| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner TR/ATRAPS.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.01.2011, 19:47
| #1 |
 |  Trojaner TR/ATRAPS.Gen Hi, ich bekomme seit gerade ständig von AntiVir o.g. Trojaner angezeigt. Immer wenn ich eine neue Internetseite aufrufe z.B. Was soll ich tun?  Hoffe auf schnelle Hilfe, Marcel Kann mir niemand helfen? Der Fund wird bestimmt 10 Mal hintereinander angezeigt, geht dann weg, aber sobald ich wieder eine neue Seite aufrufe erscheint er wieder. Was muss ich machen, um den wieder los zu werden? |
|
30.01.2011, 21:18
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner TR/ATRAPS.Gen Poste alle relevanten Logs von AntiVir.
__________________
__________________ |
|
30.01.2011, 21:29
| #3 |
| | Trojaner TR/ATRAPS.Gen HiJackthis Logfile:
__________________Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:56:07, on 30.01.2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Programme\Avira\AntiVir Desktop\sched.exe D:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Google\Update\GoogleUpdate.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe D:\Programme\CursorXP\CursorXP.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Administrator\Desktop\Downloads\HiJa ckThis204.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Mozilla Firefox\plugin-container.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = QIP.RU: ?????, ?????, ???????, ??????????, ???? ? ??????????? R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = QIP: ????? ? ????????? R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = QIP: ????? ? ????????? R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = QIP: ????? ? ????????? R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = QIP: ????? ? ????????? R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Micros oft\Internet Explorer\qipsearchbar.dll R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: (no name) - - (no file) F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Micros oft\Internet Explorer\qipsearchbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309 .3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [razertra] d:\Programme\Razer\razertra.exe O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [userMobileusb] rundll32.exe "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\CatDBnet90\userMobil eusb.dll",usrGLclass DirectCommonLite O4 - HKCU\..\Run: [CursorXP] D:\Programme\CursorXP\CursorXP.exe O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVid eoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - hxxp://support.microsoft.com/default...;EN-US;KBHOWTO (file missing) O9 - Extra 'Tools' menuitem: Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - hxxp://support.microsoft.com/default...;EN-US;KBHOWTO (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O15 - Trusted Zone: *.line6.net O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programme\Monopoly\Images\stg_drm.ocx O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - hxxp://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - hxxp://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/DE-DE/.../GAME_UNO1.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - hxxp://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programme\Monopoly\Images\armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - hxxp://messenger.zone.msn.com/binary...r.cab56986.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 8020 bytes |
|
30.01.2011, 21:36
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/ATRAPS.Gen Hijackthis interessiert micht nicht.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.01.2011, 21:39
| #5 |
| | Trojaner TR/ATRAPS.Gen Sorry, das tut mir leid. Wie bekomme ich denn den Log aus AntiVir? |
|
30.01.2011, 21:40
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/ATRAPS.Gen Aus dem Programm heraus unter Berichte.
__________________ --> Trojaner TR/ATRAPS.Gen |
|
30.01.2011, 21:42
| #7 |
| | Trojaner TR/ATRAPS.Gen Da stehen nur die Updates, und der Scan vom 07.01.. Muss ich also erstmal einen kompletten Scan durchführen? Geändert von Marcel121 (30.01.2011 um 22:32 Uhr) |
|
31.01.2011, 10:35
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/ATRAPS.Gen Schau doch bitte einfach mal alles durch! Was steht bei Ereignisse? Irgendwo müssen die Logs da sein!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2011, 16:28
| #9 | |
| | Trojaner TR/ATRAPS.Gen So, habe vorhin einen AntiVir Scan im abgesichterten Modus gemacht. Er hatte 2 Funde, welche ich dann am Ende "repariert" habe - nun wird die "Fundmeldung" nicht mehr bei jedem Seitenwechsel, also gar nicht mehr angezeigt. Hier der zugehörige Log: Zitat:
|
|
31.01.2011, 19:07
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/ATRAPS.Gen Sieht eher halb so wild aus. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2011, 20:27
| #11 | |
| | Trojaner TR/ATRAPS.Gen Hier die Logs: Zitat:
Code:
ATTFilter OTL logfile created on: 31.01.2011 20:20:39 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 579,00 Mb Available Physical Memory | 57,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19,53 Gb Total Space | 7,80 Gb Free Space | 39,96% Space Free | Partition Type: NTFS Drive D: | 57,15 Gb Total Space | 24,05 Gb Free Space | 42,09% Space Free | Partition Type: NTFS Computer Name: WINDOWSPC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software) PRC - D:\Programme\CursorXP\CursorXP.exe ( ) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (C-Media Electronics, Inc.)) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) MOD - D:\Programme\CursorXP\CurXP0.dll ( ) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (StarWindService) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software) SRV - (WmcCds) Windows Media Connect (WMC) -- c:\Programme\Windows Media Connect\mswmccds.exe (Microsoft Corporation) SRV - (WmcCdsLs) -- C:\Programme\Windows Media Connect\mswmcls.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (avgio) -- D:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (vaxscsi) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys () DRV - (SynasUSB) -- C:\WINDOWS\system32\drivers\synasUSB.sys (SIA Syncrosoft) DRV - (CLEDX) -- C:\WINDOWS\system32\drivers\cledx.sys (Team H2O) DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.) DRV - (nvmpu401) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvmpu401.sys (NVIDIA Corporation) DRV - (ViaIde) -- C:\WINDOWS\system32\DRIVERS\viaidexp.sys (VIA Technologies, Inc.) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (PRISM_USB) -- C:\WINDOWS\system32\drivers\PRISMUSB.sys (Intersil Americas Inc.) DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = QIP.RU: ?????, ?????, ???????, ??????????, ???? ? ??????????? IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "QIP Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.gmx.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.24 10:19:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.13 14:25:16 | 000,000,000 | ---D | M] [2008.08.28 16:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2011.01.30 21:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ryeahwqi.default\extensions [2010.06.07 14:08:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ryeahwqi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.25 12:05:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ryeahwqi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.01.30 21:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.12.04 12:02:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010.03.11 22:48:09 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.11 22:48:09 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.11 22:48:09 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.11 22:48:09 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.11 22:48:09 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.01.07 10:47:57 | 000,428,597 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 unzip vim 1000 zip files at 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14756 more lines... O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (C-Media Electronics, Inc.)) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [razertra] d:\Programme\Razer\razertra.exe (Razer Inc.) O4 - HKCU..\Run: [CursorXP] D:\Programme\CursorXP\CursorXP.exe ( ) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - File not found O9 - Extra 'Tools' menuitem : Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - File not found O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.) O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: line6.net ([]* in Vertrauenswürdige Sites) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Programme\Monopoly\Images\stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_03-win.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Programme\Monopoly\Images\armhelper.ocx (ArmHelper Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.07.08 10:46:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\Shell - "" = AutoRun O33 - MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\Shell\AutoRun\command - "" = G:\Autorun.exe O33 - MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\Shell - "" = AutoRun O33 - MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\Shell\AutoRun\command - "" = G:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.31 20:19:31 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2011.01.31 19:20:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2011.01.31 19:20:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.01.31 19:20:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.01.31 19:20:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.01.31 19:20:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.01.31 18:13:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira [2011.01.31 17:28:23 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent [2011.01.31 17:03:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Free Registry Cleaner [2011.01.30 11:33:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Bio [2011.01.23 22:30:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011.01.23 22:26:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org [2011.01.23 22:26:08 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\OpenOffice.org 3.2 [2011.01.23 22:21:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.07 10:38:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2011.01.07 10:04:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2008.07.06 20:17:11 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.sys [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.31 20:19:32 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2011.01.31 20:16:28 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011.01.31 20:16:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.01.31 20:16:07 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys [2011.01.31 17:13:06 | 000,005,462 | ---- | M] () -- D:\Eigene Dateien\cc_20110131_171303.reg [2011.01.30 22:05:29 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.01.30 20:38:38 | 000,007,490 | ---- | M] () -- D:\Eigene Dateien\cc_20110130_203836.reg [2011.01.30 09:26:24 | 000,001,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Weight.rtf [2011.01.29 10:29:59 | 000,008,305 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Easy Rider.odt [2011.01.25 12:50:58 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.01.24 12:14:44 | 001,464,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.01.23 11:16:00 | 000,000,617 | ---- | M] () -- D:\Eigene Dateien\pop.gmx.net.iaf [2011.01.15 21:18:48 | 000,000,532 | ---- | M] () -- D:\Eigene Dateien\cc_20110115_211847.reg [2011.01.15 21:18:37 | 000,000,684 | ---- | M] () -- D:\Eigene Dateien\cc_20110115_211833.reg [2011.01.15 21:18:23 | 000,022,182 | ---- | M] () -- D:\Eigene Dateien\cc_20110115_211813.reg [2011.01.13 16:24:19 | 000,000,417 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\1234.rtf [2011.01.07 10:47:57 | 000,428,597 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011.01.07 10:17:39 | 000,236,374 | ---- | M] () -- D:\Eigene Dateien\cc_20110107_101719.reg [2011.01.07 10:15:28 | 000,000,561 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.31 17:13:05 | 000,005,462 | ---- | C] () -- D:\Eigene Dateien\cc_20110131_171303.reg [2011.01.31 16:23:19 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys [2011.01.30 20:38:37 | 000,007,490 | ---- | C] () -- D:\Eigene Dateien\cc_20110130_203836.reg [2011.01.23 11:16:00 | 000,000,617 | ---- | C] () -- D:\Eigene Dateien\pop.gmx.net.iaf [2011.01.15 21:18:47 | 000,000,532 | ---- | C] () -- D:\Eigene Dateien\cc_20110115_211847.reg [2011.01.15 21:18:36 | 000,000,684 | ---- | C] () -- D:\Eigene Dateien\cc_20110115_211833.reg [2011.01.15 21:18:16 | 000,022,182 | ---- | C] () -- D:\Eigene Dateien\cc_20110115_211813.reg [2011.01.12 13:58:18 | 