:55 | 000,000,719 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZVPlan.lnk [2010.11.15 13:00:46 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.11.10 14:46:27 | 000,072,150 | ---- | M] () -- C:\Dokumente und Einstellungen\Uwe P\Desktop\Schild Christoph1000x600.JPG [2010.11.10 10:47:00 | 000,068,585 | ---- | M] () -- C:\Dokumente und Einstellungen\Uwe P\Desktop\Uwe_1000x600.jpg [2010.11.10 08:49:55 | 000,521,186 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.11.10 08:49:55 | 000,497,104 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.11.10 08:49:55 | 000,102,328 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.11.10 08:49:55 | 000,085,396 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.11.09 08:54:05 | 000,000,068 | ---- | M] () -- C:\WINDOWS\Wis.INI [2010.11.03 18:50:35 | 000,000,051 | ---- | M] () -- C:\WINDOWS\Wds.INI [2010.10.27 16:19:33 | 000,038,466 | ---- | M] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.10 14:46:26 | 000,072,150 | ---- | C] () -- C:\Dokumente und Einstellungen\Uwe P\Desktop\Schild Christoph1000x600.JPG [2010.11.10 10:47:00 | 000,068,585 | ---- | C] () -- C:\Dokumente und Einstellungen\Uwe P\Desktop\Uwe_1000x600.jpg [2010.11.03 12:35:24 | 000,000,719 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZVPlan.lnk [2010.10.27 16:19:33 | 000,038,466 | ---- | C] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR [2010.10.18 13:17:18 | 000,159,200 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.10.13 16:14:22 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc [2010.02.04 07:04:32 | 000,000,039 | ---- | C] () -- C:\WINDOWS\eplan.ini [2009.12.29 11:47:49 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini [2009.09.23 07:03:09 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\bsrmgcv.dll [2009.09.23 07:03:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\bsrmgps.dll [2009.09.23 07:01:53 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll [2009.09.23 07:01:53 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll [2009.07.29 10:34:51 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\ComCenter.ini [2009.07.10 15:51:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI [2009.07.10 14:26:43 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2009.07.10 14:26:04 | 000,000,167 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini [2009.07.10 14:24:52 | 000,000,810 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2009.07.10 14:01:18 | 000,001,113 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log [2009.07.10 13:57:51 | 000,000,024 | ---- | C] () -- C:\WINDOWS\ComCenter.ini [2009.07.10 07:36:00 | 000,958,976 | ---- | C] () -- C:\WINDOWS\System32\iPostCtl.dll [2009.07.10 07:35:59 | 001,067,520 | ---- | C] () -- C:\WINDOWS\System32\iFolderCtrl.dll [2009.07.10 07:35:58 | 001,411,584 | ---- | C] () -- C:\WINDOWS\System32\iFaxCtrl.dll [2009.07.03 17:20:49 | 000,000,084 | ---- | C] () -- C:\WINDOWS\Wnz.INI [2009.06.24 12:07:03 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2009.06.16 06:46:37 | 000,000,004 | ---- | C] () -- C:\WINDOWS\SHISETUP.SYS [2009.03.09 14:00:20 | 000,000,032 | ---- | C] () -- C:\WINDOWS\azeugnis.INI [2008.12.25 11:33:29 | 000,025,692 | ---- | C] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Microsoft Excel.ADR [2008.12.25 10:32:22 | 000,022,085 | ---- | C] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tabulatorgetrennte Werte (Windows).ADR [2008.12.25 10:17:27 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008.12.23 17:09:57 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\$_hpcst$.hpc [2008.12.19 15:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008.12.17 17:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008.12.17 17:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008.12.17 17:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.12.17 17:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008.12.17 16:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008.12.12 09:02:50 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winchat.ini [2008.11.06 14:29:20 | 000,000,051 | ---- | C] () -- C:\WINDOWS\Wds.INI [2008.11.05 21:22:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2008.11.05 20:49:52 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI [2008.11.04 11:51:19 | 000,000,147 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini [2008.08.01 09:28:06 | 000,000,068 | ---- | C] () -- C:\WINDOWS\Wis.INI [2008.07.11 08:38:04 | 000,000,048 | ---- | C] () -- C:\WINDOWS\WPE.INI [2008.06.26 13:10:14 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Wsv.INI [2008.06.11 07:25:15 | 000,000,055 | ---- | C] () -- C:\WINDOWS\Wmv.INI [2008.06.05 05:38:41 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\gsbest32.dll [2008.05.26 06:50:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Waa.INI [2008.05.15 09:54:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll [2008.05.15 06:41:42 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Wor.INI [2008.05.15 06:24:12 | 000,041,984 | ---- | C] () -- C:\Dokumente und Einstellungen\Uwe P\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.15 05:19:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini [2008.05.14 17:42:30 | 000,000,027 | ---- | C] () -- C:\WINDOWS\Wop.INI [2008.05.14 