| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus versteckt Dateien - Windows Recovery WurmWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.04.2011, 12:50
| #1 |
 |  Virus versteckt Dateien - Windows Recovery Wurm Hi, ich habe seit gestern leider das gleiche Problem! Hier sind die Logs von OTL: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.04.2011 13:40:18 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\USER\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 432,00 Mb Available Physical Memory | 42,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 71,35 Gb Free Space | 47,87% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 80,72 Gb Free Space | 54,16% Space Free | Partition Type: NTFS
Drive K: | 627,10 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: BINS-ATHLON64 | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe" = C:\Programme\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe -- (Pinnacle Systems)
"C:\Programme\Pinnacle\MediaCenter\EpgSpoolerSrv.exe" = C:\Programme\Pinnacle\MediaCenter\EpgSpoolerSrv.exe:LocalSubNet:Enabled:EpgSpoolerSrv.exe -- ( )
"C:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" = C:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:LocalSubNet:Enabled:PMC.Service.Main.exe -- (Pinnacle Systems)
"C:\Programme\Pinnacle\MediaCenter\tvtvWizard.exe" = C:\Programme\Pinnacle\MediaCenter\tvtvWizard.exe:LocalSubNet:Enabled:tvtvWizard.exe -- (Pinnacle Systems)
"C:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe" = C:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe -- ( )
"C:\Games\Sierra\FEAR\FEAR.exe" = C:\Games\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- ()
"C:\Programme\ICQ\ICQLite\ICQLite.exe" = C:\Programme\ICQ\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- (ICQ Ltd.)
"C:\Games\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Games\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00EB0426-D2D7-4E92-B6F1-B28983E2BC0B}" = OEL Screensaver Studio
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1E728246-95D5-4E72-8A9A-AC62602F39D8}_is1" = ANSTOSS 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{460CE8B9-6EC2-458A-90D4-691631ECE9D9}" = Pinnacle MediaServer
"{6411B38F-7704-484B-A93B-FD900BC8E8EB}" = PIF DESIGNER2.0
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E5BC38E-F22B-4197-00A2-CD8E58EF139D}" = FUSSBALL MANAGER 2005
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.3.139
"{782DCB70-3DF4-4366-00BF-E3767BCD173B}" = UEFA EURO 2004
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BA1FB62-A363-4D24-8870-45131F0D0137}" = EPSON PRINT Image Framer Tool2.0
"{7C22BE34-6E56-4169-8DE3-16B2938621E4}" = Application Suite
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8A793FC6-6DF5-11DD-BB6A-00018021113F}" = EPSON PhotoQuicker3.4
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Security Suite CBE 09
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9FE3F0EA-3122-47F9-BA98-3132C12D3D33}" = SEGA Rally Revo Demo
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A433AE09-2126-4dad-9CBD-C1B05DC42787}" = Windows Messenger 5.1
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{ADBBED4F-720B-460D-AA14-D85EBC4AEF97}" = TextPad
"{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C64121E9-B741-4177-00BD-7B228D3F6723}" = F1 2002
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PINNACLESYS)
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E875BE90-42E6-4539-94CC-99922FA5764B}" = pac-it MOS 2003 Test
"{E8FC7C35-F467-453D-9077-246C2178EF77}_is1" = Anstoss action A3 Integration
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle MediaCenter
"{FA031DA5-05D0-4937-BD2B-DCEC47A2506B}_is1" = ANSTOSS 2007
"{FEBC7B8D-BC69-46F7-A872-7698D03127C8}" = DiRT Demo
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows-Treiberpaket - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5)
"3D Haus Design Studio_is1" = 3D Haus Design Studio - Standard Edition -
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2004
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"aEton CommunicaEor" = aEton CommunicaEor
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnalogX CookieWall" = AnalogX CookieWall
"AnalogX Proxy" = AnalogX Proxy
"AnyDVD" = AnyDVD
"ATITool" = ATITool Overclocking Utility
"AVMWLANCLI" = AVM FRITZ!WLAN
