| |
| |||||||
Log-Analyse und Auswertung: Log auswertung, da verdachtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.05.2011, 18:42
| #1 |
 |  Log auswertung, da verdacht Hey, Aufgrund eines verdachts (Accountklau) würde habe ich den verdacht dass sich was eingeschlichen haben könnte. Hier die Logs Code:
ATTFilter OTL logfile created on: 04.05.2011 19:18:18 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free 5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 465,75 Gb Total Space | 367,18 Gb Free Space | 78,84% Space Free | Partition Type: NTFS Drive D: | 27,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MAJEDSZIMMER | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) PRC - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- File not found SRV - (Futuremark SystemInfo Service) -- C:\Programme\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.) ========== Driver Services (SafeList) ========== DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (ATI Technologies, Inc.) DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (nusb3xhc) -- C:\WINDOWS\system32\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV - (nusb3hub) -- C:\WINDOWS\system32\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (se59obex) -- C:\WINDOWS\system32\drivers\se59obex.sys (MCCI) DRV - (se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\se59mgmt.sys (MCCI) DRV - (se59mdm) -- C:\WINDOWS\system32\drivers\se59mdm.sys (MCCI) DRV - (se59mdfl) -- C:\WINDOWS\system32\drivers\se59mdfl.sys (MCCI) DRV - (se59bus) Sony Ericsson Device 089 driver (WDM) -- C:\WINDOWS\system32\drivers\se59bus.sys (MCCI) DRV - (se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS) -- C:\WINDOWS\system32\drivers\se59nd5.sys (MCCI) DRV - (se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM) -- C:\WINDOWS\system32\drivers\se59unic.sys (MCCI) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI) DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.30 11:59:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.30 11:59:45 | 000,000,000 | ---D | M] [2011.01.22 17:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2011.05.04 18:46:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\810pskds.default\extensions [2011.02.05 13:35:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\810pskds.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.12 20:12:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\810pskds.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.05 21:56:24 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\810pskds.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe} [2011.02.15 22:03:58 | 000,000,000 | ---D | M] (vShare) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\810pskds.default\extensions\vshare@toolbar [2011.05.04 18:56:37 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\810pskds.default\searchplugins\icqplugin.xml [2011.05.03 19:46:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.22 17:51:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.06 13:40:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.06 16:03:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO File not found (No name found) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2011.01.22 17:51:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchddr.xml [2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKLM..\RunOnce: [MessengerPlusLiveUninstall] C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\MsgPlusUninstall.exe (Yuna Software) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.01.22 17:26:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.01.12 10:39:42 | 000,000,437 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2009.01.12 10:39:40 | 000,000,012 | R--- | M] () - D:\autorun.tag -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.04 19:16:50 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2011.05.04 19:06:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google [2011.05.04 18:53:01 | 000,000,000 | ---D | C] -- C:\0f9349b98a6f18fc012d90c0d7fe275c [2011.05.04 18:52:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2011.05.04 18:51:53 | 000,000,000 | ---D | C] -- C:\88d8b690b39a5eec20 [2011.05.01 13:52:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2011.05.01 01:03:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DivX [2011.05.01 01:01:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [2011.05.01 01:01:32 | 000,000,000 | ---D | C] -- C:\Programme\Google [2011.05.01 01:01:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google [2011.05.01 01:01:24 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2011.05.01 01:00:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX [2011.04.17 14:20:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\NFS SHIFT [2011.04.17 14:10:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Electronic Arts [2011.04.17 14:06:44 | 000,000,000 | ---D | C] -- C:\Programme\Electronic Arts [2011.04.17 13:58:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\NVIDIA Corporation [2011.04.17 13:58:02 | 000,000,000 | ---D | C] -- C:\Programme\AGEIA Technologies [2011.04.17 13:58:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA [2011.04.16 11:43:53 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Videos [2011.04.16 11:43:13 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2011.04.16 11:43:00 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Connect 2 [2011.04.16 11:42:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2011.04.16 11:41:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage [2011.04.15 19:22:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2011.04.15 19:22:15 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.04.15 19:22:13 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.04.10 15:54:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org [2011.04.10 15:54:22 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.3 [2011.04.10 15:53:49 | 000,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3 [2011.04.10 15:52:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\OpenOffice.org 3.3 (de) Installation Files [2011.04.06 22:08:59 | 000,000,000 | ---D | C] -- C:\Programme\Yuna Software [2011.01.22 17:35:23 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll [2011.01.22 17:35:23 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.04 19:16:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2011.05.04 19:00:00 | 000,000,246 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job [2011.05.04 18:56:19 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2011.05.04 18:46:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.05.03 19:36:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.05.01 01:03:45 | 000,001,484 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\DivX Movies.lnk [2011.04.30 17:59:21 | 000,032,368 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\achraf.odt [2011.04.30 16:09:25 | 000,148,992 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.20 13:02:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.04.17 14:10:36 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Need for Speed™ SHIFT.lnk [2011.04.16 11:43:06 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2011.04.16 11:43:06 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2011.04.16 11:42:18 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2011.04.15 19:22:46 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2011.04.15 14:39:02 | 000,000,865 | ---- | M] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel [2011.04.11 21:39:32 | 000,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.04.10 15:55:11 | 000,000,836 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk [2011.04.10 15:54:23 | 000,000,861 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.3.lnk [2011.04.10 15:53:27 | 000,516,590 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.04.10 15:53:27 | 000,493,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.04.10 15:53:27 | 000,100,494 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.04.10 15:53:27 | 000,083,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.01 01:03:45 | 000,001,484 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\DivX Movies.lnk [2011.04.30 17:59:21 | 000,032,368 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\achraf.odt [2011.04.17 14:10:36 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Need for Speed™ SHIFT.lnk [2011.04.16 12:11:07 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.16 11:42:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2011.04.15 19:22:46 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2011.04.15 14:39:02 | 000,000,865 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel [2011.04.10 15:55:11 | 000,000,836 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk [2011.04.10 15:54:23 | 000,000,861 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.3.lnk [2011.03.26 19:04:37 | 000,189,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2011.03.26 19:04:37 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2011.03.25 17:41:16 | 000,000,976 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini [2011.02.06 18:32:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2011.01.26 15:06:23 | 000,013,440 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.01.24 21:20:31 | 000,193,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.01.24 18:51:34 | 000,148,992 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.22 17:47:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.01.22 17:42:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011.01.22 17:42:18 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2011.01.22 17:42:18 | 000,224,342 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.01.22 17:42:18 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2011.01.22 17:42:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2011.01.22 17:42:10 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2011.01.22 17:36:27 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2011.01.22 17:33:38 | 000,045,408 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2011.01.22 17:32:38 | 000,049,152 | R--- | C] () -- C:\WINDOWS\DAOD.exe [2011.01.22 17:32:36 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2011.01.22 17:32:31 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2011.01.22 