Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner nach Besuch von suspekter Webseite

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 10.05.2011, 12:46   #16
zn8b3opd6v
 
Trojaner nach Besuch von suspekter Webseite - Standard

Trojaner nach Besuch von suspekter Webseite



meinst du, McAfee upgraden?

Alt 10.05.2011, 14:04   #17
markusg
/// Malware-holic
 
Trojaner nach Besuch von suspekter Webseite - Standard

Trojaner nach Besuch von suspekter Webseite



ein update, falls es aber eine neuere version gibt, dann upgraden, man sollte da immer auf dem neuesten stand bleiben
__________________

__________________

Alt 10.05.2011, 15:03   #18
zn8b3opd6v
 
Trojaner nach Besuch von suspekter Webseite - Standard

Trojaner nach Besuch von suspekter Webseite



Danke. Hältst Du McAfee überhaupt für eine gute Lösung? Oder Kannst Du etwas anderes empfehlen?
__________________

Alt 10.05.2011, 15:20   #19
markusg
/// Malware-holic
 
Trojaner nach Besuch von suspekter Webseite - Standard

Trojaner nach Besuch von suspekter Webseite



mcafee ist schon ok.
wenn du gescant hast geb ich dir noch weitere tipps, denn nur ein av-scanner zu nutzen reicht nicht.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.05.2011, 16:58   #20
zn8b3opd6v
 
Trojaner nach Besuch von suspekter Webseite - Standard

Trojaner nach Besuch von suspekter Webseite



So, der Scan ist endlich durch. Zum Glück nichts gefunden. Was soll ich noch installieren?

Übrigens: ich habe noch ein Notebook, soll ich dafür einen eigenen Thread aufmachen? Oder einfach hier weiter, wenn wir mit dem 1. fertig sind?
Danke für Deine Unterstütung bisher. zn


Alt 10.05.2011, 17:14   #21
markusg
/// Malware-holic
 
Trojaner nach Besuch von suspekter Webseite - Standard

Trojaner nach Besuch von suspekter Webseite



hi, was ist mit dem notebook?

http://www.trojaner-board.de/96344-a...-rechners.html
hier alle!! tipps für xp /abarbeiten.
das eingeschrenkte nutzerkonto kannst du dir sparen, ist besser wenn man das bei neu instalation macht.
anmerkungen meiner seits:

als browser solltest du den opera nutzen, er ist sicherer und schneller.
wenn er dir nicht gefällt passe ich meine anleitung für den ff an.
um das surfen sicherer zu machen, würde ich Sandboxie empfehlen.
Download:
Sandbox*Einstellungen |

(als pdf)
hier noch ein paar zusatzeinstellungen, nicht verunsichern lassen, wenn du das programm instaliert hast, werden sie klar.
den direkten datei zugriff bitte auf opera beschrenken,
bei
Internetzugriff:
opera.exe
öffne dann sandboxie, dann oben im menü auf sandbox klickem, wähle deine sandbox aus und klicke dann auf sandboxeinstellung.
dort auf anwendung, webbrowser, andere dort auf direkten zugriff auf opera bookmarks erlauben. dann auf hinzufügen und ok.
somit kannst du deine lesezeichen auch in der sandbox dauerhaft abspeichern.

wenn du mit dem programm gut auskommst, ist ne lizenz zu empfehlen.
1. es gibt dann noch ein paar mehr funktionen.
2. kommt nach nem monat die anzeige, dass das programm freeware ist, die verschwindet erst nach ner zeit, find ich n bissel nerfig.
3. ist die lizenz lebenslang gültig, kostenpunkt rund 30 €, und du kannst sie auf allen pcs in deinem haushalt einsetzen.

