| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: stark verseuchtes SystemWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.05.2011, 09:02
| #1 |
 |  stark verseuchtes System Hallo Zusammen, ich gehe davon aus, dass das Notebook meiner Freundin extrem verseucht ist und möchte / muss mit eurer Hilfe folgendes versuchen: 1) die wichtigen Daten vom Notebook sichern (Bilder, Urlaubsvideos, Musik also MP3s, WMAs usw) insgesamt ca. 6GB Daten 2) die Kiste platt machen und neu aufsetzen Bin allerdings alles andere als ein Profi auf diesem Gebiet. Zum Problem: Auf der Kiste schlägt kein Virenscanner mehr an (höchstens mal vereinzelt 1 Fund). Es wurden nach und nach verschiedene Testversionen von Scannern getestet, wieder deinstalliert. Ob ich da noch Logs finde oder gar in der Quarantäne fündig werde bezweifle ich stark. Ich habe eine nagelneue externe Festplatte und möchte die privaten Daten darauf sichern, da Brennen auf DVD auch nicht mehr funktioniert. Hab ich die Viren / Trojaner sofort nach dem Einstecken der Externen dann da auch drauf? Ich denke mal schon. Was ist mit den Treibern? Einige davon müssten verseucht sein, da sie zum Teil merkwürdige Eigenschaften (wie z. Bsp. Erstellt in 2011 aber geändert in 2010 oder geändert in den letzten Tagen/Wochen) aufweisen. Ich habe bei Inbetriebnahme des Notebooks recovery cds erstellt (ich denke die heißen so) allerdings, Frau sei Dank....sind die unauffindbar. Würde es funktionieren einen kostenlosen Virenscanner auf der externen Festplatte zu installieren und von dort aus zu scannen? System: HP Pavillion dv 9700 Vista Home 32 bit OEM vorinstalliert -> keine Windows CD P.S Die Maus am Notebook ist eine kabellose USB Maus. Können sich Viren und Trojaner auch dort einnisten? Könnt ihr mir helfen? Bitte um Anleitung und Hilfe. Danke für eure Mühe im Vorraus. Mfg Christian |
|
18.05.2011, 10:38
| #2 |
| /// Malware-holic   | stark verseuchtes System das mit der festplatte funktioniert nicht.
__________________lass uns mal kurz nen blick drauf werfen. Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
18.05.2011, 10:48
| #3 |
| | stark verseuchtes System Hier sind die logs der letzten Tage.
__________________Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6580 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 15.05.2011 07:51:16 mbam-log-2011-05-15 (07-51-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 341609 Laufzeit: 1 Stunde(n), 24 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Windows\installer\{cd95f661-a5c4-44f5-a6aa-ecdd91c240b5}\iconcd95f6615.txt (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Micha\downloads\svchostanalyzer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. |
|
18.05.2011, 10:48
| #4 |
| | stark verseuchtes System und OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 15.05.2011 03:06:43 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Micha\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,22 Gb Total Space | 36,17 Gb Free Space | 16,35% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 194,43 Gb Free Space | 83,49% Space Free | Partition Type: NTFS Drive E: | 11,67 Gb Total Space | 2,19 Gb Free Space | 18,81% Space Free | Partition Type: NTFS Computer Name: MORPHEUS | User Name: Micha | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Micha\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) PRC - C:\Programme\F-Secure\Common\FSLAUNCH.EXE (F-Secure Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.) PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - c:\Programme\AOL\AOL Toolbar 5.0\AolTbServer.exe (AOL LLC) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Micha\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FSORSPClient) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (FSDFWD) -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (FSMA) -- C:\Program Files\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) ========== Driver Services (SafeList) ========== DRV - (fsbts) -- C:\Windows\system32\Drivers\fsbts.sys () DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys () DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation) DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (F-Secure Filter) -- C:\Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys () DRV - (F-Secure Recognizer) -- C:\Programme\F-Secure\Anti-Virus\win2k\fsrec.sys () DRV - (fsvista) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsvista.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (vusbbus) -- C:\Windows\System32\drivers\vusbbus.sys (Chingachguk & Denger2k (HL mod)) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom) DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (Hardlock) -- C:\Windows\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (aksusb) -- C:\Windows\System32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.) DRV - (akshasp) -- C:\Windows\System32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.) DRV - (w800bus) Sony Ericsson W800 driver (WDM) -- C:\Windows\System32\drivers\w800bus.