17:32:27 | 000,035,111 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2011.01.22 17:32:27 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011.01.22 17:27:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.01.22 17:23:58 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.01.22 17:15:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.01.22 17:14:19 | 000,123,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008.12.01 19:32:32 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll [2004.08.04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.08.04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 14:00:00 | 000,516,590 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.08.04 14:00:00 | 000,493,190 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.08.04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 14:00:00 | 000,100,494 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.08.04 14:00:00 | 000,083,734 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.08.04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2004.08.04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.04 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.08.04 14:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2004.08.04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003.05.14 15:20:44 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\HPBVNSTP.dll [2002.12.19 16:20:26 | 000,000,209 | ---- | C] () -- C:\WINDOWS\System32\HPBVNSTP.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1 < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.05.2011 19:18:18 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 367,18 Gb Free Space | 78,84% Space Free | Partition Type: NTFS
Drive D: | 27,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1"
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\mIRC\MIRC.v7.07.Beta.Incl.Keygen.and.Patch-Lz0\Lz0\mirc.exe" = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\mIRC\MIRC.v7.07.Beta.Incl.Keygen.and.Patch-Lz0\Lz0\mirc.exe:*:Enabled:mIRC
"C:\Programme\Steamless CounterStrikeSource Pack\hl2.exe" = C:\Programme\Steamless CounterStrikeSource Pack\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\EA Sports\FIFA 11\Game\fifa.exe" = C:\Programme\EA Sports\FIFA 11\Game\fifa.exe:*:Enabled:FIFA 11 -- (Electronic Arts)
"C:\Programme\mIRC\MIRC.v7.07.Beta.Incl.Keygen.and.Patch-Lz0\Lz0\mirc.exe" = C:\Programme\mIRC\MIRC.v7.07.Beta.Incl.Keygen.and.Patch-Lz0\Lz0\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()
"C:\Programme\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe" = C:\Programme\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe:*:Enabled:Assassin's Creed Brotherhood -- ()
"C:\Programme\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe" = C:\Programme\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe:*:Enabled:Assassin's Creed Brotherhood Multiplayer -- ()
"C:\Programme\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe" = C:\Programme\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe:*:Enabled:Assassin's Creed Brotherhood Update -- ()
"C:\Programme\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe" = C:\Programme\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe:*:Enabled:Assassin's Creed Brotherhood Uplay -- (Ubisoft Entertainment)
"C:\Dokumente und Einstellungen\***\Desktop\dslan_v1.4\apache\bin\apache.exe" = C:\Dokumente und Einstellungen\***\Desktop\dslan_v1.4\apache\bin\apache.exe:*:Enabled:Apache HTTP Server
"C:\Dokumente und Einstellungen\***\Desktop\dslan_v1.4\mysql\bin\mysqld.exe" = C:\Dokumente und Einstellungen\***\Desktop\dslan_v1.4\mysql\bin\mysqld.exe:*:Enabled:mysqld
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{09791F2E-0741-3D25-B2E8-9C760C90E59C}" = CCC Help Portuguese
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0EFFACE1-41CC-A3E5-C276-E53A0FB137CF}" = CCC Help Norwegian
"{10488662-3045-B904-65E4-46AEF558B577}" = ATI Problem Report Wizard
"{119BF790-B7A8-1E96-093F-2B5A5C5D5A0A}" = CCC Help English
"{1940E2BF-478C-FD79-CBCF-3171B4A4DA12}" = CCC Help Dutch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{293C028C-F54A-4E19-EF7B-116263B7E367}" = ATI Catalyst Install Manager
"{29E9096E-519C-00B0-0238-3E46292C855E}" = Catalyst Control Center Graphics Previews Common
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{376AB772-227C-FEB0-4DCE-8FD3A7C50B89}" = CCC Help Turkish
"{395E71B0-C61A-9144-D052-2B8AF71F89D3}" = ATI AVIVO Codecs
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E14C046-F86E-7392-51CB-6C36E12FC790}" = CCC Help Russian
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{450ED731-A1E5-93A2-0CE2-A0700605FDFB}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BE0CBC5-A04F-9FBE-D789-0D8EB5F6F581}" = CCC Help Chinese Standard
"{4F177D60-4C31-5657-8FD3-3DD9C36207B8}" = Catalyst Control Center Localization All
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B87449D-B93D-24F7-917C-7EAFFC1E0972}" = CCC Help Japanese
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{68620AD7-0252-7CF7-55EB-2FF226758973}" = CCC Help Swedish
"{688BB5A1-9CCD-1C7F-ECAB-3666F09389EF}" = CCC Help Czech