bitte ab sofort anstelle des browser symbols nur noch das sandboxed web browser symbol anklicken.
eine sandbox ist eine vom system isoliert arbeitene umgebung, wenn hier ein schadprogramm reingelangt, läuft es im besten falle nicht, da wir die sandbox eingeschrenkt haben, oder es läuft, kommt aber nicht raus.
kenne keine malware, die das im moment kann.
dieses konzept muss, um die maximale wirkung zu erreichen, komplett umgesetzt werden.
hier greifen nämlich mehrere maßnamen.
- updates von windows.
durch das automatische updaten von windows werden jeden monat sicherheitslücken geschlossen durch die man schadcode einschläusen kann.
- updates mit secunia und file hippo.
diese programme helfen dir, die gesammte restliche software aktuell zu halten, auch hier werden lücken geschlossen, durch die angreifer schadcode einschläusen
wir nutzen 2 programme zum prüfen auf updates, um definitiv alle abzudecken.
die updates sollten immer sofort instaliert werden.
hiermit wird einem potentiellen angreifer die möglichkeit genommen schadcode einzuschläusen.
natürlich gibts immer unbekannte, bzw bekannte aber noch nicht geschlossene lücken.
deswegen:
eingeschrenktes nutzerkonto: dieses konto ist für die tägliche arbeit, das admin konto nur für instalationen.
hier werden programme mit eingeschrenkten rechten ausgestattet, somit wird malware die möglichkeit erschwert, sich im system festzusetzen.
uac:
die uac gibt dir kontrolle über prozesse die gestartet werden sollen, bitte meldungen genau lesen und im zweifelsfalle auf nein klicken.
dep und sehop tun dies ebenfalls.
- sandboxie ist ein wichtiger bestandteil, auf den ich schon eingegangen bin.
auf ein antimalwareprogramm sollte man, zu mindest als einzellösung sich nicht verlassen.
es gibt jeden tag rund 50000 neue malware variannten, da kommt kein hersteller hinterher.
es ist aber, mit den anderen getroffenen maßnamen durchaus nützlich, wenn es, nach der geposteten anleitung konfiguriert, und damit auch immer aktuell ist.
das backup:
dieses kannst du nutzen, wenn:
- malware auf dem system ist
- es andere probleme mit dem pc gibt.
mit dem backup wird das system auf einen sauberen zustand wiederhergestellt, also führe es regelmäßig aus, dann hast du keine daten verlusste.
wenn du fragen hast, probleme, oder erfolgreich warst, melde dich bitte.
__________________
--> Trojaner nach Besuch von suspekter Webseite

Alt 10.05.2011, 17:26   #22
zn8b3opd6v
 
Trojaner nach Besuch von suspekter Webseite - Standard

Trojaner nach Besuch von suspekter Webseite



vielen dank für die Tipps zur Absicherung. Da brauche ich ein Weile dazu, um das zu verdauen und umzusetzen. Das ist eine Super-Arbeit von Euch!!!

Mit dem Notebook ist eigentlich nichts auffälliges. Aber zu Sicherheit habe ich mal Germ drübergejagt:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.14966 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-09 21:22:47
Windows 5.1.2600 Service Pack 3


---- Kernel code sections - GMER 1.0.15 ----

?  c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76FA7779-5ADB-45DC-8447-48C9907B375E}\MpKsl7838666f.sys  The system cannot find the file specified. !

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Alt 10.05.2011, 17:45   #23
markusg
/// Malware-holic
 
Trojaner nach Besuch von suspekter Webseite - Standard

Trojaner nach Besuch von suspekter Webseite



poste lieber otl logs. gmer sucht ja nur nach rootkits.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.05.2011, 18:03   #24
zn8b3opd6v
 
Trojaner nach Besuch von suspekter Webseite - Standard

Trojaner nach Besuch von suspekter Webseite



otl? was ist das?

Alt 10.05.2011, 18:04   #25
markusg
/// Malware-holic
 
Trojaner nach Besuch von suspekter Webseite - Standard

Trojaner nach Besuch von suspekter Webseite



Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.05.2011, 21:20   #26
zn8b3opd6v
 
Trojaner nach Besuch von suspekter Webseite - Standard

Trojaner nach Besuch von suspekter Webseite



Hier kommt das Zeug. Danke im Voraus.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.05.2011 21:37:33 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\tdo114\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 122,98 Gb Free Space | 26,40% Space Free | Partition Type: NTFS
 