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2138814109-2535878887-824852153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop IE - HKU\S-1-5-21-2138814109-2535878887-824852153-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2138814109-2535878887-824852153-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Micha\AppData\Roaming\5015 [2011.04.12 08:18:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.14 19:53:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.14 19:47:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.13 21:12:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.04.14 19:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions [2011.05.14 20:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\rlmqeg52.default\extensions [2011.04.16 16:25:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\rlmqeg52.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.16 00:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.15 16:59:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.10 14:02:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.14 17:17:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2011.01.15 16:59:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.10 14:02:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.14 17:17:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.04.12 08:18:40 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MICHA\APPDATA\ROAMING\5015 () (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLMQEG52.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI () (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLMQEG52.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2009.08.23 14:46:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.12 15:10:07 | 000,000,761 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No CLSID value found. O3 - HKU\S-1-5-21-2138814109-2535878887-824852153-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2138814109-2535878887-824852153-1000..\Run: [Power2GoExpress] C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.) O4 - Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-2138814109-2535878887-824852153-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1305411794297 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Program Files\tkpyxypw\cqhliyyk.exe) - File not found O24 - Desktop WallPaper: C:\Users\Micha\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Micha\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: fixmmem - (C:\Windows\system32\dvdunfig.dll) - File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.15 02:54:23 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.05.15 00:06:18 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8 [2011.05.13 04:10:12 | 000,000,000 | ---D | C] -- C:\Users\Micha\Heruntergelandenes Micha [2011.05.11 19:17:47 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Zitate und Power Points [2011.05.11 16:05:47 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\PeerNetworking [2011.05.03 16:34:45 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER [2011.05.03 16:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter [2011.05.03 16:33:55 | 000,307,200 | ---- | C] (FLV.com) -- C:\Windows\System32\TubeFinder.exe [2011.05.03 16:33:48 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6FR.DLL [2011.05.03 16:33:48 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6STKIT.DLL [2011.05.03 16:33:47 | 000,084,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PICCLP32.OCX [2011.05.03 16:33:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PCCLPFR.DLL [2011.05.03 16:33:46 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCFR.DLL [2011.05.03 16:33:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGFR.DLL [2011.05.03 16:33:45 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\FreeFLVConverter [2011.05.03 16:33:45 | 000,000,000 | ---D | C] -- C:\Programme\Free FLV Converter [2011.05.03 00:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011.05.03 00:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2011.05.03 00:27:45 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager [2011.04.28 15:22:11 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.04.28 15:22:07 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.28 15:21:53 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.20 20:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2011.04.20 20:45:09 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\HpUpdate [2011.04.20 20:45:07 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2011.04.19 20:52:38 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\f-secure [2011.04.19 12:31:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.04.19 12:28:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.04.19 12:28:27 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.04.19 12:28:27 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.04.19 12:28:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.04.19 12:28:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.04.19 12:28:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.04.19 12:28:24 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.04.19 12:28:24 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.04.19 12:28:24 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.04.19 12:28:24 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.04.19 12:28:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.04.19 12:28:03 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.04.19 12:28:03 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.04.19 12:28:03 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.04.19 12:28:03 