|
Plagegeister aller Art und deren Bekämpfung: Deutsche Bank Trojaner, TAN AbfrageWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.03.2011, 11:18 | #1 |
| Deutsche Bank Trojaner, TAN Abfrage Hallöle liebes Board, zuerst war ich mir unsicher ob ich ein neuen Thread erstellen soll, aber nach Lesen der Regeln war ich mir dann endgültig sicher ;-) Nun zu meinem (für euch altbekanntes) Problem: Sobald ich mich in meinem Konto bei der Deutschen Bank einlogge, entsteht ein Pop Up welches mich nach ca. 20 TAN Nummern fragt. Hab sofort mein HijackThis angeworfen und 21 schädliche Programme bereinigt(ja schon lange nicht mehr gemacht) Dann war alles super, bis heute morgen, also nach dem Neustart. Selbes Problem wie gestern Abend mit dem TAN Pop Up, also wieder HijackThis angeworfen und kräftig gesucht. Dabei ist mir eine Anwendung ins Auge gefallen, die manchmal da ist manchmal nicht: romet/ipot.exe in den Anwendungsdatenordner auf meinem Benutzer (die exe hab ich jedoch bis heute noch nicht gefunden) Nunja, auch nach mehrmaligen löschen durch HijackThis ist sie immer wieder aufgetaucht. Ist nur eine Theorie und deswegn bin ich ja hier =) Ist das Problem zu lösen, ohne Windows neu aufzusetzen? Evtl. mit einer älteren angelegten Sicherungsdatei? Bzw: Wiederherstellungspunkt? Vielen Dank schon mal im voraus ;-) |
23.03.2011, 13:07 | #2 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank Trojaner, TAN Abfrage Hallo und
__________________Zitat:
Ich hab außerdem den Eindruck, dass du nur auf Basis der automatischen Auswertung Einträge gefixt hast. Davor kann man nur ausdrücklich warnen, weil die nicht perfekt arbeitet! Die zeigt u.U. auch durch gewollte und tw. auch wichtige Einträge als böse an. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
24.03.2011, 11:35 | #3 |
| Deutsche Bank Trojaner, TAN Abfrage Vielen Dank erst einmal für die schnelle Hilfe ;-)
__________________Muss die Woche leider doof schaffen, deswegen dauern meine Antworten ein wenig. Also hier erst mal Malware Log: Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 24.03.2011 11:36:57 mbam-log-2011-03-24 (11-36-57).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 429163 Laufzeit: 2 Stunde(n), 37 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 9 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 8 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{9E89BE54-4D06-2B62-8D57-1DB9C1BB9357} (Trojan.FakeAlert) -> Value: {9E89BE54-4D06-2B62-8D57-1DB9C1BB9357} -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\programme\VVSN (Adware.WhenU) -> Quarantined and deleted successfully. Infizierte Dateien: c:\dokumente und einstellungen\Hoasii\anwendungsdaten\Romet\ipot.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\Hoasii\anwendungsdaten\thinstall\{e9f81423-211e-46b6-9ae0-38568bc5cf6f}\1000000ca00002h\mmc.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\Hoasii\anwendungsdaten\thinstall\{e9f81423-211e-46b6-9ae0-38568bc5cf6f}\40000060300002h\_Alcohol.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\Hoasii\lokale einstellungen\anwendungsdaten\thinstall\Cache\Stubs\6f4861aa4d89b192f78e73a03da9047ee557771\splash screen.exe (Trojan.Backdoor) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\Hoasii\lokale einstellungen\anwendungsdaten\thinstall\Cache\Stubs\92e2e951ff7a7c74cdb9c868be6d782ee5fe5\cancelautoplay.exe (Trojan.Backdoor) -> Quarantined and deleted successfully. c:\programme\gemeinsame dateien\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. c:\system volume information\_restore{a28382b3-ab03-4f98-af46-4705592a3f35}\RP135\A0053169.old (Adware.WidgiToolbar) -> Quarantined and deleted successfully. c:\programme\icqtoolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully. Der Log von OTL wird wohl bis heute abend oder morgen früh dauern, denn ich muss gleich wieder weg, schmeiß OTL aber sofort an ;-) EDIT: Also mein Online Banking sieht wieder normal aus :-)--> OTL folgt trotzdem Geändert von SlapVanilla (24.03.2011 um 11:46 Uhr) |
24.03.2011, 12:18 | #4 |
| Deutsche Bank Trojaner, TAN Abfrage Naja ging dann doch schneller ;-) Code:
ATTFilter < End of report > Code:
ATTFilter OTL logfile created on: 24.03.2011 12:01:41 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 474,00 Mb Available Physical Memory | 46,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 186,30 Gb Total Space | 29,09 Gb Free Space | 15,61% Space Free | Partition Type: NTFS Drive E: | 1,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PHIL | User Name: Hoasii | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtblfs.exe (Kaspersky Lab) PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.) PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Programme\ScanSoft\OmniPageSE4\OpHookSE4.dll (Nuance Communications, Inc.