Computer Name: ONEHEART | User Name: tdo114 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\tdo114\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\MacroData Inc\NetDrive\netdrive.exe (MacroData Inc.)
PRC - C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe (MacroData Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
PRC - C:\WINDOWS\system32\lmabcoms.exe ( )
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe (Check Point Software Technologies)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Protector Suite QL\menusw.exe (UPEK Inc.)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\tdo114\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\cabinet.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ACDaemon) --  File not found
SRV - (ndsvc) -- C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe (MacroData Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (lmab_device) -- C:\WINDOWS\System32\LMabcoms.exe ( )
SRV - (SR_Watchdog) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe (Check Point Software Technologies)
SRV - (SR_Service) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe (Check Point Software Technologies)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- c:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- c:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- c:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MpKsl7838666f) --  File not found
DRV - (MpKsle7d0f56f) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{132EDCB5-8701-46B1-BB67-6E6C6CCD7A7D}\MpKsle7d0f56f.sys (Microsoft Corporation)
DRV - (ndfs) -- C:\Program Files\MacroData Inc\NetDrive\NDFS.sys (MacroData Inc.)
DRV - (NETwLx32)     Intel(R) -- C:\WINDOWS\system32\drivers\NETwLx32.sys (Intel Corporation)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (ZTEusbnet) -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\WINDOWS\system32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (CP_OMDRV) -- C:\WINDOWS\system32\drivers\omdrv.sys (Check Point Software Technologies)
DRV - (FW1) -- C:\WINDOWS\system32\drivers\fw.sys (Check Point Software Technologies)
DRV - (VNASC) -- C:\WINDOWS\system32\drivers\vnasc.sys (Check Point Software Technologies)
DRV - (VPN-1) -- C:\WINDOWS\System32\drivers\vpn.sys (Check Point Software Technologies)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (FdRedir) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys (UPEK Inc.)
DRV - (FileDisk2) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys (UPEK Inc.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (NETMDUSB) -- C:\WINDOWS\system32\drivers\NETMD052.sys (Sony Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (SPI) -- C:\WINDOWS\system32\drivers\SonyPI.sys (Sony Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.09 18:54:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 14:18:46 | 000,000,000 | ---D | M]
 