000,000,417 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\1234.rtf [2011.01.11 13:45:19 | 000,008,305 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Easy Rider.odt [2011.01.07 10:17:22 | 000,236,374 | ---- | C] () -- D:\Eigene Dateien\cc_20110107_101719.reg [2010.08.16 15:16:54 | 000,598,016 | ---- | C] () -- C:\WINDOWS\System32\viscomqtde.dll [2010.07.31 17:10:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.07.31 17:10:00 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010.01.21 19:42:14 | 000,000,022 | ---- | C] () -- C:\WINDOWS\CMAURACK.INI [2010.01.21 19:42:05 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2010.01.21 17:50:58 | 000,000,036 | ---- | C] () -- C:\WINDOWS\CMMPLAY.INI [2009.09.05 16:59:19 | 000,076,407 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Smiley.ico [2009.04.02 18:38:48 | 000,000,000 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dip.ini [2009.01.02 01:32:04 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008.10.31 15:32:00 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI [2008.10.31 15:30:19 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll [2008.10.31 15:29:07 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2008.10.31 15:28:24 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2008.07.29 12:47:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odbcddp.ini [2008.07.22 22:55:56 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2008.07.06 20:20:11 | 000,000,668 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vso_ts_preview.xml [2008.07.06 20:19:57 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\inst.exe [2008.07.06 20:17:17 | 000,000,034 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.log [2008.07.06 20:17:11 | 000,081,920 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ezpinst.exe [2008.07.06 20:17:11 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.cat [2008.07.06 20:17:11 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.inf [2008.06.14 13:25:03 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll [2008.06.14 13:25:02 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2007.12.03 20:44:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2007.11.20 20:20:32 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007.09.20 11:27:16 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2007.09.20 11:27:16 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll [2007.09.20 11:27:16 | 000,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007.09.20 11:27:16 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2007.09.20 11:27:16 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2007.09.20 11:27:16 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll [2007.09.20 11:27:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll [2007.09.20 11:27:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2007.09.20 11:27:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll [2007.09.20 11:27:16 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2007.09.20 11:27:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2007.09.20 11:27:16 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll [2007.09.20 11:27:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2007.09.20 11:27:16 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll [2007.09.20 11:27:16 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll [2007.09.20 11:27:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll [2007.09.20 11:27:16 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll [2007.09.20 11:27:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2007.09.20 11:27:16 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007.09.08 14:02:58 | 000,000,730 | ---- | C] () -- C:\WINDOWS\KLETT.INI [2007.09.08 14:02:54 | 000,005,557 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.08.25 09:02:01 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2007.07.29 13:45:47 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc [2007.07.18 19:19:42 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.07.16 18:48:56 | 000,057,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.07.16 18:30:49 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini [2007.07.11 13:31:55 | 000,000,107 | ---- | C] () -- C:\WINDOWS\CMSurround.ini [2007.07.09 12:05:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.07.09 11:59:54 | 000,000,140 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI [2007.07.09 11:38:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2007.07.09 11:37:07 | 000,028,145 | ---- | C] () -- C:\WINDOWS\cmijack.ini [2007.07.09 11:37:06 | 000,017,824 | ---- | C] () -- C:\WINDOWS\cmaudio.ini [2007.07.09 11:31:23 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2007.07.09 10:11:44 | 000,000,411 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2007.07.09 10:05:51 | 000,002,399 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2007.07.09 10:05:50 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007.07.08 12:58:26 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.07.08 12:53:48 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys [2007.07.08 12:52:42 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2007.07.08 11:38:32 | 000,004,429 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007.07.08 10:53:11 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2004.11.11 13:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004.11.11 13:00:00 | 000,028,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 96 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CE2C623F @Alternate Data Stream - 157 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:517B507A @Alternate Data Stream - 133 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:96EE29A3 @Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:52B72A7C < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.01.2011 20:20:39 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 579,00 Mb Available Physical Memory | 57,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19,53 Gb Total Space | 7,80 Gb Free Space | 39,96% Space Free | Partition Type: NTFS
Drive D: | 57,15 Gb Total Space | 24,05 Gb Free Space | 42,09% Space Free | Partition Type: NTFS
Computer Name: WINDOWSPC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\Azureus\Azureus.exe" = D:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"D:\Programme\ICQLite\ICQLite.exe" = D:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- (ICQ Ltd.)