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.04.19 12:28:03 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011.04.18 21:20:12 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\MigWiz [2011.04.16 08:10:30 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.16 08:09:29 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2011.04.16 08:08:41 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2011.04.16 08:08:07 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.16 08:08:06 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2011.04.16 08:08:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.16 08:07:56 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.04.16 08:07:28 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.04.16 08:07:24 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.04.16 08:07:17 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.16 08:07:14 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.16 08:07:09 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2011.04.16 08:06:51 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.04.16 08:06:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.04.16 08:06:50 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.04.16 08:06:49 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.04.16 08:06:49 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.04.16 08:06:48 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.04.16 08:06:45 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.04.16 08:06:43 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.04.16 08:06:41 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.04.16 08:06:31 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.04.16 08:06:31 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.04.16 08:06:31 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.04.16 07:50:42 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2011.04.16 07:50:15 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.16 07:50:14 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.16 07:50:13 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.16 07:50:12 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.16 07:50:12 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.16 07:50:12 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.16 07:50:09 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.16 07:49:21 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.16 07:49:16 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.04.16 07:48:41 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2011.04.16 07:48:29 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2011.04.16 07:48:25 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.16 07:48:24 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.16 07:48:05 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.04.16 07:48:05 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.04.16 07:48:05 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.04.16 07:48:04 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.04.16 07:48:02 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.04.16 07:48:01 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.04.16 07:48:01 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.04.16 07:48:01 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.04.16 07:47:59 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.04.16 07:47:59 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.04.16 07:47:59 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.04.16 07:47:44 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2011.04.16 07:47:42 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2011.04.16 07:47:38 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2011.04.16 07:47:33 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2011.04.16 07:47:31 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.04.16 07:47:30 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.04.16 07:47:29 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.04.16 07:47:29 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.04.16 07:46:42 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2011.04.16 07:46:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2011.04.16 07:46:41 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2011.04.16 07:46:35 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011.04.16 07:46:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.04.16 07:45:07 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2011.04.16 03:01:59 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2011.04.16 00:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure Anti-Virus 2011 [2011.04.16 00:39:15 | 000,037,832 | ---- | C] (F-Secure Corporation) -- C:\Windows\System32\drivers\fses.sys [2011.04.16 00:39:13 | 000,574,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp50.dll [2011.04.16 00:03:58 | 000,072,840 | ---- | C] (F-Secure Corporation) -- C:\Windows\System32\drivers\fsdfw.sys [2011.04.16 00:03:38 | 000,000,000 | ---D | C] -- C:\Programme\F-Secure [2011.04.16 00:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg [2011.04.15 23:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\f-secure [2011.04.15 23:42:34 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.04.12 08:18:41 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Micha\AppData\Roaming\AcroIEHelpe.dll [1 C:\Users\Micha\AppData\Roaming\*.tmp files -> C:\Users\Micha\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.15 02:31:24 | 000,000,182 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.05.15 02:13:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.15 01:14:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.15 01:14:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.14 23:15:45 | 000,080,641 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.05.14 23:15:31 | 000,080,641 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.05.14 23:15:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.14 23:14:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.14 23:14:34 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2011.05.14 23:08:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.05.14 20:29:36 | 000,610,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.14 20:29:35 | 000,644,894 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.14 20:29:35 | 000,133,572 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.14 20:29:35 | 000,110,664 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.14 15:16:45 | 000,000,151 | ---- | M] () -- C:\Windows\PhotoSnapViewer.INI [2011.05.13 20:35:39 | 000,071,168 | ---- | M] () -- C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.11 16:26:27 | 000,001,356 | ---- | M] () -- C:\Users\Micha\AppData\Local\d3d9caps.dat [2011.05.11 16:05:47 | 000,031,007 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\UserTile.png [2011.05.08 23:42:23 | 191,171,266 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.05.03 16:48:53 | 000,000,706 | ---- | M] () -- C:\Users\Micha\Desktop\Free M4a to MP3 Converter.lnk [2011.05.03 16:48:53 | 000,000,703 | ---- | M] () -- C:\Users\Micha\Desktop\My Music Tools.lnk [2011.05.03 16:33:57 | 000,000,916 | ---- | M] () -- C:\Users\Micha\Desktop\Free FLV Converter.lnk [2011.04.27 18:05:30 | 000,002,379 | ---- | M] () -- C:\Users\Micha\Documents\Skype.lnk [2011.04.17 10:24:49 | 000,388,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.16 00:44:11 | 000,042,664 | ---- | M] () -- C:\Windows\System32\drivers\fsbts.sys [2011.04.16 00:38:54 | 000,037,832 | ---- | M] (F-Secure Corporation) -- C:\Windows\System32\drivers\fses.sys [2011.04.16 00:38:18 | 000,072,840 | ---- | M] (F-Secure Corporation) -- C:\Windows\System32\drivers\fsdfw.sys [2011.04.16 00:36:13 | 000,574,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp50.dll [2011.04.15 23:42:48 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [1 C:\Users\Micha\AppData\Roaming\*.tmp files -> C:\Users\Micha\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.11 16:29:53 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys [2011.05.11 16:05:47 | 000,031,007 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\UserTile.png [2011.05.03 16:33:57 | 000,000,916 | ---- | C] () -- C:\Users\Micha\Desktop\Free FLV Converter.lnk [2011.05.03 16:33:48 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb [2011.05.03 16:33:47 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx [2011.05.03 16:33:46 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx [2011.04.29 19:00:09 | 191,171,266 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.04.19 12:28:04 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.04.19 12:28:04 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.04.19 12:28:04 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.04.16 00:40:15 | 000,042,664 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys [2011.04.15 23:42:48 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.06 18:49:30 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.07.23 17:00:25 | 000,000,174 | ---- | C] () -- C:\Windows\wininit.ini [2010.07.23 15:55:58 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2010.07.23 15:55:58 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2010.07.23 15:55:58 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2010.07.23 15:55:58 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2010.01.05 09:18:22 | 000,000,552 | ---- | C] () -- C:\Users\Micha\AppData\Local\d3d8caps.dat [2010.01.04 15:04:38 | 000,080,641 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.01.04 15:04:36 | 000,080,641 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.06.06 18:53:16 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.06.06 18:53:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2009.05.29 23:05:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.29 23:04:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.01.05 20:51:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.01.05 14:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe [2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini [2008.10.03 20:20:55 | 000,000,122 | ---- | C] () -- C:\Windows\kaillera.ini [2008.03.20 21:25:58 | 000,000,391 | ---- | C] () -- C:\Windows\COVERE~1.INI [2008.02.17 00:43:51 | 000,000,093 | ---- | C] () -- C:\Users\Micha\AppData\Local\fusioncache.dat [2008.02.08 20:17:57 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI [2008.02.08 19:18:15 | 000,000,182 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.02.07 22:11:58 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.02.07 22:11:58 | 000,022,328 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\PnkBstrK.sys [2008.02.07 22:11:32 