[2010.07.23 23:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tdo114\Application Data\Mozilla\Extensions
[2011.05.10 19:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tdo114\Application Data\Mozilla\Firefox\Profiles\bgpwf7j0.default\extensions
[2011.04.03 17:11:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\tdo114\Application Data\Mozilla\Firefox\Profiles\bgpwf7j0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.10 19:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.11.28 10:31:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.06.03 17:33:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2011.02.21 18:31:30 | 000,001,195 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 192.168.178.31	clemens-iphone	tdo114s-iPhone 
O1 - Hosts: 192.168.178.23	yuko-wlan	yuko-pc
O1 - Hosts: 192.168.178.22	lexmark	printer et0021b730800d
O1 - Hosts: 192.168.178.28 ET0021B730800D lexmark ET0021B730800D.fritz.box
O1 - Hosts: 10.122.30.150	munich1
O1 - Hosts: 10.122.30.151	munich4
O1 - Hosts: 10.122.30.152	munich8
O1 - Hosts: 10.138.224.231	munich102
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Biomenu] C:\Program Files\Protector Suite QL\menusw.exe (UPEK Inc.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LMPSSDMON] C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Netdrive] C:\Program Files\MacroData Inc\NetDrive\netdrive.exe (MacroData Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-789336058-1214440339-839522115-1004..\Run: [PureSync] C:\Program Files\PureSync\PureSyncTray.exe (Jumping Bytes)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk = C:\Program Files\WISO\Steuersoftware 2011\mshaktuell.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1214440339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-789336058-1214440339-839522115-1004\..Trusted Domains: linde.com ([eu.secure] https in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://places.linde.com/qp2.cab (Lotus Quickr Class)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://eu.secure.linde.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (PSLogon.dll) - C:\WINDOWS\System32\PSLogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\ckpNotify: DllName - ckpNotify.dll - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O20 - Winlogon\Notify\psfus: DllName - fusstub.dll - C:\WINDOWS\System32\fusstub.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.17 22:42:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0b01d434-cf46-11dd-a188-544858770508}\Shell - "" = AutoRun
O33 - MountPoints2\{0b01d434-cf46-11dd-a188-544858770508}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0b01d434-cf46-11dd-a188-544858770508}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0b01d436-cf46-11dd-a188-544858770508}\Shell - "" = AutoRun
O33 - MountPoints2\{0b01d436-cf46-11dd-a188-544858770508}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0b01d436-cf46-11dd-a188-544858770508}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3d7675df-cf49-11dd-a189-0019d2254f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{3d7675df-cf49-11dd-a189-0019d2254f8b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3d7675df-cf49-11dd-a189-0019d2254f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{417cd7fc-6751-11de-a1b7-0013a98fe766}\Shell\AutoRun\command - "" = H:\EmDesk.exe
O33 - MountPoints2\{417cd7fc-6751-11de-a1b7-0013a98fe766}\Shell\EmDesk\command - "" = H:\EmDesk.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.10 19:38:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tdo114\Desktop\OTL.exe
[2011.04.25 19:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.04.16 22:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eMindMaps
[2011.04.16 22:19:55 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\tdo114\My Documents\My Safe
[2011.01.16 17:07:21 | 000,401,408 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2011.01.16 17:06:50 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabpmui.dll
[2011.01.16 17:06:49 | 001,040,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabserv.dll
[2011.01.16 17:06:49 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabusb1.dll
[2011.01.16 17:06:49 | 000,479,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabpar1.dll
[2011.01.16 17:06:49 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabiesc.dll
[2011.01.16 17:06:48 | 000,905,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabip1.dll
[2011.01.16 17:06:48 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lmablmpm.dll
[2011.01.16 17:06:48 | 000,450,560 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabiobj.dll
[2011.01.16 17:06:48 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabinpa.dll
[2011.01.16 17:06:48 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabhcp.dll
[2011.01.16 17:06:47 | 000,593,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcoms.exe
[2011.01.16 17:06:47 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcomm.dll
[2011.01.16 17:06:46 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcomc.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.10 19:40:28 | 000,001,768 | -H-- | M] () -- C:\Documents and Settings\tdo114\My Documents\Default.rdp
[2011.05.10 19:37:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tdo114\Desktop\OTL.exe
[2011.05.09 21:39:23 | 000,002,355 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MindManager X5.lnk
[2011.05.09 19:30:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.05.03 22:08:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.03 22:07:01 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.05.03 21:59:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.01 18:13:55 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011.05.01 18:07:35 | 000,000,661 | ---- | M] () -- C:\WINDOWS\wiso.ini
[2011.04.25 20:07:58 | 000,000,167 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2011.04.25 19:39:35 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011.04.22 10:47:45 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011.04.16 22:40:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eMindMaps.lnk
[2011.04.15 19:00:27 | 000,290,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.15 18:52:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.15 18:52:00 | 000,442,112 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.15 18:52:00 | 000,071,882 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.16 22:40:09 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eMindMaps.lnk
[2010.10.03 19:10:16 | 000,054,324 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.06.06 17:57:16 | 000,000,073 | ---- | C] () -- C:\WINDOWS\MindManager.INI
[2010.05.20 17:33:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\hookdllX.dll
[2010.05.20 17:33:36 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2010.03.06 09:12:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.02.18 21:57:22 | 000,000,661 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2009.12.18 20:02:13 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.09.13 16:56:12 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009.05.16 21:02:36 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009.03.06 17:33:26 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\epdf0407.dll
[2009.03.06 17:31:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\epdf0406.dll
[2009.02.06 21:50:01 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\tdo114\Local Settings\Application Data\fusioncache.dat
[2009.01.15 20:04:42 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.01.09 00:16:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2009.01.08 19:24:50 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009.01.08 19:24:50 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009.01.08 19:24:50 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009.01.08 19:24:50 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009.01.08 19:24:50 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009.01.08 19:24:50 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009.01.08 19:24:50 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009.01.08 19:24:50 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009.01.08 19:24:50 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009.01.08 19:24:50 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009.01.08 19:24:50 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009.01.08 19:24:50 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009.01.08 19:24:50 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009.01.08 19:24:50 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009.01.08 19:24:50 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009.01.08 19:24:50 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009.01.08 19:24:50 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009.01.08 19:24:50 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009.01.08 19:24:50 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008.12.24 17:25:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.12.23 21:55:01 | 000,000,250 | ---- | C] () -- C:\WINDOWS\PSIDATA.INI
[2008.12.21 13:36:53 | 000,068,946 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2008.12.21 13:36:53 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2008.12.21 11:50:42 | 000,228,216 | ---- | C] () -- C:\WINDOWS\OptionPCCardInstaller_tmccUninstall.exe
[2008.12.20 19:16:26 | 000,017,596 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008.12.20 19:16:24 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.12.20 17:27:52 | 000,222,208 | ---- | C] () -- C:\Documents and Settings\tdo114\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.20 17:15:06 | 000,001,172 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008.12.20 10:18:29 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008.12.19 23:35:52 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008.12.19 23:35:52 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008.12.19 23:34:53 | 000,000,704 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008.12.19 23:24:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008.12.19 23:24:48 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008.12.19 23:24:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008.12.19 23:24:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008.12.19 23:24:48 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008.12.19 23:24:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008.12.19 23:24:22 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008.12.19 23:24:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2008.12.19 22:16:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.12.19 20:57:45 | 000,000,167 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2008.12.19 01:35:45 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\drivers\default.bin
[2008.12.19 01:35:45 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\default.bin
[2008.12.18 00:59:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.12.17 23:50:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008.12.17 23:49:21 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008.12.17 23:28:03 | 000,000,748 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.12.17 23:21:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.12.17 23:20:00 | 000,290,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.12.17 22:43:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.12.17 22:39:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008.01.29 17:15:16 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2008.01.29 17:15:04 | 000,106,588 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2007.10.22 08:53:12 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2007.08.06 13:34:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\bmverify.exe
[2006.10.31 18:37:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2006.08.10 16:00:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2006.06.20 10:45:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005.07.22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.08.02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.08.23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 14:00:00 | 000,442,112 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 14:00:00 | 000,071,882 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2008.12.21 13:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Birdstep Technology
[2008.12.18 00:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Protector Suite
[2010.05.21 17:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2010.02.18 21:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buhl Data Service GmbH
[2010.04.12 21:48:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010.04.30 18:39:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2008.12.20 10:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2009.05.30 14:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IEConfiguration1und1
[2011.02.15 18:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008.12.20 17:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mindjet
[2009.05.16 20:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2008.12.20 10:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009.07.16 21:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.06.03 16:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010.10.03 16:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.21 18:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
[2010.05.21 18:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2010.02.18 21:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Buhl Data Service
[2010.05.21 18:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Bytemobile
[2010.04.30 18:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Canon
[2008.12.25 18:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\DMCache
[2010.05.21 18:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\FRITZ!
[2008.12.19 23:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\InterVideo
[2011.01.28 22:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Jumping Bytes
[2011.02.15 18:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks
[2011.05.01 18:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\KeePass
[2010.11.25 08:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\NetDrive
[2008.12.19 21:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\OfficeUpdate12
[2010.08.01 09:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Opera
[2010.07.22 22:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Panasonic
[2008.12.19 20:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Protector Suite
[2010.05.21 18:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Vodafone
[2010.05.22 20:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Vodafone Mobile Connect
[2010.02.11 18:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Wireshark
[2005.01.05 00:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Protector Suite
[2011.05.03 22:07:01 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2010.10.07 22:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008.12.20 00:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2010.11.05 14:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008.12.24 15:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009.01.11 19:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010.05.21 17:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2010.02.18 21:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buhl Data Service GmbH
[2010.04.12 21:48:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010.04.30 18:39:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2008.12.20 10:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2010.05.21 18:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010.07.22 22:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009.05.30 14:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IEConfiguration1und1
[2008.12.18 01:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2011.02.15 18:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011.01.27 20:07:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008.12.20 17:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mindjet
[2008.12.20 03:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009.05.16 20:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2011.03.27 17:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010.08.01 09:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2008.12.19 20:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2008.12.20 10:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009.09.13 16:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010.02.22 12:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009.07.16 21:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.06.03 16:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2008.12.19 19:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010.10.03 16:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009.02.04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2010.10.03 16:42:21 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
[2010.11.22 23:30:34 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.1.0.56\SetupAdmin.exe
[2010.12.19 15:09:31 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.1.1.4\SetupAdmin.exe
[2011.02.06 12:46:07 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.1.2.17\SetupAdmin.exe
[2011.03.07 20:32:48 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.2.0.34\SetupAdmin.exe
[2011.03.21 20:31:09 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.2.1.1\SetupAdmin.exe
[2011.04.25 19:31:32 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.2.2.12\SetupAdmin.exe
[2008.11.20 15:06:44 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.2.20\SetupAdmin.exe
 
