| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei-Trojaner. Ist er weg ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.04.2011, 16:22
| #1 |
| |  Bundespolizei-Trojaner. Ist er weg ? Hallo Leute, ich hatte mir den Bundespolizei-Trojaner eingefangen. Zum Glück hatte ich ein altes Acronis-True-Image Backup von meiner Betriebssystem Partition. Ich bin dann folgendermaßen vorgegangen: - Mit einem weiteren Acronis-True-Image Backup habe ich wichtige Dateien gesichert. ( Nur Dokumente. Keine Programme ) Also nachdem der Rechner schon infiziert war. - Dann beide Backups wieder eingespielt und fertig. Ich habe jedoch 4 Partitionen auf 2 Festplatten und frage mich nun, ob der Trojaner wirklich weg ist, oder ob er sich auf die anderen Partitionen ausgedehnt hat ? Ich habe die ganze Sache mit Load.exe nach Anweisung abgearbeitet. Vielleicht ist jemand so nett und sieht sich mal die Logfiles an: OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.04.2011 15:02:47 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Carsten\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,23 Gb Total Space | 45,23 Gb Free Space | 60,93% Space Free | Partition Type: NTFS Drive D: | 74,82 Gb Total Space | 21,39 Gb Free Space | 28,59% Space Free | Partition Type: NTFS Drive E: | 74,58 Gb Total Space | 48,66 Gb Free Space | 65,25% Space Free | Partition Type: NTFS Drive F: | 74,47 Gb Total Space | 74,38 Gb Free Space | 99,88% Space Free | Partition Type: NTFS Computer Name: DELL | User Name: Carsten | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.19 14:49:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Carsten\Desktop\OTL.exe PRC - [2011.04.18 22:30:13 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.04.18 15:34:19 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.26 10:02:44 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.26 10:02:44 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.10 12:15:24 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmon.exe PRC - [2008.09.10 12:15:21 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmsdmon.exe PRC - [2008.05.16 17:33:10 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdwcoms.exe PRC - [2007.05.09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe PRC - [2007.02.16 18:49:50 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe ========== Modules (SafeList) ========== MOD - [2011.04.19 14:49:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Carsten\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010.05.04 21:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2008.01.18 23:34:08 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll MOD - [2006.11.02 14:34:33 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.18 15:34:19 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.26 10:02:44 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.05.16 17:33:10 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdwcoms.exe -- (lxdw_device) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.02.16 18:49:50 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2006.06.05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV - [2011.04.18 15:34:20 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.26 10:02:44 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.02 20:40:50 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.06.16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.07.16 18:12:30 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2008.07.16 18:12:30 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2008.07.16 18:12:27 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2008.01.18 22:15:00 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008.01.18 20:25:06 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2007.10.10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007.03.05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [2006.05.29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent) DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (Nokia USB Port) DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (Nokia USB Modem) DRV - [2006.05.29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (Nokia USB Generic) DRV - [1997.12.23 03:00:00 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (Aspi32) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.18 22:30:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.18 22:30:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.06 08:10:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.12.06 08:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carsten\AppData\Roaming\mozilla\Extensions [2010.12.06 08:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carsten\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.18 18:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carsten\AppData\Roaming\mozilla\Firefox\Profiles\jeou4izh.default\extensions [2010.06.26 08:27:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Carsten\AppData\Roaming\mozilla\Firefox\Profiles\jeou4izh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.29 18:11:21 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\Carsten\AppData\Roaming\mozilla\Firefox\Profiles\jeou4izh.