"Back4Win_is1" = Back4Win
"BC2_is1" = Beyond Compare Version 2.5
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"Cultures - Die Entdeckung Vinlands" = Cultures - Die Entdeckung Vinlands
"DCXtended .9" = DCXtended .9
"DesertCombat" = DesertCombat 0.7
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.0.5.0
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Family Fun RC Racers" = Big Fun Funk-Flitzer
"FarmingSimulator2008_is1" = Landwirtschafts Simulator 2008
"FLV Player" = FLV Player 2.0 (build 25)
"fotokasten Comfort_is1" = fotokasten Comfort
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free DVD Video Burner_is1" = Free DVD Video Burner version 1.2
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.1
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.2
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"Google Updater" = Google Updater
"GreenBox_is1" = GreenBox 1.0
"ICQ" = ICQ
"ICQLite" = ICQ 5.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{9FE3F0EA-3122-47F9-BA98-3132C12D3D33}" = SEGA Rally Revo Demo
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Security Suite CBE 09
"Links 2001 1.0" = Microsoft Links 2001
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Odometer" = Odometer
"PhotoRecord" = Canon PhotoRecord
"Pizza Syndicate" = Pizza Syndicate deinstallieren
"QuickPar" = QuickPar 0.9
"ratDVD" = ratDVD 0.78.1444
"RemoteCapture" = Canon Utilities RemoteCapture 1.1
"Uninstall_is1" = Uninstall 1.0.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.21-2c
"WinRAR archiver" = WinRAR Archivierer
"xp-AntiSpy" = xp-AntiSpy 3.95
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.04.2011 14:51:56 | Computer Name = BINS-ATHLON64 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 12.04.2011 06:07:08 | Computer Name = BINS-ATHLON64 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 12.04.2011 06:07:08 | Computer Name = BINS-ATHLON64 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 12.04.2011 06:07:08 | Computer Name = BINS-ATHLON64 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 12.04.2011 08:24:52 | Computer Name = BINS-ATHLON64 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 12.04.2011 08:24:52 | Computer Name = BINS-ATHLON64 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 12.04.2011 08:24:52 | Computer Name = BINS-ATHLON64 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 23.04.2011 04:49:29 | Computer Name = BINS-ATHLON64 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x743b2222.
Error - 23.04.2011 04:49:35 | Computer Name = BINS-ATHLON64 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.2180, Fehleradresse 0x00043345.
Error - 23.04.2011 05:07:23 | Computer Name = BINS-ATHLON64 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung chrome.exe, Version 0.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x31344342.
[ System Events ]
Error - 23.04.2011 04:23:51 | Computer Name = BINS-ATHLON64 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 23.04.2011 04:23:55 | Computer Name = BINS-ATHLON64 | Source = Service Control Manager | ID = 7034
Description = Dienst "Symantec Event Manager" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 23.04.2011 04:24:01 | Computer Name = BINS-ATHLON64 | Source = Service Control Manager | ID = 7034
Description = Dienst "MSSQL$PINNACLESYS" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 23.04.2011 04:24:03 | Computer Name = BINS-ATHLON64 | Source = Service Control Manager | ID = 7034
Description = Dienst "Symantec Network Drivers Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 23.04.2011 04:24:06 | Computer Name = BINS-ATHLON64 | Source = Service Control Manager | ID = 7034
Description = Dienst "Symantec Settings Manager" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 23.04.2011 04:45:13 | Computer Name = BINS-ATHLON64 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 23.04.2011 04:46:47 | Computer Name = BINS-ATHLON64 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Pinnacle Systems Media Service" wurde nicht ordnungsgemäß
gestartet.
Error - 23.04.2011 04:58:47 | Computer Name = BINS-ATHLON64 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 23.04.2011 05:00:21 | Computer Name = BINS-ATHLON64 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Pinnacle Systems Media Service" wurde nicht ordnungsgemäß
gestartet.