< %APPDATA%\*. >
[2009.03.07 20:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Adobe
[2009.01.06 12:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Ahead
[2010.11.05 14:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Apple Computer
[2010.03.31 21:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\ArcSoft
[2010.02.18 21:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Buhl Data Service
[2010.05.21 18:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Bytemobile
[2010.04.30 18:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Canon
[2008.12.25 18:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\DMCache
[2009.08.16 12:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\dvdcss
[2010.05.21 18:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\FLEXnet
[2010.05.21 18:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\FRITZ!
[2009.01.11 16:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Help
[2008.12.19 20:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Identities
[2008.12.19 20:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Intel
[2008.12.19 23:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\InterVideo
[2011.01.28 22:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Jumping Bytes
[2011.02.15 18:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks
[2011.05.01 18:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\KeePass
[2008.12.19 21:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Macromedia
[2011.03.08 21:56:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\tdo114\Application Data\Microsoft
[2010.07.23 23:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Mozilla
[2010.11.25 08:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\NetDrive
[2008.12.19 21:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\OfficeUpdate12
[2010.08.01 09:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Opera
[2010.07.22 22:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Panasonic
[2008.12.19 20:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Protector Suite
[2009.03.01 15:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Real
[2009.09.13 17:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Sony Corporation
[2010.02.22 12:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Sun
[2010.05.21 18:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Vodafone
[2010.05.22 20:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Vodafone Mobile Connect
[2010.02.11 18:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Wireshark
 