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2010.12.04 12:30:42 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Carsten\AppData\Roaming\mozilla\Firefox\Profiles\jeou4izh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.12.21 01:13:49 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Carsten\AppData\Roaming\mozilla\Firefox\Profiles\jeou4izh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.10.14 18:54:08 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Carsten\AppData\Roaming\mozilla\Firefox\Profiles\jeou4izh.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2011.04.18 15:41:25 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Carsten\AppData\Roaming\mozilla\Firefox\Profiles\jeou4izh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2011.04.18 15:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.10.22 20:55:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.27 13:33:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.04.18 15:29:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011.04.18 22:30:16 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.04.18 22:30:16 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2011.04.18 22:30:16 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.04.18 22:30:16 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.04.18 22:30:16 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [lxdwamon] C:\Program Files\Lexmark 7600 Series\lxdwamon.exe () O4 - HKLM..\Run: [lxdwmon.exe] C:\Program Files\Lexmark 7600 Series\lxdwmon.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O18 - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - C:\Program Files\Haufe\HaufeReader\HRInstmon.dll (Haufe Mediengruppe) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{e3ec7d5c-5215-11dd-bd30-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e3ec7d5c-5215-11dd-bd30-806e6f6e6963}\Shell\AutoRun\command - "" = A:\wubi.exe --cdmenu O33 - MountPoints2\{ec66abfc-9faa-11df-8c1b-001e4cdc7873}\Shell - "" = AutoRun O33 - MountPoints2\{ec66abfc-9faa-11df-8c1b-001e4cdc7873}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: PCSuiteTrayApplication - hkey= - key= - File not found MsConfig - StartUpReg: PcSync - hkey= - key= - File not found MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.04.19 14:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.19 14:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011.04.19 14:49:24 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Carsten\Desktop\Erunt-setup.exe [2011.04.19 14:49:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Carsten\Desktop\OTL.exe [2011.04.19 14:49:24 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Carsten\Desktop\TFC.exe [2011.04.18 21:40:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.04.18 17:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView [2011.04.18 17:13:31 | 000,000,000 | ---D | C] -- C:\Users\Carsten\Desktop\ebay_yamaha - Kopie [2011.04.18 15:31:52 | 000,000,000 | ---D | C] -- C:\Users\Carsten\Desktop\SE_Xperia_X10 [2011.04.18 15:31:51 | 000,000,000 | ---D | C] -- C:\Users\Carsten\Desktop\KompoZer Lektionen [2011.04.18 15:31:49 | 000,000,000 | ---D | C] -- C:\Users\Carsten\Desktop\ebay_yamaha [2011.04.18 15:31:48 | 000,000,000 | ---D | C] -- C:\Users\Carsten\Desktop\ebay [2011.04.18 15:31:34 | 000,000,000 | ---D | C] -- C:\Users\Carsten\Desktop\Bilder_Yamaha [2011.04.18 15:31:32 | 000,000,000 | ---D | C] -- C:\Users\Carsten\Desktop\24 [2010.11.30 17:14:51 | 000,032,256 | ---- | C] (Microsoft) -- C:\Users\Carsten\AppData\Roaming\Microsoft Installer.exe [2010.06.21 18:53:43 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDWhcp.dll [2010.06.21 18:53:43 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdwinpa.dll [2010.06.21 18:53:42 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdwserv.dll [2010.06.21 18:53:42 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdwusb1.dll [2010.06.21 18:53:42 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdwiesc.dll [2010.06.21 18:53:41 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdwpmui.dll [2010.06.21 18:53:41 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdwlmpm.dll [2010.06.21 18:53:40 | 000,679,936 | ---- | C] ( ) -- C:\Windows\System32\lxdwhbn3.dll [2010.06.21 18:53:40 | 000,328,360 | ---- | C] ( ) -- C:\Windows\System32\lxdwih.exe [2010.06.21 18:53:39 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdwcomc.dll [2010.06.21 18:53:39 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdwcoms.exe [2010.06.21 18:53:39 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdwcomm.dll [2010.06.21 18:53:38 | 000,369,320 | ---- | C] ( ) -- C:\Windows\System32\lxdwcfg.exe [47 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [47 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.19 14:59:30 | 000,000,693 | ---- | M] () -- C:\Users\Carsten\Desktop\NTREGOPT.lnk [2011.04.19 14:59:30 | 000,000,674 | ---- | M] () -- C:\Users\Carsten\Desktop\ERUNT.lnk [2011.04.19 14:57:02 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.19 14:57:02 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.19 14:57:02 | 000,131,024 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.19 14:57:02 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.19 14:52:15 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.04.19 14:52:15 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.04.19 14:52:13 | 000,004,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.19 14:52:13 | 000,004,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.19 14:52:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.19 14:51:16 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.19 14:49:32 | 000,301,568 | ---- | M] () -- C:\Users\Carsten\Desktop\g2m3e4r.exe [2011.04.19 14:49:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Carsten\Desktop\OTL.exe [2011.04.19 14:49:29 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Carsten\Desktop\Erunt-setup.exe [2011.04.19 14:49:28 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Carsten\Desktop\TFC.exe [2011.04.19 14:48:06 | 000,377,260 | ---- | M] () -- C:\Users\Carsten\Desktop\Load.exe [2011.04.18 21:44:00 | 000,263,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.18 20:27:23 | 000,155,648 | ---- | M] () -- C:\Users\Carsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.18 17:24:05 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk [2011.04.18 17:24:05 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk [2011.04.18 15:34:48 | 000,057,506 | ---- | M] () -- C:\Users\Carsten\Desktop\Yamaha-Logo.jpg [2011.04.18 15:34:48 | 000,013,958 | ---- | M] () -- C:\Users\Carsten\Desktop\Unbenannt 1.odt [2011.04.18 15:34:48 | 000,010,972 | ---- | M] () -- C:\Users\Carsten\Desktop\Strato.odt [2011.04.18 15:34:48 | 000,008,752 | ---- | M] () -- C:\Users\Carsten\Desktop\Xperia X10_Tests.odt [2011.04.18 15:34:48 | 000,000,998 | ---- | M] () -- C:\Users\Carsten\Desktop\Update Service.lnk [2011.04.18 15:34:47 | 003,906,917 | ---- | M] () -- C:\Users\Carsten\Desktop\SME_Flyer_01_2011.pdf [2011.04.18 15:34:20 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.04.18 15:31:52 | 000,009,216 | -H-- | M] () -- C:\Users\Carsten\Desktop\photothumb.db [2011.04.18 15:31:52 | 000,000,895 | ---- | M] () -- C:\Users\Carsten\Desktop\Playlist Creator 3.6.2.lnk [2011.04.18 15:31:52 | 000,000,812 | ---- | M] () -- C:\Users\Carsten\Desktop\mp3DirectCut.lnk [2011.04.18 15:31:52 | 000,000,480 | ---- | M] () -- C:\Users\Carsten\Desktop\Rechnungen - Verknüpfung.lnk [2011.04.18 15:31:51 | 000,001,877 | ---- | M] () -- C:\Users\Carsten\Desktop\JLC's Internet TV.lnk [2011.04.18 15:31:51 | 000,000,501 | ---- | M] () -- C:\Users\Carsten\Desktop\homepage_kompozer - Verknüpfung.lnk [2011.04.18 15:31:48 | 000,561,834 | ---- | M] () -- C:\Users\Carsten\Desktop\ComfortCredit.pdf [2011.04.18 15:31:34 | 000,370,908 | ---- | M] () -- C:\Users\Carsten\Desktop\antrag.pdf [2011.04.18 15:29:04 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{692325B4-3D4D-48E2-A700-8A0B9715E685}.job [2011.04.18 15:14:04 | 000,000,383 | ---- | M] () -- C:\Users\Carsten\Desktop\Eigene_Dateien - Verknüpfung.lnk [47 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [47 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.19 14:59:30 | 000,000,693 | ---- | C] () -- C:\Users\Carsten\Desktop\NTREGOPT.lnk [2011.04.19 14:59:30 | 000,000,674 | ---- | C] () -- C:\Users\Carsten\Desktop\ERUNT.lnk [2011.04.19 14:49:25 | 000,301,568 | ---- | C] () -- C:\Users\Carsten\Desktop\g2m3e4r.exe [2011.04.19 14:48:05 | 000,377,260 | ---- | C] () -- C:\Users\Carsten\Desktop\Load.exe [2011.04.18 17:24:05 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk [2011.04.18 17:24:05 