| |
| |||||||
Log-Analyse und Auswertung: Trojaner.Backdoor. nix geht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.04.2011, 13:57
| #1 |
| |  Trojaner.Backdoor. nix geht mehr Seit 2 tagen geht nix mehr an meinem laptop, es öffneten sich irgendswelche P****Seiten und seit dem geht kein program mehr was mit dem internet verbinden werden muss, des weiteren kommt immer ein spyware protection program was mir kostenlose scans anbietet, ich habe im abgesicherten modus ein HijackThis log ausgeführt weil es im normalen zustand nicht funktioniert hat. Hier die auswertung: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:50:59, on 14.04.2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Dokumente und Einstellungen\Stiffler\Desktop\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: mysidesearch search enhancer - {465D222E-63FA-80E6-9FDE-242A1C10EEE8} - C:\WINDOWS\system32\uepcnwcwhupyl.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [QPService] "C:\Programme\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programme\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Programme\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe O4 - HKLM\..\Run: [NapsterShell] C:\Programme\Napster\napster.exe /systray O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ccleaner] "C:\Programme\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EPSON Stylus SX600FW(Netzwerk)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "C:\WINDOWS\TEMP\E_S67.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Spyware Protection] C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\defender.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] F:\Programme\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: CD-MENU.LNK = E:\AutoMenu.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=hxxp://www.hp.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167508377328 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe O23 - Service: Google Update Service (gupdate1c9b150da40239a) (gupdate1c9b150da40239a) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9417 bytes danke schonmal für die antworten |
|
14.04.2011, 14:14
| #2 |
| /// Malware-holic   | Trojaner.Backdoor. nix geht mehr hjt logs möchten wir nicht mehr sehen :-)
__________________im abgesicherten modus folgendes: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
14.04.2011, 14:53
| #3 |
| | Trojaner.Backdoor. nix geht mehr OTL:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.04.2011 15:39:41 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = H:\ Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 786,00 Mb Available Physical Memory | 77,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 97,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 24,44 Gb Total Space | 3,71 Gb Free Space | 15,20% Space Free | Partition Type: NTFS Drive D: | 5,69 Gb Total Space | 0,55 Gb Free Space | 9,72% Space Free | Partition Type: FAT32 Drive F: | 62,02 Gb Total Space | 24,66 Gb Free Space | 39,77% Space Free | Partition Type: NTFS Drive H: | 298,09 Gb Total Space | 148,84 Gb Free Space | 49,93% Space Free | Partition Type: NTFS Computer Name: STINNER | User Name: Stiffler | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - H:\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - H:\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (LMIMaint) -- C:\Programme\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.) SRV - (LogMeIn) -- C:\Programme\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (EpsonBidirectionalService) -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (BlueSoleil Hid Service) -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe () SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation) DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (LMIInfo) -- C:\Programme\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia) DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia) DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (SSHDRV86) -- C:\WINDOWS\system32\drivers\SSHDRV86.sys () DRV - (PDNMp50) -- C:\WINDOWS\system32\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PDNSp50) -- C:\WINDOWS\system32\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) DRV - (APL531) -- C:\WINDOWS\system32\drivers\ov550i.sys (Omnivision Technologies, Inc.) DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.) DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation) DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation) DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation) DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation) DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation) DRV - (BTHidEnum) -- C:\WINDOWS\system32\drivers\vbtenum.sys () DRV - (BT) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys (IVT Corporation) DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation) DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec) DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2458578755-3246142519-238381867-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de IE - HKU\S-1-5-21-2458578755-3246142519-238381867-1006\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2458578755-3246142519-238381867-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2458578755-3246142519-238381867-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yoog Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www3.yoog.com/search.php?q=" FF - prefs.js..browser.search.selectedEngine: "Yoog Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..keyword.URL: "hxxp://www3.yoog.com/search.php?q=" FF - user.js..browser.search.defaultenginename: "Yoog Search" FF - user.js..browser.search.defaulturl: "hxxp://www3.yoog.com/search.php?q=" FF - user.js..browser.search.selectedEngine: "Yoog Search" FF - user.js..keyword.URL: "hxxp://www3.yoog.com/search.php?q=" FF - user.js..keyword.enabled: true FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.05 12:57:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.02 11:25:58 | 000,000,000 | ---D | M] [2006.12.27 20:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Mozilla\Firefox\Profiles\3zxircey.default\extensions [2008.12.15 16:45:18 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Mozilla\Firefox\Profiles\3zxircey.default\searchplugins\icqplugin.xml [2009.06.09 20:14:39 | 000,000,246 | ---- | M] () -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Mozilla\Firefox\Profiles\3zxircey.default\searchplugins\Yoog Search.xml [2009.01.18 17:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2006.12.27 20:36:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.01.18 17:51:28 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2007.07.22 17:37:53 | 000,000,000 | ---D | M] (Google Settings) -- C:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com [2008.05.31 22:21:12 | 000,000,000 | ---D | M] (Talkback) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2008.05.31 22:21:01 | 000,066,408 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll [2008.05.31 22:21:01 | 000,054,112 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll [2008.05.31 22:21:01 | 000,034,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll [2009.01.05 18:01:40 | 000,653,312 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\components\nsadzgalore.dll [2008.05.31 22:21:02 | 000,046,456 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll [2010.03.23 11:50:38 | 000,285,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\components\uepcnwcwhupyl.dll [2008.05.31 22:21:02 | 000,171,880 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll [2007.06.11 13:34:00 | 002,115,816 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPSWF32.dll [2008.05.31 22:21:11 | 000,001,525 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2008.05.31 22:21:11 | 000,001,063 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2008.05.31 22:21:11 | 000,000,998 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2008.05.31 22:21:11 | 000,000,815 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 10:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (mysidesearch search enhancer) - {465D222E-63FA-80E6-9FDE-242A1C10EEE8} - C:\WINDOWS\system32\uepcnwcwhupyl.dll () O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-2458578755-3246142519-238381867-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKU\S-1-5-21-2458578755-3246142519-238381867-1006\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard ) O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [LogMeIn GUI] C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [NapsterShell] File not found O4 - HKLM..\Run: [PCSuiteTrayApplication] F:\Programme\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] F:\Programme\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] F:\Programme\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-21-2458578755-3246142519-238381867-1006..\Run: [ccleaner] C:\Programme\CCleaner\ccleaner.exe (Piriform Ltd) O4 - HKU\S-1-5-21-2458578755-3246142519-238381867-1006..\Run: [DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKU\S-1-5-21-2458578755-3246142519-238381867-1006..\Run: [EPSON Stylus SX600FW(Netzwerk)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-2458578755-3246142519-238381867-1006..\Run: [Spyware Protection] C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\defender.exe (Defender Software) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BlueSoleil.lnk = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Stiffler\Startmenü\Programme\Autostart\CD-MENU.LNK = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2458578755-3246142519-238381867-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\NPJPI150_10.dll (Sun Microsystems, Inc.) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167508377328 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Stiffler\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Stiffler\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.12.29 11:51:23 | 000,000,087 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001.07.27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2004.04.30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ] O33 - MountPoints2\{2befc8ea-8ac2-11dd-b66b-0011f60526d3}\Shell - "" = AutoRun O33 - MountPoints2\{2befc8ea-8ac2-11dd-b66b-0011f60526d3}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2befc8ea-8ac2-11dd-b66b-0011f60526d3}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe COHIBAN.vbs O33 - MountPoints2\{ce757b47-eeef-11de-b81c-0011f60526d3}\Shell\AutoRun\command - "" = Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {04BBA4C9-6035-87BB-A85B-E9F3BB970E3A} - Internet Explorer ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1A6322DD-4689-2C7B-4743-CC5D6C0126B3} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error. ActiveX: {D2C043B8-1711-C257-65C0-87CE20D12ABD} - Vektorgrafik-Rendering (VML) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company) Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm () Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.DVSD - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.LEAD - LCODCCMP.DLL File not found Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Error starting restore point: The function was called in safe mode. Error closing restore point: The sequence number is invalid. ========== Files/Folders - Created Within 30 Days ========== [2011.04.14 15:32:16 | 000,000,000 | ---D | C] -- F:\Eigene Dateien\Bluetooth [2011.04.07 22:38:22 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Stiffler\Recent [2011.04.06 19:49:36 | 001,015,808 | ---- | C] (Defender Software) -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\defender.exe [2011.04.05 19:55:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\McAfee [2011.04.05 19:55:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus [2011.04.01 15:50:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee [2011.04.01 15:50:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee Security Scan [2011.04.01 15:50:42 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan [2011.04.01 14:45:35 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\SWF Studio [2011.03.25 19:18:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2011.03.25 19:18:02 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.03.25 