< %APPDATA%\*.exe /s >
[2010.06.08 09:24:36 | 000,304,496 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsCacheCleaner.exe
[2010.06.08 09:24:36 | 000,045,168 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Cache Cleaner 6.5.0\uninstall.exe
[2011.01.10 00:05:24 | 000,075,384 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Host Checker\64bitProxy.exe
[2010.06.08 09:32:32 | 000,300,400 | ---- | M] (Juniper Networks") -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Host Checker\dsHostChecker.exe
[2010.06.08 09:32:34 | 000,234,864 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Host Checker\dsHostCheckerProxy.exe
[2010.06.08 09:32:34 | 000,157,040 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Host Checker\InstallHelper.exe
[2010.06.08 09:32:44 | 000,056,072 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Host Checker\uninstall.exe
[2010.06.03 01:46:12 | 000,132,464 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Setup Client\dsmmf.exe
[2010.06.03 01:46:12 | 000,497,008 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2010.06.03 01:45:36 | 000,330,088 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2010.06.03 01:44:10 | 000,218,232 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2010.06.03 01:46:18 | 000,050,840 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Setup Client\uninstall.exe
[2010.06.03 01:44:06 | 000,062,904 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\setup\dsmmf.exe
[2010.06.03 01:44:04 | 000,042,432 | R--- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\setup\JuniperSetupApp.exe
[2010.06.03 01:44:06 | 000,116,080 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\setup\JuniperSetupClient.exe
[2011.02.15 18:27:40 | 000,037,464 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\setup\uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 04:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002.08.29 04:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2003.02.04 19:20:52 | 000,032,869 | ---- | M] () MD5=CE5E1F8F0E54F7BF3403F2D8FCD696FE -- C:\Program Files\Perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.12.17 23:18:52 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.12.17 23:18:52 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.12.17 23:18:52 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 48 bytes -> C:\WINDOWS:4822140BF83F89D8
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.05.2011 21:37:33 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\tdo114\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 122,98 Gb Free Space | 26,40% Space Free | Partition Type: NTFS
 