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk [2011.04.18 15:48:25 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.04.18 15:48:25 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.04.18 15:48:25 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.04.18 15:34:48 | 000,057,506 | ---- | C] () -- C:\Users\Carsten\Desktop\Yamaha-Logo.jpg [2011.04.18 15:34:48 | 000,013,958 | ---- | C] () -- C:\Users\Carsten\Desktop\Unbenannt 1.odt [2011.04.18 15:34:48 | 000,010,972 | ---- | C] () -- C:\Users\Carsten\Desktop\Strato.odt [2011.04.18 15:34:48 | 000,008,752 | ---- | C] () -- C:\Users\Carsten\Desktop\Xperia X10_Tests.odt [2011.04.18 15:34:48 | 000,000,998 | ---- | C] () -- C:\Users\Carsten\Desktop\Update Service.lnk [2011.04.18 15:34:47 | 003,906,917 | ---- | C] () -- C:\Users\Carsten\Desktop\SME_Flyer_01_2011.pdf [2011.04.18 15:31:52 | 000,000,895 | ---- | C] () -- C:\Users\Carsten\Desktop\Playlist Creator 3.6.2.lnk [2011.04.18 15:31:52 | 000,000,812 | ---- | C] () -- C:\Users\Carsten\Desktop\mp3DirectCut.lnk [2011.04.18 15:31:52 | 000,000,480 | ---- | C] () -- C:\Users\Carsten\Desktop\Rechnungen - Verknüpfung.lnk [2011.04.18 15:31:51 | 000,001,877 | ---- | C] () -- C:\Users\Carsten\Desktop\JLC's Internet TV.lnk [2011.04.18 15:31:51 | 000,000,501 | ---- | C] () -- C:\Users\Carsten\Desktop\homepage_kompozer - Verknüpfung.lnk [2011.04.18 15:31:48 | 000,561,834 | ---- | C] () -- C:\Users\Carsten\Desktop\ComfortCredit.pdf [2011.04.18 15:31:34 | 000,370,908 | ---- | C] () -- C:\Users\Carsten\Desktop\antrag.pdf [2011.04.18 15:14:04 | 000,000,383 | ---- | C] () -- C:\Users\Carsten\Desktop\Eigene_Dateien - Verknüpfung.lnk [2010.11.30 17:15:00 | 000,000,000 | ---- | C] () -- C:\Users\Carsten\AppData\Roaming\chrtmp [2010.11.25 15:16:57 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.10.20 16:55:33 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.07.26 16:53:17 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.07.02 11:35:53 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010.06.21 18:58:57 | 000,360,448 | ---- | C] () -- C:\Windows\System32\lxdwcoin.dll [2010.06.21 18:57:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdwvs.dll [2010.06.21 18:55:59 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdwdrs.dll [2010.06.21 18:55:59 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdwcaps.dll [2010.06.21 18:55:59 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdwcnv4.dll [2010.06.21 18:54:28 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdwrwrd.ini [2010.06.21 18:53:44 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDWinst.dll [2010.06.21 18:53:40 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdwgrd.dll [2010.05.31 08:46:33 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.05.31 08:42:25 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.07.23 16:41:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\BH_DATA110VC8.dll [2008.07.16 23:01:06 | 000,155,648 | ---- | C] () -- C:\Users\Carsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.16 22:23:27 | 000,000,096 | ---- | C] () -- C:\Windows\ktel.ini [2008.07.16 21:16:23 | 000,000,095 | ---- | C] () -- C:\Users\Carsten\AppData\Local\fusioncache.dat [2008.07.16 21:09:46 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll [2008.07.16 21:09:45 | 000,065,536 | ---- | C] () -- C:\Windows\System32\PXTToolVC7.dll [2008.07.16 21:09:44 | 000,303,104 | ---- | C] () -- C:\Windows\System32\LxImport50VC7.dll [2008.07.16 21:09:44 | 000,217,088 | ---- | C] () -- C:\Windows\System32\LxImport40VC7.dll [2008.07.16 20:56:14 | 000,233,527 | ---- | C] () -- C:\Windows\System32\dnt25.dll [2008.07.16 20:56:14 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc25.dll [2008.07.16 20:56:14 | 000,069,689 | ---- | C] () -- C:\Windows\System32\dntvm25.dll [2008.07.16 20:56:13 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll [2008.07.16 20:56:13 | 000,221,239 | ---- | C] () -- C:\Windows\System32\dnt24.dll [2008.07.16 20:56:13 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll [2008.07.16 20:56:13 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc24.dll [2008.07.16 20:56:13 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll [2008.07.16 20:56:13 | 000,069,689 | ---- | C] () -- C:\Windows\System32\dntvm24.dll [2008.07.16 20:56:13 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll [2008.07.16 20:56:10 | 000,015,627 | ---- | C] () -- C:\Windows\System32\WBROLLRS.DLL [2008.07.16 20:56:09 | 000,110,080 | ---- | C] () -- C:\Windows\System32\W32MKRC.DLL [2008.07.16 20:56:08 | 000,320,512 | ---- | C] () -- C:\Windows\System32\W32MKDE.EXE [2008.07.16 20:56:08 | 000,041,472 | ---- | C] () -- C:\Windows\System32\W32btstp.dll [2008.07.16 20:56:08 | 000,025,088 | ---- | C] () -- C:\Windows\System32\W32btxlt.dll [2008.07.16 20:07:59 | 000,000,023 | ---- | C] () -- C:\Windows\eps32.INI [2008.07.16 20:07:59 | 000,000,023 | ---- | C] () -- C:\Windows\eps_stab.ini [2008.07.16 20:07:55 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini [2008.07.16 07:30:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008.07.16 07:28:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.07.16 07:28:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.07.15 04:51:33 | 000,000,680 | ---- | C] () -- C:\Users\Carsten\AppData\Local\d3d9caps.dat [2008.07.15 04:39:48 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.11.15 21:27:40 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2007.11.15 21:25:28 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2007.11.15 21:25:12 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2007.11.13 09:39:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll [2007.11.09 15:18:10 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2006.11.02 17:33:31 | 000,639,210 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,131,024 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,263,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,764 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,108,096 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [2005.11.09 12:18:38 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll [2005.11.09 12:17:36 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll [2005.11.09 12:17:28 | 000,073,785 | ---- | C] () -- C:\Windows\System32\dntvm27.dll [2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll [2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll [2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll [2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2004.05.06 14:07:32 | 000,241,664 | ---- | C] () -- C:\Windows\System32\dnt26VC7.dll [2004.05.06 14:05:04 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc26VC7.dll [2004.05.06 14:04:42 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dntvm26VC7.dll [2003.09.05 12:25:54 | 000,237,623 | ---- | C] () -- C:\Windows\System32\dnt26.dll [2003.09.05 12:25:52 | 000,073,785 | ---- | C] () -- C:\Windows\System32\dntvm26.dll [2003.09.05 12:03:30 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc26.dll [2002.11.06 15:23:32 | 000,045,056 | ---- | C] () -- C:\Windows\System32\FKStampPainter.dll [2001.12.13 13:30:12 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2010.10.20 19:50:53 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\AnvSoft [2010.11.23 23:51:48 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\Canneverbe Limited [2010.10.22 08:51:00 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\DataLayer [2010.08.17 18:34:02 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\DeepBurner [2010.10.25 12:38:58 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.02 16:06:16 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\elsterformular [2011.04.18 20:11:50 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\FileZilla [2010.10.19 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\FreeAudioPack [2010.12.24 00:30:15 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\GrabIt [2010.09.06 18:19:17 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\gtk-2.0 [2010.12.13 09:33:37 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\install [2008.07.16 22:24:51 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\klickTel [2010.08.23 11:49:22 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\KompoZer [2010.07.02 22:12:28 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\Lexmark Productivity Studio [2008.07.17 00:02:01 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\Lexware [2010.09.25 14:52:39 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\MyPhoneExplorer [2010.10.22 08:49:59 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\Nokia [2010.09.13 13:49:45 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\Notepad++ [2010.07.16 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\Nvu [2008.07.16 21:59:08 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\OpenOffice.org [2010.10.22 07:01:35 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\PC Suite [2010.07.15 21:22:01 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\PhotoScape [2010.09.16 14:14:03 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\Shareaza [2010.12.06 08:10:49 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\Thunderbird [2010.11.13 21:12:10 | 000,000,000 | ---D | M] -- C:\Users\Carsten\AppData\Roaming\XMedia Recode [2011.04.19 14:51:16 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.04.18 15:29:04 | 000,000,450 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{692325B4-3D4D-48E2-A700-8A0B9715E685}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.07.15 04:51:57 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.07.29 23:34:05 | 000,000,000 | -HSD | M] -- C:\Boot [2010.03.03 16:14:48 | 000,000,000 | ---D | M] -- C:\CHAMP [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.02.13 15:27:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.07.16 20:56:07 | 000,000,000 | ---D | M] -- C:\LEXWARE [2010.12.19 16:57:52 | 000,000,000 | ---D | M] -- C:\logs [2010.02.14 01:13:33 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.04.19 14:59:30 | 000,000,000 | ---D | M] -- C:\Program Files [2010.12.24 14:36:32 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.02.13 15:27:22 | 000,000,000 | -HSD | M] -- C:\Programme [2011.04.19 15:04:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.07.15 04:51:28 | 000,000,000 | R--D | M] -- C:\Users [2011.04.18 15:15:56 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: USERINIT.EXE > [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-19 09:21:48 ========== Alternate Data Streams ========== @Alternate Data Stream - 368 bytes -> C:\Users\Carsten\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 @Alternate Data Stream - 16 bytes -> C:\Users\Carsten\Downloads:Shareaza.GUID < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.04.2011 15:02:47 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Carsten\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,23 Gb Total Space | 45,23 Gb Free Space | 60,93% Space Free | Partition Type: NTFS
Drive D: | 74,82 Gb Total Space | 21,39 Gb Free Space | 28,59% Space Free | Partition Type: NTFS
Drive E: | 74,58 Gb Total Space | 48,66 Gb Free Space | 65,25% Space Free | Partition Type: NTFS
Drive F: | 74,47 Gb Total Space | 74,38 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Computer Name: DELL | User Name: Carsten | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3DF7010A-5A93-40EC-AC2F-E5A689A95D5F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4A88DA12-7675-4531-BDB3-CB00BC450B28}" = lport=139 | protocol=6 | dir=in | app=system |
"{5E71C421-EF83-4EC6-9220-6614AFE27587}" = rport=138 | protocol=17 | dir=out | app=system |
"{6EBC8F0F-8BEC-4B19-BE27-42FECB3130DD}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A574BC5-C269-493C-B06D-1AAE7FC67DA6}" = rport=137 | protocol=17 | dir=out | app=system |
"{B87811DA-F250-45FC-894F-A9CE53F6A825}" = lport=138 | protocol=17 | dir=in | app=system |
"{D18D22B5-44B4-4187-9640-05E03D4012DC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D509A1D9-D2AD-4465-A811-5D5945C89AE3}" = rport=139 | protocol=6 | dir=out | app=system |
"{EBCCC037-CE96-4965-A9E9-5BB66413CA2D}" = lport=445 | protocol=6 | dir=in | app=system |
"{FB57684C-2C70-4C85-B3ED-C0B250710D9A}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{131374F0-7094-481F-99AA-DD95482507E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{27CF8E99-5DC5-4847-9F42-A226CB750CBB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{287B4C99-E14F-4FEE-850B-3851BC098443}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{35AA79E0-DA5F-476D-9795-3D1C48F7D385}" = protocol=6 | dir=in | app=c:\program files\lexmark 7600 series\lxdwamon.exe |
"{3B880C29-41A8-4CE3-85A2-887911AA1A84}" = protocol=17 | dir=in | app=c:\program files\grabit\grabit.exe |
"{52B4F851-40BA-4B96-BD4A-E8072B0E480B}" = protocol=17 | dir=in | app=c:\program files\lexmark 7600 series\frun.exe |
"{59DD55D8-83C6-4F0E-A817-11559B15A3CA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdwpswx.exe |
"{65170697-3553-40ED-852C-075000736D12}" = protocol=6 | dir=in | app=c:\program files\lexmark 7600 series\frun.exe |
"{80DEE436-0C55-4D38-A951-BFDE3378ECAB}" = protocol=6 | dir=in | app=c:\program files\grabit\grabit.exe |
"{996899A6-9B84-4504-89B4-8D380826A2E6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CE8E871B-E8E7-4014-ACEB-7F4311E9610F}" = protocol=17 | dir=in | app=c:\windows\system32\lxdwcoms.exe |
"{D2AC5D5C-E4C0-4EA1-8E34-7C52DBEF5C9E}" = protocol=6 | dir=in | app=c:\windows\system32\lxdwcoms.exe |
"{D4DCD057-38AE-48EF-8127-2A045B7872B2}" = protocol=17 | dir=in | app=c:\program files\lexmark 7600 series\lxdwamon.exe |
"{DD418FF8-38D2-407B-975C-4EA28A0A7AFE}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdwpswx.exe |