16:22:13 | 000,000,087 | ---- | C] () -- C:\WINDOWS\Was.INI [2008.05.14 15:05:54 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Wks.INI [2008.05.14 13:14:43 | 000,020,560 | ---- | C] () -- C:\WINDOWS\System32\Msau200.dll [2008.05.14 13:14:43 | 000,000,249 | ---- | C] () -- C:\WINDOWS\KASSBUCH.INI [2008.05.14 13:12:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ZMIS.INI [2008.05.13 21:44:30 | 000,000,073 | ---- | C] () -- C:\WINDOWS\WSB.INI [2008.05.13 21:43:30 | 000,000,130 | ---- | C] () -- C:\WINDOWS\uno.ini [2008.05.13 20:30:45 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.05.13 17:29:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.10.27 08:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2004.10.03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2004.08.04 13:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2004.08.04 13:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2004.08.04 13:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2004.08.04 13:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2004.08.04 13:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2004.02.27 16:36:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001.07.07 02:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI ========== LOP Check ========== [2008.05.21 13:45:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2008.07.18 17:09:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo [2009.07.07 07:28:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2009.06.23 07:12:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM [2010.11.03 13:19:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ConSoft [2008.12.25 10:20:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2010.01.07 09:01:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2009.07.30 08:31:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2008.05.14 16:54:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Acronis [2010.01.28 09:47:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Ashampoo [2008.09.09 06:39:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\CD-LabelPrint [2009.08.06 07:18:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\ComCenter [2008.12.25 10:21:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\DAEMON Tools [2008.12.25 10:22:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\DAEMON Tools Lite [2008.12.25 10:21:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\DAEMON Tools Pro [2009.03.27 09:22:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Foxit [2010.01.06 07:06:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Foxit Software [2010.01.07 07:25:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Funambol [2010.11.10 12:34:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Image Zone Express [2008.05.13 18:52:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\MSNInstaller [2010.11.23 07:09:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Orbit [2010.11.05 07:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\ProgSense [2008.05.14 05:47:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Softland [2010.10.14 07:26:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\TeamViewer [2008.06.28 06:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Thunderbird [2009.07.30 08:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\TomTom [2009.06.26 08:26:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tracker Software ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.05.14 16:54:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Acronis [2008.05.14 15:19:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Adobe [2010.01.28 09:47:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Ashampoo [2009.06.24 11:55:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\ATI [2010.11.03 11:46:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Avira [2008.09.09 06:39:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\CD-LabelPrint [2009.08.06 07:18:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\ComCenter [2008.12.25 10:21:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\DAEMON Tools [2008.12.25 10:22:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\DAEMON Tools Lite [2008.12.25 10:21:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\DAEMON Tools Pro [2009.09.23 10:20:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\DivX [2009.03.27 09:22:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Foxit [2010.01.06 07:06:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Foxit Software [2010.01.07 07:25:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Funambol [2008.12.29 11:11:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Google [2008.09.25 11:17:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Help [2009.07.10 14:58:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\HP [2010.11.16 07:53:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\HpUpdate [2008.05.13 17:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Identities [2010.11.10 12:34:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Image Zone Express [2008.05.13 21:40:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\InstallShield [2008.05.13 19:35:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Macromedia [2009.12.29 