19:12:42 | 000,000,000 | ---D | C] -- C:\Programme\Safari [2007.10.14 20:35:00 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\OMNIUNS.EXE [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.14 15:39:31 | 000,463,672 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.04.14 15:39:31 | 000,445,098 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.04.14 15:39:31 | 000,086,288 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.04.14 15:39:31 | 000,072,782 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.04.14 15:35:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.04.14 15:35:11 | 000,468,510 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor [2011.04.14 15:32:12 | 000,001,579 | -HS- | M] () -- C:\hpqp.ini [2011.04.14 15:32:10 | 000,000,040 | ---- | M] () -- C:\XP_TV.ini [2011.04.14 15:32:06 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.04.14 15:31:49 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011.04.14 14:41:43 | 000,104,448 | ---- | M] () -- C:\Dokumente und Einstellungen\Stiffler\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.14 14:41:43 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.04.14 14:36:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.04.07 23:03:14 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.04.06 19:49:36 | 001,015,808 | ---- | M] (Defender Software) -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\defender.exe [2011.04.05 19:55:20 | 000,001,583 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk [2011.04.05 19:55:20 | 000,001,575 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [2011.04.03 11:18:49 | 000,002,163 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk [2011.04.01 15:14:54 | 000,000,512 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2011.03.29 22:33:28 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\er456541.ini [2011.03.25 19:18:49 | 000,001,527 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.01 15:50:43 | 000,001,583 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk [2011.04.01 15:50:43 | 000,001,575 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [2011.03.29 22:33:28 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\er456541.ini [2011.03.25 19:18:49 | 000,001,527 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2011.03.25 19:12:48 | 000,002,163 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk [2011.03.25 19:12:48 | 000,001,846 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Safari.lnk [2010.08.13 17:34:02 | 000,000,615 | ---- | C] () -- C:\WINDOWS\eReg.dat [2010.05.08 20:02:06 | 000,081,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.03.23 11:50:38 | 000,582,656 | ---- | C] () -- C:\WINDOWS\System32\uepcnwcwhupyl.dll [2009.12.22 23:19:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2009.12.22 14:06:13 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\E_ADDNET.DAT [2009.12.22 13:48:32 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2009.12.22 13:48:32 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2009.12.22 13:48:32 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2009.12.22 13:48:32 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2009.12.22 13:48:32 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2009.12.22 13:48:32 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2009.12.22 13:48:32 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2009.12.22 13:48:32 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2009.12.22 13:48:32 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2009.12.22 13:48:32 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2009.12.22 13:48:32 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2009.12.22 13:48:32 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2009.12.22 13:48:32 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2009.12.22 13:48:32 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2009.12.22 13:48:32 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2009.12.22 13:48:32 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2009.12.22 13:48:32 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2009.12.22 13:48:32 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2009.12.22 13:48:32 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2009.11.05 14:24:44 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2009.10.26 08:53:04 | 000,058,351 | ---- | C] () -- C:\WINDOWS\System32\u_uepcnwcwhupyl.dll.exe [2009.06.13 15:10:17 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009.03.19 18:58:03 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009.01.22 18:39:51 | 000,085,670 | ---- | C] () -- C:\WINDOWS\System32\1d57fe3e-6fc5-7c38-a430-e2b883e55ecf.exe [2008.10.21 17:06:42 | 000,000,912 | ---- | C] () -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\wklnhst.dat [2008.10.08 11:29:23 | 000,085,219 | ---- | C] () -- C:\WINDOWS\System32\cont_adzgalore-remove.exe [2008.09.14 12:36:44 | 000,065,222 | ---- | C] () -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\NMM-MetaData.db [2008.07.03 16:31:17 | 000,048,253 | ---- | C] () -- C:\WINDOWS\System32\apezgvdypgfci.exe [2008.06.07 18:35:33 | 000,058,738 | ---- | C] () -- C:\WINDOWS\System32\uepcnwcwhupyl.dll-uninst.exe [2008.06.07 18:35:30 | 000,102,106 | ---- | C] () -- C:\WINDOWS\System32\adzgalore-remove.exe [2008.06.07 18:35:09 | 000,063,916 | ---- | C] () -- C:\WINDOWS\System32\{9af62b53-eaf4-738e-23d4-525e7359f442}.dll-uninst.exe [2008.05.27 10:20:16 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat [2008.04.14 11:44:04 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini [2008.04.04 15:34:08 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2008.04.04 15:34:08 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2008.04.04 15:34:08 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2007.12.28 15:38:41 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007.12.28 15:38:41 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007.12.18 20:38:11 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.11.21 19:57:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2007.09.12 10:19:56 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll [2007.07.27 14:18:12 | 000,001,356 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2007.07.20 20:47:32 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2007.07.14 17:26:31 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini [2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2007.03.05 21:40:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Title.INI [2007.02.11 17:13:19 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI [2007.01.15 19:50:37 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2007.01.05 18:05:24 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV86.sys [2006.12.31 19:38:18 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Filzip.ini [2006.12.31 19:34:18 | 000,000,332 | ---- | C] () -- C:\WINDOWS\desctemp.dat [2006.12.29 13:05:28 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL [2006.12.29 11:51:22 | 000,001,182 | ---- | C] () -- C:\WINDOWS\VFO.INI [2006.12.29 10:17:37 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini [2006.12.27 22:35:39 | 000,013,299 | ---- | C] () -- C:\WINDOWS\System32\drivers\packet.sys [2006.12.27 22:35:39 | 000,011,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys [2006.12.27 21:59:25 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin [2006.12.27 21:35:56 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.12.27 21:32:14 | 000,000,512 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.12.27 20:51:31 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\getfile.dat [2006.12.27 20:41:55 | 000,104,448 | ---- | C] () -- C:\Dokumente und Einstellungen\Stiffler\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.12.27 20:36:31 | 000,002,886 | ---- | C] () -- C:\WINDOWS\mozver.dat [2006.12.27 19:55:37 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Stiffler\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.12.12 18:30:29 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe [2006.12.12 18:30:26 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2006.12.12 18:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2006.02.27 01:27:05 | 000,030,064 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006.02.27 01:20:54 | 000,088,049 | ---- | C] () -- C:\WINDOWS\hpqins69.dat [2005.12.02 12:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004.12.20 19:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll [2004.08.07 07:32:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004.08.07 07:32:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004.08.07 07:27:00 | 000,463,672 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.08.07 07:27:00 | 000,445,098 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.08.07 07:27:00 | 000,086,288 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.08.07 07:27:00 | 000,072,782 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.08.07 07:25:50 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.08.07 07:19:00 | 000,364,120 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004.08.07 07:13:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004.08.07 07:10:50 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004.08.04 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 10:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.04 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 10:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.04 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 10:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.04 10:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004.08.04 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004.01.13 21:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002.05.28 10:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002.05.28 10:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat ========== LOP Check ========== [2009.09.11 14:43:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk [2007.07.18 18:21:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2006.12.27 22:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth [2008.04.23 13:34:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DVDXStudio [2009.12.22 14:06:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2009.01.18 17:51:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2008.09.14 12:18:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2010.08.02 19:55:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster [2007.02.11 17:13:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic [2008.09.14 12:23:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2008.04.14 11:44:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle [2006.12.29 11:22:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio [2011.03.08 22:33:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2009.12.22 13:53:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL [2010.05.03 20:31:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2008.05.25 14:43:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sabrina\Anwendungsdaten\gtopala [2008.05.25 15:41:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sabrina\Anwendungsdaten\SlimBrowser [2009.09.09 20:51:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Autodesk [2009.01.30 19:20:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Azureus [2009.12.22 21:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\EPSON [2008.03.26 05:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Gearbox Software [2006.12.31 17:47:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Jasc [2008.04.01 14:47:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Leadertech [2009.07.31 19:37:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\LimeWire [2008.09.14 12:20:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Nokia [2008.09.14 12:25:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Nokia Multimedia Player [2008.09.14 12:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\PC Suite [2011.04.14 14:54:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\SlimBrowser [2008.05.25 15:42:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\temp [2008.10.21 17:07:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Template [2008.04.23 13:31:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\TuneUp Software [2009.12.25 18:15:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.07.03 16:40:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Adobe [2007.03.18 00:19:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Ahead [2011.04.03 11:18:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Apple Computer [2010.10.10 22:05:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\ArcSoft [2009.09.09 20:51:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Autodesk [2007.12.28 15:39:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\AVS4YOU [2009.01.30 19:20:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Azureus [2007.01.15 20:34:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\CyberLink [2006.12.27 21:36:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\DivX [2008.03.22 08:26:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\dvdcss [2009.12.22 21:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\EPSON [2008.03.26 05:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Gearbox Software [2007.07.22 16:38:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Google [2006.12.31 17:47:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Help [2007.01.15 20:34:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\HP [2006.12.28 03:34:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Identities [2009.12.22 13:48:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\InstallShield [2006.12.31 17:47:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Jasc [2008.04.01 14:47:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Leadertech [2009.07.31 19:37:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\LimeWire [2006.12.27 20:28:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Macromedia [2008.04.24 06:51:32 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Microsoft [2006.12.27 20:36:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Mozilla [2008.09.14 12:20:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Nokia [2008.09.14 12:25:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Nokia Multimedia Player [2008.09.14 12:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\PC Suite [2010.01.08 16:20:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Roxio [2007.02.03 22:04:38 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\SecuROM [2011.04.14 14:54:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\SlimBrowser [2008.04.01 14:47:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Sonic [2007.08.09 18:06:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Sun [2006.12.30 13:59:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Symantec [2007.07.27 12:29:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Talkback [2008.05.25 15:42:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\temp [2008.10.21 17:07:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Template [2008.04.23 13:31:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\TuneUp Software [2006.12.27 21:42:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\vlc [2007.12.27 20:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > [2011.04.06 19:49:36 | 001,015,808 | ---- | M] (Defender Software) -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\defender.exe [2007.12.21 12:40:55 | 005,456,862 | ---- | M] () -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Azureus\plugins\azemp\azmplay.exe [2009.07.16 09:43:28 | 004,506,256 | ---- | M] (Lime Wire LLC) -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe [2006.12.29 11:35:47 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Microsoft\Installer\{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}\ARPPRODUCTICON.exe [2009.09.09 20:31:02 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 15:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys [2004.08.04 10:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.09.25 15:00:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.09.25 15:00:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 15:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004.08.04 10:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.09.25 15:00:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.09.25 15:00:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 10:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 10:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: IASTOR.SYS > [2005.10.13 03:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SWSETUP\HDD\iastor.sys [2005.10.13 03:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 10:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 10:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 10:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 10:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 10:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 10:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2007.02.03 17:27:34 | 000,646,392 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2004.08.07 09:01:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2004.08.07 09:01:00 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
|
14.04.2011, 14:54
| #4 |
| | Trojaner.Backdoor. nix geht mehr Extras:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.04.2011 15:39:41 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = H:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.014,00 Mb Total Physical Memory | 786,00 Mb Available Physical Memory | 77,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 97,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 24,44 Gb Total Space | 3,71 Gb Free Space | 15,20% Space Free | Partition Type: NTFS
Drive D: | 5,69 Gb Total Space | 0,55 Gb Free Space | 9,72% Space Free | Partition Type: FAT32
Drive F: | 62,02 Gb Total Space | 24,66 Gb Free Space | 39,77% Space Free | Partition Type: NTFS
Drive H: | 298,09 Gb Total Space | 148,84 Gb Free Space | 49,93% Space Free | Partition Type: NTFS
Computer Name: STINNER | User Name: Stiffler | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SlimBrowserHtml] -- C:\Programme\SlimBrowser\sbrowser.exe (FlashPeak, Inc.)