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab) DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (s3117obex) -- C:\WINDOWS\system32\drivers\s3117obex.sys (MCCI Corporation) DRV - (s3117mdfl) -- C:\WINDOWS\system32\drivers\s3117mdfl.sys (MCCI Corporation) DRV - (s3117mdm) -- C:\WINDOWS\system32\drivers\s3117mdm.sys (MCCI Corporation) DRV - (s3117unic) Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM) -- C:\WINDOWS\system32\drivers\s3117unic.sys (MCCI Corporation) DRV - (s3117mgmt) Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s3117mgmt.sys (MCCI Corporation) DRV - (s3117nd5) Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS) -- C:\WINDOWS\system32\drivers\s3117nd5.sys (MCCI Corporation) DRV - (s3117bus) Sony Ericsson Device 3117 driver (WDM) -- C:\WINDOWS\system32\drivers\s3117bus.sys (MCCI Corporation) DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\WINDOWS\system32\drivers\s3017unic.sys (MCCI Corporation) DRV - (s3017obex) -- C:\WINDOWS\system32\drivers\s3017obex.sys (MCCI Corporation) DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s3017mgmt.sys (MCCI Corporation) DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\WINDOWS\system32\drivers\s3017nd5.sys (MCCI Corporation) DRV - (s3017mdm) -- C:\WINDOWS\system32\drivers\s3017mdm.sys (MCCI Corporation) DRV - (s3017mdfl) -- C:\WINDOWS\system32\drivers\s3017mdfl.sys (MCCI Corporation) DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\WINDOWS\system32\drivers\s3017bus.sys (MCCI Corporation) DRV - (acehlp10) -- C:\WINDOWS\system32\drivers\acehlp10.sys (Protect Software GmbH) DRV - (acedrv10) -- C:\WINDOWS\system32\drivers\ACEDRV10.sys (Protect Software GmbH) DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation) DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation) DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.pagessyndication.com/google/iesearch.php IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.pagessyndication.com/google/iesearch.php IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.5 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747 FF - prefs.js..extensions.enabledItems: {3acc3b91-1e3c-4d0d-aefe-f82dead71816}:1.2.6 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Programme\Real\RealPlayer\browserrecord [2008.07.30 01:07:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.14 15:07:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.13 19:15:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.09.06 11:42:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.03.23 22:25:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.09.06 11:41:56 | 000,000,000 | ---D | M] [2010.03.26 10:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Extensions [2011.03.24 11:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\extensions [2010.11.20 08:29:39 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.06.07 15:45:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.22 15:23:36 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.03.21 10:41:28 | 000,000,000 | ---D | M] (Extended Link Properties) -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\extensions\{3acc3b91-1e3c-4d0d-aefe-f82dead71816} [2011.03.11 12:20:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.22 14:52:42 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2008.07.08 13:03:04 | 000,000,000 | ---D | M] (BlackJapanMAX) -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\extensions\{8e12f188-352c-4476-8198-e9b8f4a4353a} [2011.03.17 19:07:05 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\searchplugins\icqplugin-1.xml [2008.06.19 12:42:59 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\searchplugins\icqplugin-2.xml [2008.07.03 16:00:17 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\searchplugins\icqplugin-3.xml [2008.07.16 12:06:14 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\searchplugins\icqplugin-4.xml [2008.10.26 16:34:03 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\searchplugins\icqplugin-5.xml [2008.11.14 16:28:56 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\searchplugins\icqplugin-6.xml [2008.12.18 17:07:43 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\searchplugins\icqplugin-7.xml [2008.12.20 18:43:39 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\searchplugins\icqplugin-8.xml [2010.04.02 22:49:05 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\searchplugins\icqplugin-9.xml [2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Mozilla\Firefox\Profiles\5a45wdpj.default\searchplugins\icqplugin.xml [2011.03.24 11:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.08.02 14:19:49 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.09 18:50:37 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.09.06 11:42:47 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2008.12.31 11:20:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.02.20 18:16:32 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAMME\PDFFORGE TOOLBAR\FF [2011.03.13 19:15:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.13 19:15:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.13 19:15:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.13 19:15:11 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.13 19:15:11 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2003.04.02 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programme\IDM\QUICKfind\PlugIns\IEHelp.dll () O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OpwareSE4] C:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O8 - Extra context menu item: Download All Files by HiDownload - C:\Programme\HiDownload\HDGetAll.htm () O8 - Extra context menu item: Download by HiDownload - C:\Programme\HiDownload\HDGet.