Error - 23.04.2011 07:35:58 | Computer Name = BINS-ATHLON64 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.04.2011 13:40:18 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\USER\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 432,00 Mb Available Physical Memory | 42,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 71,35 Gb Free Space | 47,87% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 80,72 Gb Free Space | 54,16% Space Free | Partition Type: NTFS
Drive K: | 627,10 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: BINS-ATHLON64 | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\USER\Eigene Dateien\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Eraser\Eraser.exe (The Eraser Project)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCSETMGR.EXE (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Programme\Norton\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\gearsec.exe (GEAR Software)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
PRC - c:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe (Pinnacle Systems)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\MDM.EXE (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\Crypserv.exe (Kenonic Controls Ltd.)
========== Modules (SafeList) ==========
MOD - C:\Dokumente und Einstellungen\USER\Eigene Dateien\Downloads\OTL (1).exe (OldTimer Tools)
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\kloehk.dll (Kaspersky Lab)
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\adialhk.dll (Kaspersky Lab)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2527_x-ww_aa415c8a\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- File not found
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe (Kaspersky Lab)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (Norton Ghost) -- C:\Programme\Norton\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (GEARSecurity) -- C:\WINDOWS\system32\gearsec.exe (GEAR Software)
SRV - (SNDSrvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (StarWindService) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
SRV - (PinnacleSys.MediaServer) -- c:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe (Pinnacle Systems)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (EPSONStatusAgent2) -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (Kenonic Controls Ltd.)
========== Driver Services (SafeList) ==========
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (KLFLTDEV) -- C:\WINDOWS\system32\drivers\klfltdev.sys (Kaspersky Lab)
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ATITool) -- C:\WINDOWS\system32\drivers\ATITool.sys ()
DRV - (SYMIDSCO) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SymcData\ids-diskless\20061113.031\SymIDSCo.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Programme\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SymSnap) -- C:\WINDOWS\System32\drivers\SymSnap.sys (StorageCraft)
DRV - (V2IMount) -- C:\WINDOWS\System32\drivers\V2iMount.sys (Symantec Corporation)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (Vax347b) -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys ( )
DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvcchflt) -- C:\WINDOWS\system32\DRIVERS\nvcchflt.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (nvcap) nVidia WDM Video Capture (universal) -- C:\WINDOWS\system32\drivers\nvcap.sys (NVIDIA Corporation)
DRV - (NVXBAR) -- C:\WINDOWS\system32\drivers\nvxbar.sys (NVIDIA Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\System32\drivers\Changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (Vax347s) -- C:\WINDOWS\System32\Drivers\Vax347s.sys ( )
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)
DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
DRV - (NetworkX) -- C:\WINDOWS\system32\ckldrv.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.6
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.1
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\THBExt [2010.03.03 10:26:50 | 000,000,000 | ---D | M]
[2009.03.29 16:05:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Extensions
[2009.03.29 16:05:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
File not found (No name found) -- C:\PROGRAMME\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
O1 HOSTS File: ([2009.01.22 19:26:28 | 000,000,853 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKCU..\Run: [GoWNKtoBbTfMqRQ] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Odometer.lnk = C:\Programme\Odometer\Odometer.exe (Introspect Software)
O4 - Startup: C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Autostart\CookieWall.lnk = C:\Programme\AnalogX\CookieWall\cookie.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\USER\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\USER\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ie_banner_deny.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} hxxp://s1.teamlearn.de/qp2.cab (QuickPlace Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279637737812 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279637718640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.10.28 14:48:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.03.05 14:43:04 | 000,000,000 | -H-D | M] - D:\Autos -- [ NTFS ]
O32 - AutoRun File - [2003.07.05 23:33:08 | 000,892,975 | R--- | M] () - K:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.07.14 21:52:34 | 000,000,091 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7d6c6d24-1c6a-11de-b7fd-001f3f005b34}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.04.23 13:39:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\Downloads
[2011.04.23 11:12:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Malwarebytes