Computer Name: ONEHEART | User Name: tdo114 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = PFE32] -- C:\Program Files\Pfe\PFE32.EXE ()
.cmd [@ = PFE32] -- C:\Program Files\Pfe\PFE32.EXE ()
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.ini [@ = PFE32] -- C:\Program Files\Pfe\PFE32.EXE ()
.txt [@ = PFE32] -- C:\Program Files\Pfe\PFE32.EXE ()
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- (Check Point Software Technologies)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- (Check Point Software Technologies)
"D:\Setup\HPZnet01.exe" = D:\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Documents and Settings\tdo114\Local Settings\Temp\Nero Web\SetupXu.exe" = C:\Documents and Settings\tdo114\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:HP AiO Fax Manager
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:HP CUE-Scanning Flow Component
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:Embedded Web Server Link application
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw
"C:\Program Files\1&1\FritzDsl.exe" = C:\Program Files\1&1\FritzDsl.exe:*:Enabled:FritzDsl.exe
"C:\Program Files\1&1\FBOXDIAG.EXE" = C:\Program Files\1&1\FBOXDIAG.EXE:*:Enabled:FBOXDIAG.EXE
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe" = C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe:*:Enabled:NetDrive service -- (MacroData Inc.)
"C:\WINDOWS\system32\lmabcoms.exe" = C:\WINDOWS\system32\lmabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP Server -- ( )
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}" = InterVideo WinDVD 6
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.31
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B63F6AD-3DBF-4585-A5FC-CB73CE793D53}" = ActivePerl 5.8.0 Build 805
"{8DF4C627-4AF3-4245-9F13-3518FC8584DC}" = Protector Suite QL 5.3
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901E0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP German User Interface Pack
"{901E0411-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Japanese User Interface Pack
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90530407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9FC7D8E1-F14F-11D4-943A-00E02950B496}" = Microsoft Office XP Pro Step by Step Interactive
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B6978663-024B-40D6-A58E-EFF1A9C07108}" = PureSync
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C518C7BF-A345-4019-815B-FFDF32EBCAD9}" = VAIO HDD Protection
"{c5ae39ac-ff79-47e1-b69c-c05ac7de9cf2}" = Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E06818F4-8543-4FC8-9365-0CFF22BE2608}" = MindManager X5
"{EAF092E3-6B95-41E8-B468-94B85DAD8603}" = eDocPrinter PDF Pro Ver 6.48 
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F8F28729-B336-492C-B4FD-53A9BBDF0482}" = Intel(R) PROSet/Wireless WiFi-Software
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Premium
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"Applian FLV Player2.0.23" = Applian FLV Player
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"eMindMaps" = eMindMaps
"FLV Player" = FLV Player 2.0 (build 25)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"KeePass Password Safe_is1" = KeePass Password Safe 1.10
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.14
"Lexmark_HostCD" = Lexmark Software Uninstall
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetDrive" = NetDrive
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"OptionPCCardInstaller_tmcc" = Option PC Cards driver package
"PingPlotter Standard" = PingPlotter Standard 3.20.1s
"ProInst" = Intel PROSet Wireless
"PureSync" = PureSync 2.8.1
"RealPlayer 6.0" = RealPlayer
"Recover My Files_is1" = Recover My Files
"Uninstall_is1" = Uninstall 1.0.0.1
"VuePrint" = VuePrint
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.1
"Wireshark" = Wireshark 1.2.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-789336058-1214440339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.04.2011 19:39:06 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3968
 
Error - 23.04.2011 15:10:01 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = DNS Message from «ZERO ADDRESS»:0 to «ZERO ADDRESS»:0 length 0
 too short
 
Error - 24.04.2011 01:37:01 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 24.04.2011 01:37:01 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2032
 
Error - 24.04.2011 01:37:01 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2032
 
Error - 24.04.2011 06:59:17 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 24.04.2011 06:59:17 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2062
 
Error - 24.04.2011 06:59:17 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2062
 
Error - 25.04.2011 06:25:41 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = DNS Message from «ZERO ADDRESS»:0 to «ZERO ADDRESS»:0 length 0
 too short
 
Error - 10.05.2011 13:51:47 | Computer Name = ONEHEART | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.22.3, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 08.05.2011 12:46:01 | Computer Name = ONEHEART | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 19433 seconds ago, assumi-->
 
Error - 08.05.2011 12:46:01 | Computer Name = ONEHEART | Source = FW1 | ID = 1
Description = FW1: -->ng clock change.
 
Error - 08.05.2011 12:48:36 | Computer Name = ONEHEART | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
 times on transport \Device\NetBT_Tcpip_{4A7AA0D3-E726-4C8F-9475-EA33357AC0C5}.  The
 backup browser is stopping.
 
Error - 09.05.2011 12:42:03 | Computer Name = ONEHEART | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the SR_Service service.
 
Error - 09.05.2011 12:42:03 | Computer Name = ONEHEART | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 70982 seconds ago, assumi-->
 
Error - 09.05.2011 12:42:03 | Computer Name = ONEHEART | Source = FW1 | ID = 1
Description = FW1: -->ng clock change.
 
Error - 09.05.2011 12:42:08 | Computer Name = ONEHEART | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
 DHCP  Server) for the Network Card with network address 544858770508.  The following
 error  occurred:   %%1223.  Your computer will continue to try and obtain an address 
on its own from  the network address (DHCP) server.
 
Error - 10.05.2011 11:37:56 | Computer Name = ONEHEART | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the SR_Service service.
 
Error - 10.05.2011 11:38:01 | Computer Name = ONEHEART | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 68310 seconds ago, assumi-->
 
Error - 10.05.2011 11:38:01 | Computer Name = ONEHEART | Source = FW1 | ID = 1
Description = FW1: -->ng clock change.
 