"TCP Query User{2AC91CB1-BFD8-4BFB-B5EB-642419F1B0EB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{372558C3-ED79-403D-BEB4-35BFF7CA7612}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{933CB071-0C19-4FAA-9E07-B81243BE8FA9}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{FF216E2D-2D3F-44F9-891E-35E9FFD5D9A4}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{0321CF7A-4933-41E2-8EAE-4DB8BB3D43F2}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{0DC8A2F0-F309-48A7-8B97-FC22E956A515}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{368BE4C8-A545-4667-8E40-87E09F85F4BD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{BB0EE5BE-41CF-459E-817D-9ABB4D5049A4}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21C1E6B6-8796-4EEE-ACF3-F318CEFC257C}" = Lexware buchhalter 2006
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5C5B0836-9648-4057-8044-2DF181E073E2}" = TAXMAN 2010
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E9B276F-77BE-49F7-8676-C10017F9E20B}" = Lexware buchhalter Servicepack 2008, Version 13.50
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8B50F367-2686-4256-BA05-708B299961DF}" = Lexware Elster
"{9324A633-2B64-411F-BD1A-849E6438EC18}" = klickTel Routenplaner Winter 2006
"{9762315F-29C6-488C-98D4-80CDE3418102}" = Lexware buchhalter 2006
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD3BC83-C14A-4C54-A5FB-F43D93D5E4EF}" = Nokia Connectivity Cable Driver
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{BC63A4AC-435D-4AAD-9881-D0ED60804D1A}" = Lexware buchhalter Aktualisierung Februar 2008, Version 13.10
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{DA82A3EB-9C78-411D-B389-5323CE29BA88}" = Lexware buchhalter 2003
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E98371BD-6C0D-463E-B004-E6303F9A34A7}" = Lexware buchhalter 2008
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F49F760A-05DD-4424-BE2B-E084B9FDA9C0}" = Lexware buchhalter 2006
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE688026-1C8C-4E50-889D-4B6607CADC24}" = Lexware buchhalter 2008
"{FF1B3317-EADD-4AC3-BE54-37265FC9A133}" = Lexware buchhalter Servicepack 2008, Version 13.50
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.0.7
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"ClearProg" = ClearProg 1.6.0 Final
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"EasyBCD" = EasyBCD 1.7.2
"ElsterFormular 11.4.1.4323" = ElsterFormular
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.5.1
"Free Studio_is1" = Free Studio version 4.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"HaufeReader" = HaufeReader
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KHB_BH_M" = Lexware know how buchhaltung mini
"Lexmark 7600 Series" = Lexmark 7600 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"SpeedFan" = SpeedFan (remove only)
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"WinGimp-2.0_is1" = GIMP 2.6.10
"XMedia Recode" = XMedia Recode 2.2.8.4
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.04.2011 15:59:27 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.04.2011 15:59:27 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.04.2011 16:00:41 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.04.2011 16:00:41 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.04.2011 21:18:14 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.04.2011 21:18:14 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 19.04.2011 05:16:26 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 19.04.2011 05:16:26 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 19.04.2011 08:52:30 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 19.04.2011 08:52:30 | Computer Name = Dell | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 11.08.2010 10:30:50 | Computer Name = Dell | Source = Service Control Manager | ID = 7000
Description =
Error - 12.08.2010 21:20:04 | Computer Name = Dell | Source = Service Control Manager | ID = 7000
Description =
Error - 13.08.2010 10:38:27 | Computer Name = Dell | Source = Service Control Manager | ID = 7000
Description =
Error - 13.08.2010 10:46:23 | Computer Name = Dell | Source = Service Control Manager | ID = 7000
Description =
Error - 14.08.2010 10:28:45 | Computer Name = Dell | Source = Service Control Manager | ID = 7000
Description =
Error - 15.08.2010 14:23:12 | Computer Name = Dell | Source = Service Control Manager | ID = 7000
Description =
Error - 17.08.2010 01:22:50 | Computer Name = Dell | Source = Service Control Manager | ID = 7000
Description =
Error - 18.08.2010 03:22:53 | Computer Name = Dell | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 22.08.2010 14:26:43 | Computer Name = Dell | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 22.08.2010 um 20:24:52 unerwartet heruntergefahren.