13:53:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Malwarebytes [2009.07.23 08:32:02 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Microsoft [2008.12.15 10:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Mozilla [2008.05.13 18:52:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\MSNInstaller [2010.11.23 07:09:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Orbit [2010.11.05 07:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\ProgSense [2010.11.08 10:08:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Skype [2010.11.08 10:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\skypePM [2008.05.14 05:47:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Softland [2008.07.29 08:10:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Sun [2008.06.28 06:55:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Talkback [2010.10.14 07:26:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\TeamViewer [2008.06.28 06:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Thunderbird [2009.07.30 08:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\TomTom [2009.06.26 08:26:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tracker Software [2010.11.05 10:21:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\vlc [2008.07.12 10:58:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > [2009.01.13 13:03:42 | 000,049,334 | R--- | M] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Microsoft\Installer\{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}\_6F5BD9A189C47F56F83B7E.exe [2009.01.13 13:03:42 | 000,049,334 | R--- | M] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Microsoft\Installer\{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}\_6FEFF9B68218417F98F549.exe [2009.01.13 13:03:42 | 000,049,334 | R--- | M] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Microsoft\Installer\{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}\_C46CDCCA9E79F204FAD883.exe [2008.11.05 09:18:09 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Microsoft\Installer\{E0318E1F-A08A-47E8-9870-9C5B6EDEE7D4}\ARPPRODUCTICON.exe [2009.06.26 08:26:23 | 000,449,816 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate.exe [2009.06.26 09:20:24 | 000,449,816 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate[1].exe [2009.06.26 09:21:14 | 000,449,816 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate[2].exe [2009.06.26 09:24:39 | 000,449,816 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate[3].exe [2009.06.26 09:27:41 | 000,449,816 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate[4].exe [2009.12.15 14:14:30 | 000,450,328 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate[5].exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.05.13 19:28:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.05.13 19:28:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.05.13 19:28:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.05.13 19:28:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.12.25 10:17:27 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.05.13 18:26:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2008.05.13 18:26:57 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2008.05.13 18:26:57 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.02.25 22:42:32 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll [4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 < End of report > Extras.Txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.11.2010 07:10:39 - Run 1 OTL by OldTimer - Version Folder = C:\Dokumente und Einstellungen\Uwe P\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 480,00 Mb Available Physical Memory | 47,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 22,86 Gb Total Space | 7,39 Gb Free Space | 32,31% Space Free | Partition Type: NTFS Drive D: | 109,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 58,59 Gb Total Space | 32,05 Gb Free Space | 54,70% Space Free | Partition Type: NTFS Drive F: | 37,93 Gb Total Space | 11,30 Gb Free Space | 29,78% Space Free | Partition Type: NTFS Drive J: | 272,60 Gb Total Space | 109,63 Gb Free Space | 40,22% Space Free | Partition Type: NTFS Computer Name: BUERO | User Name: Uwe P | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP: Service "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP: Service "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe: RAPI Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe: Connection Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe: Application -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Dokumente und Einstellungen\Uwe P\temp\TeamViewer3\TeamViewer.exe" = C:\Dokumente und Einstellungen\Uwe P\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- File not found "C:\Programme\Java\jre1.6.0_07\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "E:\DOKUME~1\UWEP~1\LOKALE~1\Temp\Rar$EX00.546\GOstMSG.exe" = E:\DOKUME~1\UWEP~1\LOKALE~1\Temp\Rar$EX00.546\GOstMSG.exe:*:Enabled:GOstMSG -- File not found "E:\Programme\XAN ISDN-Anrufbeantworter\ABServer.exe" = E:\Programme\XAN ISDN-Anrufbeantworter\ABServer.exe:*:Enabled:ISDN-Anrufbeantworter 3 -- File not found "C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe: RAPI Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe: Connection Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe: Application -- (Microsoft Corporation) "E:\Programme\Zattoo\zattood.exe" = E:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- () "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "D:\setup\HPZNET01.EXE" = D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe -- File not found "D:\setup\HPONICIFS01.EXE" = D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe -- File not found "E:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = E:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.) "E:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = E:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.) "E:\Programme\HP\Digital Imaging\bin\hposid01.exe" = E:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.) "E:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = E:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.) "E:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = E:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard) "E:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = E:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "e:\Programme\Orbitdownloader\orbitdm.exe" = e:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "e:\Programme\Orbitdownloader\orbitnet.exe" = e:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0355CF40-97AF-9CDD-7282-BF151AEE724B}" = ccc-core-static "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan "{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}" = STRATO Backup Manager "{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB-IrDA Adapter "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series "{138BD312-3557-40F8-BC5E-6DFF00A6880D}" = BPDSoftware_Ini "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{17E81C48-407E-499f-A105-1B49ACDB9BA4}" = ProductContext "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2306AB02-DE01-1366-BCFF-41D1197CF42E}" = ccc-utility "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 22 "{2FAAECD0-1929-11DA-6784-006853A418BE}" = Arbeitszeugnis, Version 2.95 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AE80E7B-6633-4046-9C15-D3B281C4F73D}" = BPDSoftware "{4E203CAF-230D-5275-C15B-517273593359}" = Catalyst Control Center Core Implementation "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant "{53192FD8-AAE9-494F-B0E2-A48B287B4234}" = testo easyheat Software "{55C6E3F1-21B9-4D7A-98A6-B3E1671F9733}_is1" = Phonesuite ZTC B2 V1.0 "{5BFE01FF-189F-4b75-8FA8-9B7CD7F9C529}" = L7500 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6554815C-24E2-4B54-AE6D-E3BB0D824043}" = INFORM "{65EAB391-4B36-59AA-0336-D0C4BEB6CD2F}" = CCC Help English "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential "{69CA3A84-6CE4-41C3-9E5F-69135D18D751}" = Gigaset SX3x3isdn "{6DE9751D-3FFE-400E-8761-26A92DB734DE}" = BPD_HPSU "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7148F0A8-6813-11D6-A77B-00B0D0142150}" = Java 2 Runtime Environment, SE v1.4.2_15 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7729A02E-D1AD-4830-8FC5-11853500D90D}" = HP Officejet Pro All-In-One Series "{7E7C9FB7-711A-4FF0-B22F-42BD08652096}" = talk&surf 6.0 "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C045626-4496-4238-B3B8-394CC6D46427}" = 7500_7600_7700_Help "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{953F4AF6-25A4-2419-0A5D-FCA262FEF85E}" = Catalyst Control Center Graphics Full New "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A8FD4639-7171-4FAB-82F0-0CA7ED202C42}" = IN-FORM PRO PDA "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1 "{B98A55FE-758D-4828-D398-F7196D6D5DD3}" = ATI Catalyst Install Manager "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C6A83D5C-636B-83F9-CEA4-9E2A31C4F509}" = ccc-core-preinstall "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D48AD533-BAD5-469B-A9AA-272C6D80E70B}" = MPM "{D82702FE-3789-406A-8FC6-A26AA7E8700E}" = testo easyheat Software 2.6 "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp "{DCB7474F-F85C-2196-700A-C69692895D00}" = Catalyst Control Center Graphics Full Existing "{DF5F21A4-32FD-4A40-BEC0-7A147B7ED38C}" = talk&surf CAPI "{E0318E1F-A08A-47E8-9870-9C5B6EDEE7D4}" = Testo USB Driver "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{EA5D652F-EC02-D5E8-6887-CE9EE1C9846F}" = Skins "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F88E77C7-846D-73D9-7B33-0AF6A5F5FD1B}" = Catalyst Control Center Graphics Light "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations "{FE4A7D6F-4D22-4217-BB0E-511325F732A7}" = DanBasic III "16B48D4BB9529AABC1247A6C06EB862C17256DF0" = Windows-Treiberpaket - testo AG Testo Common USB Drivers (05/19/2006 2.00.00) "57DA365334747F9CE1355078E5BF605C810FD225" = Windows-Treiberpaket - testo AG Testo Common USB Drivers (05/19/2006 2.00.00) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010 "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira Premium Security Suite "BulentsScreenRecorder4" = BSR Screen Recorder 4 "CCleaner" = CCleaner "ClearProg" = ClearProg 1.6.1 Beta 3 "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "Foxit PDF Editor" = Foxit PDF Editor "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.08 "FTDICOMM" = Testo Common USB Drivers "HP Imaging Device Functions" = HP Imaging Device Functions 7.