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.02.07 22:11:30 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2008.02.07 22:11:30 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.02.06 23:12:15 | 000,071,168 | ---- | C] () -- C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.06 16:22:44 | 000,001,158 | ---- | C] () -- C:\Windows\mozver.dat [2008.02.06 16:14:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.02.03 17:24:56 | 000,001,356 | ---- | C] () -- C:\Users\Micha\AppData\Local\d3d9caps.dat [2008.02.03 17:24:55 | 000,027,839 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\nvModes.001 [2008.02.03 16:37:29 | 000,027,839 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\nvModes.dat [2008.02.01 20:22:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.01.20 05:10:39 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat [2008.01.20 05:10:39 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat [2008.01.20 05:10:09 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008.01.20 05:02:02 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.12.24 20:49:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.11.27 08:06:31 | 000,644,894 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2007.11.27 08:06:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2007.11.27 08:06:31 | 000,133,572 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2007.11.27 08:06:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.09.05 13:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.03.10 13:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,388,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,610,470 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,110,664 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.10 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006.02.25 20:09:38 | 000,774,144 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2005.04.04 08:59:00 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2011.04.12 08:18:40 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\5015 [2011.03.18 00:50:02 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\BitTorrent [2009.04.19 11:46:16 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\DAEMON Tools [2009.04.19 11:46:16 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\DAEMON Tools Lite [2009.04.19 11:46:14 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\DAEMON Tools Pro [2011.04.19 20:52:38 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\f-secure [2011.05.03 16:42:41 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FreeFLVConverter [2009.10.07 20:27:02 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\GetRightToGo [2011.04.12 08:18:27 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\kock [2011.05.11 16:05:47 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PeerNetworking [2008.10.17 18:43:57 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TeamViewer [2008.02.06 16:40:53 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Thunderbird [2010.06.26 20:59:21 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TS3Client [2008.02.03 17:31:47 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TuneUp Software [2011.04.12 08:18:31 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\xmldm [2010.01.01 18:16:41 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2011.05.14 23:08:07 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2008.09.06 00:04:36 | 000,000,000 | ---D | M](C:\Users\Micha\AppData\Roaming\???????sAppData) -- C:\Users\Micha\AppData\Roaming\敎潲䍄敔灭慬整sAppData [2008.09.06 00:04:36 | 000,000,000 | ---D | M](C:\Users\Micha\AppData\Roaming\???????sAppData) -- C:\Users\Micha\AppData\Roaming\敎潲䍄敔灭慬整sAppData (C:\Users\Micha\AppData\Roaming\???????sAppData) -- C:\Users\Micha\AppData\Roaming\敎潲䍄敔灭慬整sAppData ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D06A4C76 < End of report > |
|
18.05.2011, 10:49
| #5 |
| | stark verseuchtes System OTL ExtrasOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.05.2011 03:06:43 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Micha\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,22 Gb Total Space | 36,17 Gb Free Space | 16,35% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 194,43 Gb Free Space | 83,49% Space Free | Partition Type: NTFS
Drive E: | 11,67 Gb Total Space | 2,19 Gb Free Space | 18,81% Space Free | Partition Type: NTFS
Computer Name: MORPHEUS | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-2138814109-2535878887-824852153-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{95024284-9823-49D4-B4B1-7D666CCEC72D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9A8BC985-558C-4E46-AD52-F38848007B17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DEFC274-4A3A-495E-B712-1505A39AA3D2}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C14E873-0187-4DC1-A0A7-3E2822A5A3FA}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{3C417C28-96B9-4D3C-86C7-1969283726C8}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{70C81172-9879-46AA-BA5E-077D499E9050}" = protocol=6 | dir=in | app=d:\christian\perfect world\perfect world multilanguage service\patcher\patcher.exe |
"{72A44B76-E7EA-4A5E-88C8-3F2E003C38DD}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{75E20AE5-376C-444B-8D1F-960EE93AE1E0}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{7AD3A48F-5902-43BF-94E6-BB1512D91A81}" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe |
"{91B204FE-113D-4564-8389-CB053FD69404}" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe |
"{97915902-0267-49F9-8D16-1B2AA3DDB48B}" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe |
"{9AE9C323-16BB-425B-8A75-E6BBA09B7DC0}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{AEBB0968-8DFC-4A3D-8A39-54E055CCDA91}" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
"{CF6C4B40-77B5-4725-9DEB-5CE0CEB02156}" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
"{D7310273-E9FA-4EDF-9BAC-FA461E9E3705}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{DA6A5D33-ED78-496A-B5E3-1B77926515E9}" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe |
"{DB9697FA-65D0-4FB2-A6C7-6AE0A50CA501}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{E431BEEA-34F1-499F-89AE-970869ADDBD7}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{FA85ECA8-A210-41E6-9BF7-077FEF292BAF}" = protocol=17 | dir=in | app=d:\christian\perfect world\perfect world multilanguage service\patcher\patcher.exe |
"TCP Query User{2F5A0476-B056-4764-A21D-48E81E6FE965}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{757F43BA-347B-41B1-A28A-0748C3097E41}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D75DCC71-9DD9-40D8-96A0-3F8F5CCCF954}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1CEA390A-652A-45BA-88A0-20E0A7CD531D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DD0F8B0D-E42B-4A5C-A648-CE634C04A9F2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{F92E3BA2-9F61-4012-AAB6-73417D12D476}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0049D352-1D20-4FFB-8EF6-81CFBDF3ADE5}" = Soul of the Ultimate Nation
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = Die Sims™ Lebensgeschichten
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Ultra Edition
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{65AA10FF-6F32-48AE-881F-FC96E7BF3A5E}" = ESU for Microsoft Vista
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{81D2FECF-FB01-4120-828B-DB3213440356}" = EverQuest II: The Shadow Odyssey
"{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AOL Toolbar" = AOL Toolbar 5.0
"CCleaner" = CCleaner
"CCS64 V3.4" = CCS64 V3.4
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Free FLV Converter_is1" = Free FLV Converter V 6.96.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"FreePDF_XP" = FreePDF XP (Remove only)
"F-Secure Product 303" = F-Secure Anti-Virus 2011
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Security Task Manager" = Security Task Manager 1.8c
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2138814109-2535878887-824852153-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QUICKMEDIACONVERTER" = Player
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Media Center Events ]
Error - 06.02.2008 12:59:41 | Computer Name = Morpheus | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 08.02.2008 09:45:22 | Computer Name = Morpheus | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 15.10.2009 15:59:53 | Computer Name = Morpheus | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 19.10.2009 15:34:01 | Computer Name = Morpheus | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ OSession Events ]
Error - 08.08.2008 02:22:24 | Computer Name = Morpheus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 315
seconds with 180 seconds of active time. This session ended with a crash.
Error - 03.05.2011 11:00:36 | Computer Name = Morpheus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 44 seconds with 0 seconds of active time. This session ended with a crash.
Error - 03.05.2011 19:48:01 | Computer Name = Morpheus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2699 seconds with 1620 seconds of active time. This session ended with a
crash.
[ System Events ]
Error - 13.05.2011 14:35:47 | Computer Name = Morpheus | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 13.05.2011 14:35:54 | Computer Name = Morpheus | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 13.05.2011 14:35:59 | Computer Name = Morpheus | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 13.05.2011 20:32:36 | Computer Name = Morpheus | Source = Service Control Manager | ID = 7000
Description =
Error - 14.05.2011 02:18:11 | Computer Name = Morpheus | Source = Service Control Manager | ID = 7000
Description =
Error - 14.05.2011 08:20:13 | Computer Name = Morpheus | Source = Service Control Manager | ID = 7000
Description =
Error - 14.05.2011 11:48:44 | Computer Name = Morpheus | Source = Service Control Manager | ID = 7000
Description =
Error - 14.05.2011 14:23:58 | Computer Name = Morpheus | Source = Service Control Manager | ID = 7000
Description =
Error - 14.05.2011 17:07:01 | Computer Name = Morpheus | Source = Service Control Manager | ID = 7000
Description =
Error - 14.05.2011 17:14:51 | Computer Name = Morpheus | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
18.05.2011, 10:54
| #6 |
| | stark verseuchtes System ich hab mal nach svchost.exe gesucht und bedauerlicher Weise fündig geworden. Die Datei sollte es doch nur einmal, genau mit dieser Bezeichnung und in system32 geben wenn ich mich nicht irre. Sieht aber leider etwas anders aus. Den Suchlauf habe ich nach ca. 10 min. abgebrochen, da mir das als Ergebnis eigentlich schon gereicht hat.. Siehe Anhang Bitte nochmals um Hilfe. |
Linear-Darstellung