Error - 22.08.2010 14:28:21 | Computer Name = Dell | Source = Service Control Manager | ID = 7000
Description =
< End of report >
GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-19 16:20:16
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9160821AS rev.3.CDE
Running: g2m3e4r.exe; Driver: C:\Users\Carsten\AppData\Local\Temp\pxldapod.sys
---- System - GMER 1.0.15 ----
INT 0x52 ? 85CD6F00
INT 0x62 ? 85CD6F00
INT 0x62 ? 85CD6F00
INT 0x62 ? 85CD6F00
INT 0x72 ? 85CD6F00
INT 0x72 ? 85CD6F00
INT 0x72 ? 85CD6F00
INT 0x72 ? 85CD6F00
INT 0x92 ? 84487BF8
INT 0xB2 ? 84487BF8
INT 0xB2 ? 84487BF8
INT 0xB2 ? 84487BF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spum.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 881D441B 5 Bytes JMP 85CD64E0
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[3832] ntdll.dll!LdrLoadDll 77A393A8 5 Bytes JMP 003B13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 84E1A1F8
Device \Driver\volmgr \Device\VolMgrControl 844891F8
Device \Driver\usbuhci \Device\USBPDO-0 85D011F8
Device \Driver\usbuhci \Device\USBPDO-1 85D011F8
Device \Driver\usbehci \Device\USBPDO-2 85CA41F8
Device \Driver\usbuhci \Device\USBPDO-3 85D011F8
Device \Driver\netbt \Device\NetBT_Tcpip_{172F17B8-BDA7-467B-91E7-3F57134886A7} 873DA500
Device \Driver\usbuhci \Device\USBPDO-4 85D011F8
Device \Driver\usbuhci \Device\USBPDO-5 85D011F8
Device \Driver\usbehci \Device\USBPDO-6 85CA41F8
Device \Driver\volmgr \Device\HarddiskVolume1 844891F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
Device \Driver\volmgr \Device\HarddiskVolume2 844891F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
Device \Driver\cdrom \Device\CdRom0 85DE81F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E181F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 84E181F8
Device \Driver\atapi \Device\Ide\IdePort0 84E181F8
Device \Driver\atapi \Device\Ide\IdePort1 84E181F8
Device \Driver\atapi \Device\Ide\IdePort2 84E181F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 84E191F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 84E181F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 84E191F8
Device \Driver\volmgr \Device\HarddiskVolume3 844891F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
Device \Driver\volmgr \Device\HarddiskVolume4 844891F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
Device \Driver\netbt \Device\NetBt_Wins_Export 873DA500
Device \Driver\Smb \Device\NetbiosSmb 873C61F8
Device \Driver\netbt \Device\NetBT_Tcpip_{694715B8-88F3-4488-807E-6BD8ACED2B03} 873DA500
Device \Driver\iScsiPrt \Device\RaidPort0 85E0B1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{BFEF0390-4D4F-486A-BF07-063D753059C5} 873DA500
Device \Driver\usbuhci \Device\USBFDO-0 85D011F8
Device \Driver\usbuhci \Device\USBFDO-1 85D011F8
Device \Driver\usbehci \Device\USBFDO-2 85CA41F8
Device \Driver\usbuhci \Device\USBFDO-3 85D011F8
Device \Driver\usbuhci \Device\USBFDO-4 85D011F8
Device \Driver\usbuhci \Device\USBFDO-5 85D011F8
Device \Driver\usbehci \Device\USBFDO-6 85CA41F8
Device \FileSystem\cdfs \Cdfs A20971F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cdc7873
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e4cdc7873 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Geändert von casi1a (19.04.2011 um 16:32 Uhr) |
| Themen zu Bundespolizei-Trojaner. Ist er weg ? |
| alternate, antivir, any video converter, audiograbber, autorun, avgntflt.sys, avira, bho, bundespolizei-trojaner, converter, defender, desktop.ini, error, festplatte, firefox, flash player, format, frage, gruppe, home, homepage, install.exe, jdownloader, keine programme, location, mozilla, mozilla thunderbird, ntdll.dll, nvlddmkm.sys, oldtimer, plug-in, port, registry, rundll, saver, scan, searchplugins, security, shell32.dll, software, sptd.sys, start menu, super, tcp, udp, usb, usbport.sys, video converter, vista, winload toolbar, xperia |
Baum-Darstellung