"C:\Programme\Azureus\Azureus.exe" = C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"D:\Program Files\Ubi Soft\Racing Simulation 3\RS3.exe" = D:\Program Files\Ubi Soft\Racing Simulation 3\RS3.exe:*:Enabled:Racing Simulation 3 -- (Ubi Soft)
"D:\Programme\SopCast\SopCast.exe" = D:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (SopCast - Free P2P internet TV | live football, NBA, cricket)
"D:\Programme\SopCast\adv\SopAdver.exe" = D:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (SopCast - Free P2P internet TV | live football, NBA, cricket)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2D7F824B-6744-4C30-B78B-0966E9BD461D}" = KalOnlineEng
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{85C6CE1E-2A22-4C5A-A8A1-9DBFBEA81DE1}" = Razer
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AF6ECA04-F2CC-11D3-9D68-0020781864F1}" = International CueClub
"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3D7915D-6B42-49FA-9FC8-5020479A6A57}" = Nero Reloaded PlugIn Pack 2.0.4 by GEAR
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = YXT PC Camera
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"8461-7759-5462-8226" = Vuze
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"CCleaner" = CCleaner
"CursorXP" = CursorXP
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Updater" = Google Updater
"Guitar Pro 5_is1" = Guitar Pro 5.2
"ICQLite" = ICQ 5.1
"JRE 1.3.1_03" = Java 2 Runtime Environment Standard Edition v1.3.1_03
"KaloMa_is1" = KaloMa 4.9
"Live 7.0.10" = Live 7.0.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Moorhuhn 2 V1.1" = Moorhuhn 2 V1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nero 6.x Audio + Video Plugins1.0.0.0" = Nero 6.x Audio + Video Plugins
"NeroVision!UninstallKey" = Nero Digital
"NMPUninstallKey" = Nero Media Player
"NVIDIA Drivers" = NVIDIA Drivers
"PCI Audio Applications" = PCI Audio Applications
"PCI Audio Driver" = PCI Audio Driver
"Racing Simulation 3" = Racing Simulation 3
"SopCast" = SopCast 3.0.3
"Steinberg Groove Agent 2" = Steinberg Groove Agent 2
"Steinberg Groove Agent 2 v2.0.0.28" = Steinberg Groove Agent 2 v2.0.0.28
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"Windows Media Connect" = Windows Media Connect
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.01.2011 17:24:51 | Computer Name = WINDOWSPC | Source = MsiInstaller | ID = 10005
Description = Produkt: OpenOffice.org 3.2 -- Interner Fehler 2908. {1D8C55E1-83AA-4D88-4822-E7598EA5F941}
Error - 23.01.2011 17:24:51 | Computer Name = WINDOWSPC | Source = MsiInstaller | ID = 10005
Description = Produkt: OpenOffice.org 3.2 -- Interner Fehler 2908. {0864C925-A784-D87B-D2E9-BE427AA6C847}
Error - 23.01.2011 17:24:51 | Computer Name = WINDOWSPC | Source = MsiInstaller | ID = 10005
Description = Produkt: OpenOffice.org 3.2 -- Interner Fehler 2908. {27F681E6-5E5C-482A-AE9D-3116DB2047DE}
Error - 23.01.2011 17:24:51 | Computer Name = WINDOWSPC | Source = MsiInstaller | ID = 10005
Description = Produkt: OpenOffice.org 3.2 -- Interner Fehler 2908. {958A864F-26EB-FF0F-5C3B-1CB9200EF704}
Error - 23.01.2011 17:24:51 | Computer Name = WINDOWSPC | Source = MsiInstaller | ID = 10005
Description = Produkt: OpenOffice.org 3.2 -- Interner Fehler 2908. {11DF34EE-1B53-6136-262A-87B6DC1F34D3}
Error - 23.01.2011 17:24:51 | Computer Name = WINDOWSPC | Source = MsiInstaller | ID = 10005
Description = Produkt: OpenOffice.org 3.2 -- Interner Fehler 2908. {F5BF468E-7F6E-0DC8-B099-D72FEC088E86}
Error - 23.01.2011 17:24:51 | Computer Name = WINDOWSPC | Source = MsiInstaller | ID = 10005
Description = Produkt: OpenOffice.org 3.2 -- Interner Fehler 2908. {13B498DE-91CE-AC27-66E8-4266DEFFB71C}
Error - 23.01.2011 17:24:51 | Computer Name = WINDOWSPC | Source = MsiInstaller | ID = 10005
Description = Produkt: OpenOffice.org 3.2 -- Interner Fehler 2908. {6954DC4F-9E06-34A5-C071-C9F9827A6384}
Error - 31.01.2011 12:14:10 | Computer Name = WINDOWSPC | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 31.01.2011 12:14:10 | Computer Name = WINDOWSPC | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
[ System Events ]