"{6D95D02E-781A-8B04-3843-6711F8B40BF5}" = CCC Help Spanish
"{700C0416-67EE-D9E2-EA85-9C02C964074C}" = CCC Help Hungarian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{825E9A84-1E03-4526-9F8E-45015C938A7C}" = WBFS Manager 4.0
"{82D8EE4A-030F-E24D-15E2-0EEED09790A6}" = CCC Help French
"{885A2A40-E7B5-25D6-2044-39C80E490035}" = CCC Help Chinese Traditional
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8CFB49BD-E683-DDE6-6A61-6B246E931F52}" = HydraVision
"{8F55DC91-FCE5-976C-B29B-C8963918E42A}" = CCC Help Danish
"{92AA01A5-FEE3-746C-B378-EC67F6ECD6FD}" = CCC Help Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99788019-0C81-8243-A9A5-E9E1D18250C3}" = CCC Help Italian
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B37DA669-405C-88A8-6DBF-887BF1BD5C2E}" = CCC Help German
"{B9A99760-B76B-4ABF-8BB1-3D461DBBFEBA}" = CCC Help Polish
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C037D08B-4883-491D-9329-DC5ACA90F797}" = Sony Ericsson PC Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8E998E0-2629-A10F-C2E1-84B431969890}" = ccc-core-static
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCC66778-C62B-D147-A3AC-B6E2FAA61715}" = Fragen-Lern-CD 4.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFFB3A06-7537-74CA-6C47-B73FDFAAB8AF}" = CCC Help Thai
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{E64AE1E5-A293-5F2B-E990-A0167E2FE275}" = CCC Help Greek
"{EC5DC48E-F1B4-FF3F-2C18-7B79539B6E69}" = ccc-utility
"{EE63A533-9E9C-36C7-452D-AD955F98A8EF}" = CCC Help Korean
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4851D03-553C-4ACE-ADBD-CA6BE8451072}" = Singles2
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"FIFA 11_is1" = FIFA 11
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"mIRC" = mIRC
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mp3tag" = Mp3tag v2.47b
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Steamless Counter Strike Source Pack" = Steamless Counter Strike Source Pack
"TeraCopy_is1" = TeraCopy 2.12
"VLC media player" = VLC media player 1.1.6
"WBFS Manager 3.0" = WBFS Manager 3.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.04.2011 06:26:09 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung icq.exe, Version 7.4.0.4629, fehlgeschlagenes
Modul mcore.dll, Version 7.4.0.4629, Fehleradresse 0x000b771b.
Error - 26.04.2011 17:14:52 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung icq.exe, Version 7.4.0.4629, fehlgeschlagenes
Modul mcore.dll, Version 7.4.0.4629, Fehleradresse 0x000b771b.
Error - 01.05.2011 12:01:59 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung icq.exe, Version 7.4.0.4629, fehlgeschlagenes
Modul mcore.dll, Version 7.4.0.4629, Fehleradresse 0x000b771b.
[ System Events ]
Error - 30.04.2011 06:34:16 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 30.04.2011 06:34:16 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 30.04.2011 06:34:16 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 30.04.2011 06:34:16 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 30.04.2011 06:34:16 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 30.04.2011 06:34:16 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 30.04.2011 06:34:17 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 30.04.2011 06:34:17 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 30.04.2011 06:34:17 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 30.04.2011 06:56:21 | Computer Name = *** | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.0.1 mit
dem Computer mit der Netzwerkhardwareadresse 00:30:F1:B9:37:12 ermittelt. Netzwerkvorgänge
könnten daher auf diesem System unterbrochen werden.
< End of report >
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6506
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
04.05.2011 19:33:21
mbam-log-2011-05-04 (19-33-21).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 151641
Laufzeit: 1 Minute(n), 48 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:40:09, on 04.05.2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Programme\PowerISO\PWRISOVM.EXE C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\OpenOffice.org 3\program\soffice.exe C:\Programme\OpenOffice.org 3\program\soffice.bin C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\ASUS.SYS\config\DVMExportService.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Mozilla Firefox\plugin-container.exe C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOKUME~1\***\LOKALE~1\Temp\MsgPlusUninstall.exe" /Cleanup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ7.4\ICQ.exe" silent loginmode=4 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Programme\Futuremark\Futuremark SystemInfo\FMSISvc.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- End of file - 6025 bytes |
| Themen zu Log auswertung, da verdacht |
| 0x00000001, 7-zip, alternate, bho, bonjour, error, firefox, flash player, fontcache, format, frage, google, helper, hijack, hijackthis, hkus\s-1-5-18, home, install.exe, installation, ip-adresse, jdownloader, location, logfile, mozilla, mp3, object, oldtimer, plug-in, poweriso, problem, realtek, registry, rundll, scan, searchplugins, security, shell32.dll, shortcut, software, usb, usb 3.0 |
Baum-Darstellung