[2011.04.23 11:12:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.04.23 11:12:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.04.23 11:12:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.04.23 11:12:36 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.23 11:12:02 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\USER\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.23 10:19:03 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\USER\Recent
[2011.04.22 21:09:05 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011.04.22 21:08:59 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.04.12 23:42:59 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DVDVideoSoft
[2011.03.27 21:36:35 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Google Chrome
[2008.03.12 17:34:45 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\pcouffin.sys
[2006.10.05 17:40:04 | 001,772,544 | ---- | C] (CommunicaEtor) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Updater.exe
[2006.10.05 17:40:03 | 005,511,168 | ---- | C] (aEton Usenet LTD) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CommunicaEtor.exe
[2005.12.08 22:42:33 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys
[2005.12.08 22:42:33 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys
[2004.01.09 15:29:32 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\TAR32.DLL
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.04.23 13:38:06 | 000,001,240 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1606980848-839522115-1005UA.job
[2011.04.23 13:35:49 | 000,045,056 | ---- | M] ( ) -- C:\WINDOWS\System32\CompiledAdapter
[2011.04.23 13:35:11 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011.04.23 13:34:53 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.23 13:34:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.23 13:32:18 | 012,210,720 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011.04.23 13:32:18 | 001,466,400 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2011.04.23 13:32:18 | 000,097,524 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011.04.23 13:32:18 | 000,007,140 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2011.04.23 13:08:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.23 12:33:01 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011.04.23 11:12:42 | 000,000,805 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.23 11:12:14 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\USER\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.22 21:09:05 | 000,000,954 | -H-- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\Spybot - Search & Destroy.lnk
[2011.04.22 17:15:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011.04.22 13:04:35 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.04.21 19:29:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.17 21:38:02 | 000,001,188 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1606980848-839522115-1005Core.job
[2011.04.12 23:43:00 | 000,000,986 | -H-- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\Free YouTube Download.lnk
[2011.04.05 19:50:29 | 000,558,802 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.05 19:50:29 | 000,514,876 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.05 19:50:29 | 000,130,890 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.05 19:50:29 | 000,109,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.03.27 21:37:05 | 000,002,473 | -H-- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\Google Chrome.lnk
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.04.23 11:12:41 | 000,000,805 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 21:09:05 | 000,000,954 | -H-- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\Spybot - Search & Destroy.lnk
[2011.04.12 23:43:00 | 000,000,986 | -H-- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\Free YouTube Download.lnk
[2011.03.27 21:37:05 | 000,002,473 | -H-- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\Google Chrome.lnk
[2011.03.27 21:33:39 | 000,001,240 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1606980848-839522115-1005UA.job
[2011.03.27 21:33:39 | 000,001,188 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1606980848-839522115-1005Core.job
[2010.09.26 18:34:32 | 000,190,656 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.03.03 10:27:18 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010.03.03 10:27:18 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010.03.03 10:26:27 | 012,210,720 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010.03.03 10:26:27 | 001,466,400 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010.02.02 18:39:00 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\anvkgp.dat
[2010.02.02 18:03:57 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\anvkgp.dat
[2009.08.09 18:12:18 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.06.12 22:30:12 | 000,000,668 | -H-- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\vso_ts_preview.xml
[2009.04.30 13:54:14 | 000,026,577 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009.04.27 16:36:02 | 000,314,053 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\libssl32.dll
[2009.04.27 16:35:55 | 000,180,124 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\libpq.dll
[2009.04.27 16:35:51 | 000,331,742 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ssleay32.dll
[2009.04.27 16:35:43 | 001,560,983 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\libeay32.dll
[2009.01.30 14:55:58 | 000,001,451 | -H-- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\NMM-MetaData.db
[2009.01.13 18:58:33 | 000,162,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall.exe
[2008.12.07 15:22:12 | 000,097,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2008.03.12 17:34:45 | 000,087,608 | -H-- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\inst.exe
[2008.03.12 17:34:45 | 000,007,887 | -H-- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\pcouffin.cat
[2008.03.12 17:34:45 | 000,001,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\pcouffin.inf