 
< End of report >
         
--- --- ---

Alt 11.05.2011, 10:50   #27
markusg
/// Malware-holic
 
Trojaner nach Besuch von suspekter Webseite - Standard

Trojaner nach Besuch von suspekter Webseite



setze hier die tipps für xp um, außer sp3 und ie8
damit ist der laptop auch noch was sicherer.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.05.2011, 12:10   #28
zn8b3opd6v
 
Trojaner nach Besuch von suspekter Webseite - Standard

Trojaner nach Besuch von suspekter Webseite



Die Anleitung von gestern? Tausend Dank! Ist also scheinbar auch nichts drauf. Gruß zn

Alt 11.05.2011, 12:25   #29
markusg
/// Malware-holic
 
Trojaner nach Besuch von suspekter Webseite - Standard

Trojaner nach Besuch von suspekter Webseite



nö ist perfekt.
ja die anleitung von gestern
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.05.2011, 12:51   #30
zn8b3opd6v
 
Trojaner nach Besuch von suspekter Webseite - Standard

Trojaner nach Besuch von suspekter Webseite



Danke!!! PayPal könnt ihr nicht? (für ein kleines Dankeschön)

Antwort

Themen zu Trojaner nach Besuch von suspekter Webseite
.dll, besuch, bytes, c:\windows, c:\windows\system32\services.exe, crypt, experten, explorer.exe, files, gmer-log, hook, install, kernel, link, link geklickt, lsass.exe, scan, secur, service, services.exe, shell, shell32.dll, software, suspekt, svchost.exe, system, system32, trojaner, udp, webseite




Ähnliche Themen: Trojaner nach Besuch von suspekter Webseite


  1. Virusalarm nach Besuch von Facebook (nach Klicken auf einen geteilten Beitrag)
    Plagegeister aller Art und deren Bekämpfung - 01.04.2015 (23)
  2. Windows 7: PUA/DownloadSponsor.Gen Befall nach Besuch chip.de
    Log-Analyse und Auswertung - 15.03.2015 (9)
  3. Nach Filenuke-Besuch wohl Malware gefangen
    Plagegeister aller Art und deren Bekämpfung - 20.11.2014 (36)
  4. Suspekter Registry-Eintrag und Windows Mini-Anwendungsproblem
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (13)
  5. pc spinnt nach besuch von movie4k.to
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (3)
  6. Nach starten des Browsers öffnet sich GVU-Trojaner (nach kinox.to Besuch)
    Log-Analyse und Auswertung - 03.03.2013 (2)
  7. webseite mit trojaner - nach 10 sek. internet gekappt, infizierung möglich?
    Log-Analyse und Auswertung - 15.01.2013 (9)
  8. Vireninfektion nach wetter.com Besuch; Anti-Virenseiten blockiert :-/
    Log-Analyse und Auswertung - 13.08.2012 (15)
  9. Bundespolizei/GVU Trojaner nach Besuch auf Pornoseite
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (32)
  10. Windows System blockiert nach besuch von infizierten Seiten
    Log-Analyse und Auswertung - 12.02.2012 (8)
  11. [2x] Windows System blockiert nach besuch von infizierten Seiten
    Mülltonne - 11.02.2012 (1)
  12. Ukash / Bundespolizei Trojaner nach Websiten-Besuch?
    Plagegeister aller Art und deren Bekämpfung - 03.12.2011 (19)
  13. HiJackThis Log nach Besuch verdächtiger Website
    Log-Analyse und Auswertung - 15.09.2010 (10)
  14. nach besuch von iload.to geht nichts mehr nur noch reboot
    Plagegeister aller Art und deren Bekämpfung - 26.10.2009 (10)
  15. Internetverbindung instabil nach Besuch von ovguide
    Mülltonne - 29.12.2008 (2)
  16. Nach besuch von Webseite spielt Hardware verrückt
    Plagegeister aller Art und deren Bekämpfung - 06.06.2008 (3)
  17. Internet langsam nach mirc besuch
    Log-Analyse und Auswertung - 31.07.2007 (7)

Zum Thema Trojaner nach Besuch von suspekter Webseite - meinst du, McAfee upgraden? - Trojaner nach Besuch von suspekter Webseite...
Archiv
Du betrachtest: Trojaner nach Besuch von suspekter Webseite auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.