[HKEY_USERS\S-1-5-21-2458578755-3246142519-238381867-1006\SOFTWARE\Classes\<extension>]
.scr [@ = DWGTrueViewScriptFile] -- "" "%1"
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\SlimBrowser\sbrowser.exe" %1 (FlashPeak, Inc.)
https [open] -- "C:\Programme\SlimBrowser\sbrowser.exe" %1 (FlashPeak, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Dokumente und Einstellungen\Stiffler\Desktop\fotobuch\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Dokumente und Einstellungen\Stiffler\Desktop\fotobuch\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1"
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL Germany
"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\Programme\Pinnacle\Studio 10\programs\RM.exe" = C:\Programme\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager
"C:\Programme\Pinnacle\Studio 10\programs\Studio.exe" = C:\Programme\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio
"C:\Programme\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Programme\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile
"C:\Programme\Pinnacle\Studio 10\programs\umi.exe" = C:\Programme\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi
"C:\Programme\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe" = C:\Programme\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)
"F:\Azureus\Azureus.exe" = F:\Azureus\Azureus.exe:*:Enabled:Azureus
"F:\eMule\emule.exe" = F:\eMule\emule.exe:*:Enabled:eMule
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application
"F:\SPIELE\CoD2MP_s.exe" = F:\SPIELE\CoD2MP_s.exe:*:Enabled:CoD2MP_s
"H:\Spiele\CounterStrike\czero.exe" = H:\Spiele\CounterStrike\czero.exe:*:Enabled:Condition Zero Launcher
"F:\SPIELE\CounterStrike\czero.exe" = F:\SPIELE\CounterStrike\czero.exe:*:Enabled:Condition Zero Launcher
"E:\EpsonNet EasyInstall\EasyInstall.exe" = E:\EpsonNet EasyInstall\EasyInstall.exe:*:Enabled:EasyInstall
"C:\Programme\iTNC530\340494\sys\bin\geo.EXE" = C:\Programme\iTNC530\340494\sys\bin\geo.EXE:*:Enabled:geo -- ()
"C:\Programme\iTNC530\340494\sys\bin\regel.EXE" = C:\Programme\iTNC530\340494\sys\bin\regel.EXE:*:Enabled:regel -- ()
"C:\Programme\iTNC530\340494\sys\bin\ext.EXE" = C:\Programme\iTNC530\340494\sys\bin\ext.EXE:*:Enabled:ext -- ()
"C:\Programme\iTNC530\340494\sys\bin\plc.EXE" = C:\Programme\iTNC530\340494\sys\bin\plc.EXE:*:Enabled:plc -- ()
"C:\Programme\iTNC530\340494\xwin\bin\XWin.exe" = C:\Programme\iTNC530\340494\xwin\bin\XWin.exe:*:Enabled:XWin -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{063E409E-3D7C-4A4A-95AB-2F124B9224B3}" = ArcSoft PhotoImpression 6
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}" = DWG TrueView 2007
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4E31D9A6-245B-41A6-949D-C7B029A703D2}" = iTNC530 (340494)
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{605DE113-FAE9-D2D9-256F-E93A1D4DB34D}" = Search Assistant Mysidesearch
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}" = LogMeIn
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 F2
"{D2FEBD11-E587-4C41-AD33-0CD90D26A964}" = Client für die Windows-Rechteverwaltung mit Service Pack 2
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E74E3D81-773B-4DCF-B706-50236F80BD81}" = HP User Guides 0019
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Rückwärtskompatibilität des Clients für die Windows-Rechteverwaltung SP2
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"1d57fe3e-6fc5-7c38-a430-e2b883e55ecf" = Contextual Tool Adzgalore
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows-Treiberpaket - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"adzgalore" = Browser Optimizer Adzgalore
"Alice" = Alice-Installationsdateien entfernen
"apezgvdypgfci" = RON Too1 Cpmsky
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"Bilder-CD Fachkunde Metall_is1" = Bilder-CD Fachkunde Metall, 55. Auflage - Einzellizenz
"CCleaner" = CCleaner (remove only)
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows-Treiberpaket - Nokia Modem (05/24/2007 6.84.0.1)
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_CPL30A5m" = HDAUDIO Soft Data Fax Modem with SmartCP
"cont_adzgalore" = Contextual Tool Adzgalore
"DEMOplus Drehen" = DEMOplus Drehen
"DEMOplus Fräsen" = DEMOplus Fräsen
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Benutzerhandbuch" = EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Handbuch
"EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall
"freeCommander_is1" = freeCommander 2006.06b
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaMonkey_is1" = MediaMonkey 2.5
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.6)" = Mozilla Firefox (2.0.0.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"OVT Scanner" = Uninstall OVT Scanner
"Picasa2" = Picasa 2
"PokerStars" = PokerStars
"PROSet" = Intel(R) PRO Network Connections Drivers
"SlimBrowser" = SlimBrowser (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.8.5
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VideoLAN VLC media player 0.8.6
"WIC" = Windows Imaging Component
"Windows CE Services" = Microsoft ActiveSync 3.8
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoomPlayer" = Zoom Player (remove only)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01.04.2011 09:51:06 | Computer Name = STINNER | Source = MsiInstaller | ID = 11905
Description = Product: Adobe Flash Player 9 ActiveX -- Error 1905.Module C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
failed to unregister. HRESULT -2147220472. Contact your support personnel.
Error - 05.04.2011 13:54:58 | Computer Name = STINNER | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 05.04.2011 13:54:58 | Computer Name = STINNER | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 07.04.2011 16:54:50 | Computer Name = STINNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung sbrowser.exe, Version 4.0.8.0, fehlgeschlagenes
Modul mshtml.dll, Version 8.0.6001.19019, Fehleradresse 0x0042f88d.
Error - 14.04.2011 08:51:36 | Computer Name = STINNER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 14.04.2011 08:51:36 | Computer Name = STINNER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 14.04.2011 08:51:37 | Computer Name = STINNER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 14.04.2011 08:51:37 | Computer Name = STINNER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 14.04.2011 08:51:37 | Computer Name = STINNER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 14.04.2011 08:51:37 | Computer Name = STINNER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
[ System Events ]
Error - 14.04.2011 09:36:08 | Computer Name = STINNER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 14.04.2011 09:36:53 | Computer Name = STINNER | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 14.04.2011 09:36:53 | Computer Name = STINNER | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 14.04.2011 09:36:53 | Computer Name = STINNER | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 14.04.2011 09:36:53 | Computer Name = STINNER | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 14.04.2011 09:36:53 | Computer Name = STINNER | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 14.04.2011 09:36:53 | Computer Name = STINNER | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Filtertreiber für IP-Verkehr" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 14.04.2011 09:36:53 | Computer Name = STINNER | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 14.04.2011 09:36:53 | Computer Name = STINNER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD eabfiltr Fips intelppm IPSec MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss Tcpip
Error - 14.04.2011 09:39:00 | Computer Name = STINNER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
|
|
14.04.2011, 15:06
| #5 |
| /// Malware-holic | Trojaner.Backdoor. nix geht mehr • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found O2 - BHO: (mysidesearch search enhancer) - {465D222E-63FA-80E6-9FDE-242A1C10EEE8} - C:\WINDOWS\system32\uepcnwcwhupyl.dll () O3 - HKU\S-1-5-21-2458578755-3246142519-238381867-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found O4 - HKLM..\Run: [NapsterShell] File not found :Files C:\WINDOWS\system32\uepcnwcwhupyl.dll C:\Dokumente und Einstellungen\Stiffler\Anwendungsdaten\defender.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne arbeitsplatz, öffne c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Trojaner.Backdoor. nix geht mehr |
| adobe, bho, bonjour, desktop, einstellungen, excel, explorer, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, launch, netzwerk, object, pdf, performance, rundll, security, security scan, seiten, shortcut, software, spyware, system, temp, windows, windows xp |
Linear-Darstellung