[2007.12.23 21:58:53 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007.11.11 13:44:49 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2007.06.30 13:50:07 | 000,000,106 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2007.05.12 23:41:32 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007.01.01 22:37:06 | 000,000,210 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2006.12.26 20:05:43 | 000,000,632 | ---- | C] () -- C:\WINDOWS\Thps3.INI
[2006.12.17 01:13:09 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.11.10 15:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006.08.05 17:59:07 | 000,000,228 | ---- | C] () -- C:\WINDOWS\basscad.ini
[2006.01.29 20:43:31 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2006.01.24 14:01:50 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD321.DLL
[2006.01.22 14:35:15 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2005.12.29 01:46:58 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2005.12.26 22:34:09 | 000,001,545 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005.12.24 21:52:12 | 000,002,528 | -H-- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\$_hpcst$.hpc
[2005.12.10 04:06:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005.12.10 04:06:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005.12.09 16:37:39 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2005.12.09 16:19:25 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd0669.sys
[2005.12.08 21:03:57 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2005.11.21 21:56:57 | 000,000,272 | ---- | C] () -- C:\WINDOWS\game.ini
[2005.11.06 23:10:24 | 000,000,059 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2005.11.06 23:10:21 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2005.11.06 23:10:21 | 000,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2005.11.06 23:10:21 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2005.11.06 23:10:21 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2005.11.06 17:55:01 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.10.29 16:55:55 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.10.29 15:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005.10.29 10:42:09 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2005.10.29 10:40:25 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2005.10.29 10:40:25 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2005.10.29 10:40:25 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2005.10.29 10:40:25 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2005.10.29 10:40:25 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2005.10.28 22:59:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005.10.28 22:59:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005.10.28 22:59:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005.10.28 22:59:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005.10.28 22:59:23 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005.10.28 22:59:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005.10.28 22:50:14 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2005.10.28 22:50:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2005.10.28 22:49:31 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2005.10.28 22:48:54 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.10.28 22:37:03 | 000,000,146 | -H-- | C] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005.10.28 22:35:32 | 000,015,360 | -H-- | C] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.10.28 15:40:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.10.28 15:39:43 | 002,189,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.10.28 14:51:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.10.28 14:50:11 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.10.28 14:46:20 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.09.20 15:09:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2004.09.20 15:09:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2004.09.20 15:09:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004.09.20 15:09:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2004.09.20 15:09:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2004.09.20 15:09:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2004.09.20 15:09:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2004.09.20 15:09:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2004.08.04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 14:00:00 | 000,558,802 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 14:00:00 | 000,514,876 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 14:00:00 | 000,130,890 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 14:00:00 | 000,109,780 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 14:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.01.29 18:08:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Lkdlib.dll
[2004.01.29 17:02:48 | 000,001,900 | ---- | C] () -- C:\WINDOWS\System32\grl.dat
[2004.01.09 15:28:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LK_FDEC.dll
[2003.07.30 11:48:28 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003.07.30 10:49:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.03.26 21:18:27 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2001.03.09 18:00:00 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2001.03.09 18:00:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1997.06.14 11:11:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
< End of report >
Schon mal vielen Dank für eure super Hilfe!!!! |
| Themen zu Virus versteckt Dateien - Windows Recovery Wurm |
| 0x00000001, avp.exe, call of duty, canon, compare, eraser, fontcache, google chrome, hilfe!!, location, ntdll.dll, oldtimer, plug-in, safer networking, saver, shell32.dll, sierra, sptd.sys, super, video converter, windows internet |
Baum-Darstellung