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm () O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Programme\HiDownload\hidownload.exe (StreamingStar Technology Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Hoasii\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Hoasii\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.06.05 18:01:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005.05.23 00:16:09 | 000,000,000 | R--D | M] - E:\autorun -- [ UDF ] O32 - AutoRun File - [2005.05.23 00:22:41 | 001,187,840 | R--- | M] () - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2005.05.23 00:22:40 | 000,000,043 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{0f31edc8-a32f-11df-aa6c-000fea53d1a6}\Shell - "" = AutoRun O33 - MountPoints2\{0f31edc8-a32f-11df-aa6c-000fea53d1a6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0f31edc8-a32f-11df-aa6c-000fea53d1a6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{89346d17-9dc9-11de-a7f8-000fea53d1a6}\Shell\AutoRun\command - "" = G:\rqtrfe.exe O33 - MountPoints2\{89346d17-9dc9-11de-a7f8-000fea53d1a6}\Shell\explore\Command - "" = G:\rqtrfe.exe O33 - MountPoints2\{89346d17-9dc9-11de-a7f8-000fea53d1a6}\Shell\open\Command - "" = G:\rqtrfe.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.24 07:23:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\Malwarebytes [2011.03.24 07:23:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.03.24 07:23:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.03.24 07:23:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.03.24 07:23:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.03.24 07:23:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.03.23 10:15:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy [2011.03.23 10:15:23 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2011.03.23 10:15:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2011.03.21 10:45:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hoasii\Startmenü\Programme\Total Commander [2011.03.21 10:45:46 | 000,000,000 | ---D | C] -- C:\totalcmd [2011.03.21 10:45:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\GHISLER [2011.03.11 18:42:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hoasii\Lokale Einstellungen\Anwendungsdaten\ConduitEngine [2011.03.11 18:42:43 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine [2011.03.11 12:20:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ICQ7.4 [2011.03.11 12:18:52 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.4 [2011.02.26 14:37:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\Prinz Pi - Rebell ohne Grund incl. Bonus Tracks [2009.11.07 17:27:26 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe26.dll [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.24 12:00:00 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2011.03.24 11:47:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.03.24 11:40:23 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.03.24 11:40:03 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.03.24 11:39:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.03.24 09:00:19 | 000,080,896 | ---- | M] () -- C:\Dokumente und Einstellungen\Hoasii\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.24 08:50:52 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.03.24 07:23:07 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.23 10:15:30 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\Hoasii\Desktop\Spybot - Search & Destroy.lnk [2011.03.21 16:25:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.03.21 10:45:49 | 000,000,548 | ---- | M] () -- C:\Dokumente und Einstellungen\Hoasii\Desktop\Total Commander.lnk [2011.03.11 18:46:54 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2011.03.11 12:20:49 | 000,001,451 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ICQ7.4.lnk [2011.03.05 02:07:06 | 001,404,908 | ---- | M] () -- C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\Stage 3.JPG [2011.02.25 18:55:32 | 008,210,057 | ---- | M] () -- C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\05-kanye_west-all_of_the_lights.mp3 [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.24 07:23:07 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.23 10:15:30 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\Hoasii\Desktop\Spybot - Search & Destroy.lnk [2011.03.21 10:45:49 | 000,000,548 | ---- | C] () -- C:\Dokumente und Einstellungen\Hoasii\Desktop\Total Commander.lnk [2011.03.21 10:45:47 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF [2011.03.21 10:45:47 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF [2011.03.21 10:45:47 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF [2011.03.21 10:45:47 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF [2011.03.21 10:45:47 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF [2011.03.21 10:45:47 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF [2011.03.21 10:45:47 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF [2011.03.11 12:20:49 | 000,001,451 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ICQ7.4.lnk [2011.03.11 11:20:54 | 000,527,835 | ---- | C] () -- C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\Muhaha.JPG [2011.03.06 12:40:42 | 001,404,908 | ---- | C] () -- C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\Stage 3.JPG [2011.02.25 21:55:23 | 008,210,057 | ---- | C] () -- C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\05-kanye_west-all_of_the_lights.mp3 [2011.02.25 21:49:23 | 010,037,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\07-Lil Wayne Ft. Cory Gunz - 6 Foot, 7 Foot (Prod. By Bangladesh).mp3 [2010.09.06 11:42:36 | 000,115,465 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2010.09.06 11:42:35 | 000,097,545 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2010.08.20 17:35:15 | 000,097,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2010.08.10 13:29:23 | 000,000,230 | ---- | C] () -- C:\WINDOWS\XIIIHooligans.ini [2010.07.23 21:17:41 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2010.07.23 21:17:40 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2010.06.09 18:53:08 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.04.14 13:20:01 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009.12.02 15:13:03 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2009.12.02 15:11:55 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll [2009.09.09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat [2009.07.08 12:40:30 | 000,000,312 | ---- | C] () -- C:\WINDOWS\promillerechner.ini [2008.12.07 20:00:23 | 000,000,552 | ---- | C] () -- C:\Dokumente und Einstellungen\Hoasii\Anwendungsdaten\wklnhst.dat [2008.11.29 11:46:33 | 000,000,535 | ---- | C] () -- C:\WINDOWS\eReg.dat [2008.11.27 23:37:57 | 000,000,404 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2008.10.22 18:15:39 | 000,000,023 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008.09.06 22:39:14 | 000,000,617 | ---- | C] () -- C:\WINDOWS\BeatBox.INI [2008.09.06 22:39:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI [2008.09.06 22:34:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll [2008.09.06 22:24:06 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2008.09.06 22:22:52 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2008.07.30 20:04:23 | 000,468,480 | ---- | C] () -- C:\WINDOWS\System32\NMDll.dll [2008.07.30 20:04:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HDBHO.dll [2008.07.30 20:04:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\yhl.dll [2008.07.30 20:04:23 | 000,007,168 | ---- | C] () -- C:\WINDOWS\lq.dll [2008.07.03 14:37:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.06.21 12:11:01 | 000,138,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008.06.21 12:04:00 | 000,215,128 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2008.06.21 12:03:41 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2008.06.09 19:18:07 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Hoasii\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.06.08 23:12:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.06.08 11:40:37 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008.06.08 11:40:37 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008.06.07 17:35:17 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2008.06.07 17:20:01 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2008.06.07 14:53:40 | 000,038,880 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat [2008.06.07 14:53:40 | 000,029,367 | ---- | C] () -- C:\WINDOWS\hpoins03.dat [2008.06.06 15:47:22 | 000,080,896 | ---- | C] () -- C:\Dokumente und Einstellungen\Hoasii\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.06 15:38:22 | 000,721,920 | ---- | C] () -- C:\WINDOWS\System32\imediacentral_com_browsertools.dll [2008.06.06 15:38:22 | 000,656,384 | ---- | C] () -- C:\WINDOWS\System32\recctrl2.exe [2008.06.06 15:38:22 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\browsertools_helper.dll [2008.06.05 18:59:44 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2008.06.05 18:59:44 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008.06.05 18:53:51 | 000,001,169 | ---- | C] () -- C:\WINDOWS\mozver.dat [2008.06.05 18:11:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008.06.05 18:02:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.06.05 17:59:23 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.06.05 16:08:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.06.05 16:07:31 | 000,447,696 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.05.03 04:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008.05.03 04:46:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2008.05.03 04:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008.05.03 04:46:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2008.05.03 04:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008.05.03 04:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008.05.03 04:46:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2008.05.03 04:46:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2008.05.03 04:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007.01.25 18:31:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2006.12.01 17:34:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll [2006.11.22 10:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2006.11.22 10:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2006.11.22 10:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2006.11.22 10:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2006.11.22 10:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2006.11.22 10:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2006.11.22 10:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2006.11.22 10:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2006.11.22 10:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2004.08.17 15:57:24 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\QFClient2.dll [2004.08.02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.02.26 09:36:54 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll [2003.04.02 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2003.04.02 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003.04.02 13:00:00 | 000,462,332 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2003.04.02 13:00:00 | 000,444,028 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2003.04.02 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003.04.02 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2003.04.02 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003.04.02 13:00:00 | 000,085,336 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2003.04.02 13:00:00 | 000,071,904 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2003.04.02 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003.04.02 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2003.04.02 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003.04.02 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2003.04.02 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2003.04.02 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\thihihi.jpg:SummaryInformation @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\rututututu.jpg:SummaryInformation @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\Kopie vonDSC00975.JPG:SummaryInformation @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\Kopie vonDSC00024.JPG:SummaryInformation @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\Kopgfok0975.JPG:SummaryInformation @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\ITP Stempel Kopie.jpg:SummaryInformation @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\holk.jpg:SummaryInformation @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\bn6ftkcogsvbyz2tbi39e7el92f.jpg:SummaryInformation @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\100_3009.JPG:SummaryInformation @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\100_3006.JPG:SummaryInformation @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Hoasii\Desktop\Stempel4.jpg:SummaryInformation @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Hoasii\Desktop\Stempel3.jpg:SummaryInformation @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Hoasii\Desktop\stempel 2.jpg:SummaryInformation @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Hoasii\Desktop\Kopie vonStempel3.jpg:SummaryInformation < End of report > [/CODE] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.03.2011 12:01:41 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Hoasii\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 474,00 Mb Available Physical Memory | 46,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 186,30 Gb Total Space | 29,09 Gb Free Space | 15,61% Space Free | Partition Type: NTFS Drive E: | 1,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PHIL | User Name: Hoasii | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "56642:TCP" = 56642:TCP:*:Enabled:Pando Media Booster "56642:UDP" = 56642:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "56642:TCP" = 56642:TCP:*:Enabled:Pando Media Booster "56642:UDP" = 56642:UDP:*:Enabled:Pando Media Booster ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "E:\setup.exe" = E:\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Security Suite CBE -- (Macrovision Corporation) "C:\Programme\EA GAMES\Battlefield 2\BF2.exe" = C:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- () "C:\Programme\Microsoft Games\Age of Empires III\age3.exe" = C:\Programme\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3 -- (Ensemble Studios) "C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe" = C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe:*:Enabled:Kaspersky Anti-Virus "C:\Programme\Microsoft Games\Age of Empires III\age3x.exe" = C:\Programme\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios) "C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 "C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 "C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios) "C:\Programme\Microsoft Games\Rise of Nations\thrones.exe" = C:\Programme\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.) "C:\Programme\Microsoft Games\Age of Empires III\age3y.exe" = C:\Programme\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties -- (Microsoft Corporation) "C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{04440044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Enzyklopädie 2004 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510 "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in "{18E0918E-1060-48f3-925C-56C82E88551B}" = HP PSC & OfficeJet 3.5 "{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc "{22988B2A-374A-4A7B-B795-A1AFF2046BE9}" = PhotoGallery "{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1 "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00 "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics "{4086BCA1-9B64-498B-8B8B-CA236029C816}" = Adobe Setup "{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload "{458CD97D-56E5-4330-81DB-5829500BBF7A}" = Adobe GoLive 9 "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective "{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ Driver "{47C25360-AEBC-4B21-B233-87CE653B3369}" = AIOMinimal "{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy "{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0 "{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces "{53C4971B-F57C-4EFC-A2B5-74998E119234}" = Samsung PC Studio 3 "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{55DCBED7-5710-4939-A928-4CBD9AB09EBB}" = 1310_Help "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5783F2D7-8001-0407-0002-0060B0CE6BBA}" = AutoCAD 2010 - Deutsch "{5783F2D7-8001-0407-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - Deutsch "{5786D2C8-A4C4-4DDB-B671-8ED2A53310EC}" = 1310Tour "{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{593AFFA4-D08E-4272-BABB-420949D32A10}" = QUICKfind "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{63686BEF-04CA-461C-B364-53BBC322F7BF}" = Sherlock Holmes jagt Arsene Lupin "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires "{6864A62D-3EF3-415F-9922-240EED34B4C0}" = Fax "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942 "{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2 "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7032E73F-68A0-48F9-8100-E70E79169BAE}" = AGEIA PhysX v6.12.02 "{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4 "{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator "{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp "{870013DB-984D-42A8-9E63-8673D8B2775A}" = Stubbs The Zombie "{8704D51E-25B7-4F23-81E7-AA4F54790220}" = Microsoft AutoRoute v11.0 "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 "{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaosGER "{99D48FBB-2DEF-49A9-BCC9-C5AF63DD2643}" = AiOSoftware "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects "{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10 "{A0B139A7-E8D5-49E8-A7BF-12421E652208}" = pdfforge Toolbar v4.3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AEC20FEC-47D8-4DEA-85D7-0B7E5D905D11}" = AiO_Scan "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B547CB8D-549A-436E-97B5-E79F911B11E2}" = SDP Downloader "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B89933C8-E38D-44BE-B3DB-96657D11338F}" = Hooligans - Storm over Europe "{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2 "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{C576C82C-EE87-11D6-B031-0000CB597465}" = A.F.7 Merge your files 1.3 "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium "{D0412DE9-1E5E-4683-B422-F56D29715ACA}" = Genie Stream(TM) Server v3.5.2 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{DA86503D-AAA4-4AB1-B872-ED1360A0424C}" = A.F.6 Split your files 2.2 "{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9 "{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4 "{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E443F067-3345-482C-BD7A-12675A53D292}" = Readme "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F730A60D-F6DA-4653-9C6E-548F7A3A5EE0}" = 1310Trb "{F9B0968A-810E-484C-B81D-7F19DC2CBBF5}" = 1310 "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg "7-Zip" = 7-Zip 4.57 "AccessDiver v4.402_is1" = AccessDiver v4.402 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "Adobe_a7223e4b8dff4f6a5bb90518a80851d" = Adobe GoLive 9 "Arbeitszeugnis-Generator_is1" = Deinstallation Arbeitszeugnis-Generator "Ashampoo ClipFinder HD_is1" = Ashampoo ClipFinder HD 2.02 "Ashampoo ClipFinder_is1" = Ashampoo ClipFinder 1.55 "Ashampoo Movie Shrink & Burn 3_is1" = Ashampoo Movie Shrink & Burn 3.02 "AutoCAD 2010 - Deutsch" = AutoCAD 2010 - Deutsch "AVMWLANCLI" = AVM FRITZ!WLAN "Browsertools by imediacentral.com_is1" = Browsertools by imediacentral.com v2.8.4 "CamStudio" = CamStudio "Canon MP210 series Benutzerregistrierung" = Canon MP210 series Benutzerregistrierung "CANONIJPLM100" = PIXMA Extended Survey Program "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CasinoClub" = CasinoClub "Casino-On-Net" = Casino-On-Net "Cheatbook 07.2009" = Cheatbook 07.2009 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "doPDF 6 printer_is1" = doPDF 6.1 printer "DVD Shrink_is1" = DVD Shrink 3.2 "Easy Video Splitter_is1" = Easy Video Splitter 1.28 "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free FLV Converter_is1" = Free FLV Converter V 4.6 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "FreePascal_is1" = Free Pascal 2.2.0 "GeoGebra" = GeoGebra "Google Chrome" = Google Chrome "Google Updater" = Google Updater "HiDownload_is1" = HiDownload "HP Photo & Imaging" = HP Image Zone 3.5 "ICQToolbar" = ICQ Toolbar "ie8" = Windows Internet Explorer 8 "iFinger" = iFinger "Imperium Romanum" = Imperium Romanum 1.04 Gold Edition "InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime "InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10 "Internet Flash FLV Video Downloader_is1" = Internet Flash FLV Video Downloader 2.9.8.30 "JDownloader" = JDownloader "MAGIX Music Maker 2008 D" = MAGIX Music Maker 2008 13.0.0.16 (D) "MAGIX Music Maker 2008 Producer Edition Download-Version D" = MAGIX Music Maker 2008 Producer Edition Download-Version 13.0.1.11 (D) "MAGIX PC Visit D" = MAGIX PC Visit "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mixxx" = NSIS Mixxx "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15) "Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23) "MP Navigator 3.0" = Canon MP Navigator 3.0 "Mp3tag" = Mp3tag v2.46a "Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver "Native Instruments Service Center" = Native Instruments Service Center "Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "OpenAL" = OpenAL "Opera 11.01.1190" = Opera 11.01 "PictureIt_v9" = Microsoft Picture It! Foto Premium 9 "Pontifex Demo" = Pontifex Demo "ProtectDisc Driver 10" = ProtectDisc Helper Driver 10 "Radio+Free-TV_is1" = RadioFreeTV.NET v6.3.8 "RealPlayer 6.0" = RealPlayer "RiseOfNationsExpansion 1.0" = Rise of Nations "SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Shockwave" = Shockwave "Silkroad" = Silkroad "Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar "Steam App 10" = Counter-Strike "Streambox Vcr Suite_is1" = Streambox Vcr Suite 2 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "tewi Fahrschule_is1" = tewi Fahrschule 2006 "The_Sims_2_+14_Trainer_1.0" = The Sims 2 +14 Trainer V 1.0 "Totalcmd" = Total Commander (Remove or Repair) "Uninstall_is1" = Uninstall 1.0.0.1 "UseNeXT_is1" = UseNeXT "VLC media player" = VideoLAN VLC media player 0.8.6h "Web Stream Recorder Pro" = Web Stream Recorder Pro "Webcam Spy_is1" = Webcam Spy v2.1 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 2 "WinPcapInst" = WinPcap 4.0 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "Works2004Setup" = Setup-Start von Microsoft Works 2004 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Xvid_is1" = Xvid 1.1.3 final uninstall "ZBot für Counter-Strike 1.6 / Steam" = ZBot für Counter-Strike 1.6 / Steam ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "WinDirStat" = WinDirStat 1.1.2 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.03.2011 07:22:05 | Computer Name = PHIL | Source = crypt32 | ID = 131075 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-CAB-Datei von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 11.03.2011 17:47:15 | Computer Name = PHIL | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung ICQ.exe, Version 7.4.0.4629, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 11.03.2011 17:47:15 | Computer Name = PHIL | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung ICQ.exe, Version 7.4.0.4629, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 11.03.2011 17:47:25 | Computer Name = PHIL | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung ICQ.exe, Version 7.4.0.4629, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 23.03.2011 05:43:17 | Computer Name = PHIL | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.22.3, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 23.03.2011 05:43:21 | Computer Name = PHIL | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.22.3, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 23.03.2011 05:47:08 | Computer Name = PHIL | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.22.3, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 23.03.2011 06:17:18 | Computer Name = PHIL | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.22.3, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 23.03.2011 06:17:20 | Computer Name = PHIL | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.22.3, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 23.03.2011 13:33:21 | Computer Name = PHIL | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung ICQ.exe, Version 7.4.0.4629, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 22.03.2011 03:35:53 | Computer Name = PHIL | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google Updater Service. Error - 22.03.2011 06:29:57 | Computer Name = PHIL | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google Updater Service. Error - 22.03.2011 07:21:18 | Computer Name = PHIL | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google Updater Service. Error - 22.03.2011 17:16:05 | Computer Name = PHIL | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google Updater Service. Error - 23.03.2011 04:35:58 | Computer Name = PHIL | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google Updater Service. Error - 23.03.2011 07:06:32 | Computer Name = PHIL | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google Updater Service. Error - 23.03.2011 13:30:02 | Computer Name = PHIL | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google Updater Service. Error - 24.03.2011 02:15:06 | Computer Name = PHIL | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google Updater Service. Error - 24.03.2011 06:39:42 | Computer Name = PHIL | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google Updater Service. Error - 24.03.2011 06:39:44 | Computer Name = PHIL | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. < End of report > |
24.03.2011, 12:20 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank Trojaner, TAN Abfrage Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Deutsche Bank Trojaner, TAN Abfrage |
anwendung, benutzer, board, deutsche, deutsche bank, erstellen, heute, hijack, hijackthis, konto, lange, löschen, morgen, neue, neuen, nicht gefunden, nicht mehr, nummern, ordner, pop up, problem, programme, regeln, super, tan, tan abfrage, thread, trojaner, windows |