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0 "HPExtendedCapabilities" = HP Customer Participation Program 7.0 "HPOCR" = OCR Software by I.R.I.S 7.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "KASSBUCH" = PC-Kassenbuch Version 3.0 "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Orbit_is1" = Orbit Downloader "PDF-XChange Lite 3_is1" = PDF-XChange Lite 3 "Picasa 3" = Picasa 3 "PTS_GetSolar_is1" = PTS_GetSolar 1.0 "ROTEX Ersatzteile-Tool_is1" = Version 2.0 EK 09-2008 "STRATO Outlook Sync" = STRATO Outlook Sync 8.2.7 "TeamViewer 5" = TeamViewer 5 "TomTom HOME" = TomTom HOME "tpso-20081113095149" = JUNKERS Ersatzteilkatalog "VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program "VLC media player" = VLC media player 1.1.4 "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XP Codec Pack" = XP Codec Pack "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Zattoo" = Zattoo 3.3.4 Beta "ZVPLAN" = ZVPLAN 1.0.15 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 05.11.2010 06:33:58 | Computer Name = BUERO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung PhoneSuite.exe, Version, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 05.11.2010 06:36:17 | Computer Name = BUERO | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung calltray.exe, Version, fehlgeschlagenes Modul calltray.exe, Version, Fehleradresse 0x0000306a. Error - 08.11.2010 08:02:09 | Computer Name = BUERO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung gsauftrag.exe, Version, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 10.11.2010 04:13:41 | Computer Name = BUERO | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung calltray.exe, Version, fehlgeschlagenes Modul calltray.exe, Version, Fehleradresse 0x0000306a. Error - 11.11.2010 08:21:32 | Computer Name = BUERO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung Wpe.exe, Version 2009.5.0.8, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 16.11.2010 09:28:09 | Computer Name = BUERO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung Wpe.exe, Version 2009.5.0.8, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 18.11.2010 08:38:41 | Computer Name = BUERO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung gsauftrag.exe, Version, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 19.11.2010 04:59:20 | Computer Name = BUERO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung Wpe.exe, Version 2009.5.0.8, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 21.11.2010 05:50:32 | Computer Name = BUERO | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.8325.0, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 21.11.2010 05:58:39 | Computer Name = BUERO | Source = Microsoft Office 11 | ID = 2001 Description = Rejected Safe Mode action : Microsoft Office Outlook. [ System Events ] Error - 18.11.2010 08:28:26 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 19.11.2010 02:28:47 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 19.11.2010 03:04:37 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 19.11.2010 04:57:49 | Computer Name = BUERO | Source = Print | ID = 6161 Description = Das Dokument outbind://1-0000000050C5C85BCD464644A76E87676741C7BF24113100/, im Besitz von Uwe P, konnte nicht auf dem Drucker HP Officejet Pro L7500 Series gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes: 196608. Anzahl der gedruckten Bytes: 196608. Gesamtanzahl der Seiten des Dokuments: 2. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\BUERO. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: 0 (0x0). Error - 19.11.2010 07:13:35 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 21.11.2010 05:33:10 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 22.11.2010 02:00:38 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 22.11.2010 07:37:30 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 23.11.2010 01:53:40 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 23.11.2010 02:05:40 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 < End of report > |
![]() | #5 |
| ![]() Gozi-Befall auf einem oder mehreren von 4 Rechnern. Logfiles vom Rechner 4 sind zu lang. Link folgt. Geändert von Uwe P. (23.11.2010 um 08:02 Uhr) |
![]() | #6 |
| ![]() Gozi-Befall auf einem oder mehreren von 4 Rechnern. Rechner 4 (XP Keller Piii 500). Keine Ahnung, warum ich keine Direktlinks erstellen kann: www.trotzkoepp.de/img/extras.txt www.trotzkoepp.de/img/otl.txt Geändert von Uwe P. (23.11.2010 um 08:38 Uhr) |
![]() |
Themen zu Gozi-Befall auf einem oder mehreren von 4 Rechnern. |
0x00000001, 4d36e972-e325-11ce-bfc1-08002be10318, 7-zip, adblock, alternate, antivir, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, call of duty, canon, conduit, conhost.exe, corp./icp, desktop, downloader, entfernen, error, excel, excel.exe, fehler, firefox, firefox.exe, fontcache, frage, google, google chrome, home, home premium, iexplore.exe, install.exe, launch, location, locker, logfile, media center, mozilla, mywinlocker, nicht gefunden, nvlddmkm.sys, oldtimer, otl logfile, picasa, plug-in, programdata, programm, realtek, registry, richtlinie, saver, scan, sched.exe, schädling, searchplugins, security, skype.exe, software, sptd.sys, studio, taskhost.exe, teamspeak, visual studio, vlc media player, webcheck, windows, wrapper |