Error - 31.01.2011 11:22:40 | Computer Name = WINDOWSPC | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 31.01.2011 11:24:20 | Computer Name = WINDOWSPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nsynas32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 31.01.2011 13:11:31 | Computer Name = WINDOWSPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nsynas32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 31.01.2011 13:13:05 | Computer Name = WINDOWSPC | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: L2 -> L1
Error - 31.01.2011 13:13:05 | Computer Name = WINDOWSPC | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: L1 -> L0
Error - 31.01.2011 13:49:49 | Computer Name = WINDOWSPC | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: L2 -> L1
Error - 31.01.2011 13:49:49 | Computer Name = WINDOWSPC | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: L1 -> L0
Error - 31.01.2011 14:44:25 | Computer Name = WINDOWSPC | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: L2 -> L1
Error - 31.01.2011 14:44:25 | Computer Name = WINDOWSPC | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: L1 -> L0
Error - 31.01.2011 15:16:45 | Computer Name = WINDOWSPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nsynas32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
|
|
31.01.2011, 21:19
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/ATRAPS.Gen Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O33 - MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\Shell - "" = AutoRun
O33 - MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\Shell - "" = AutoRun
O33 - MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\Shell\AutoRun\command - "" = G:\Autorun.exe
@Alternate Data Stream - 96 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CE2C623F
@Alternate Data Stream - 157 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:517B507A
@Alternate Data Stream - 133 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:96EE29A3
@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:52B72A7C
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.02.2011, 13:55
| #13 |
| | Trojaner TR/ATRAPS.Gen Habe das mit dem Kopieren und dem Fix gemacht, aber leider vergessen das Logfile zu kopieren. Und nun? Edit: Was mir spontan aufällt ist, dass jetzt aufeinmal Dokumente auf dem Desktop mit Dateiendung angezeigt werden.  Geändert von Marcel121 (01.02.2011 um 14:11 Uhr) |
|
01.02.2011, 14:11
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/ATRAPS.Gen Schau in den Ordner C:\_OTL bitte nach
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.02.2011, 14:12
| #15 |
| | Trojaner TR/ATRAPS.Gen ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4aa0d180-3253-11dc-8471-000d88746eb8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4aa0d180-3253-11dc-8471-000d88746eb8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4aa0d180-3253-11dc-8471-000d88746eb8}\ not found. File G:\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89a9707c-c10b-11dc-85f2-000d88746eb8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89a9707c-c10b-11dc-85f2-000d88746eb8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89a9707c-c10b-11dc-85f2-000d88746eb8}\ not found. File G:\Autorun.exe not found. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CE2C623F deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:517B507A deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:96EE29A3 deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:52B72A7C deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 26734885 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 117248244 bytes ->Flash cache emptied: 48832 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41044 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1250472 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1640091 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 140,00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02012011_134441 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
| Themen zu Trojaner TR/ATRAPS.Gen |
| antivir, aufrufe, inter, interne, internetseite, neue, neue seite, schnelle, schnelle hilfe, seite, tr/atraps.gen, troja, trojaner, trojaner tr/atraps.gen |
Linear-Darstellung
