|
Plötzlich auftauchende tojaner hi leute... ich brauche eure hilfe... bei mir tauchen immer wieder mehrmals trojaner auf...also mehrere hintereinander... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:13:17, on 18.04.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Programme\IDT\WDM\STacSV.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\AESTFltr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\sttray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\explorer.exe C:\WINDOWS\explorer.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.Yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bild.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.Yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [HKCU] C:\Programme\spynet\server.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Programme\spynet\server.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Programme\spynet\server.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Dokumente und Einstellungen\H0PE\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Dokumente und Einstellungen\H0PE\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU) O9 - Extra button: Ruby Fortune Casino - {3B06A759-C8D0-4C13-8346-5394601FE3CF} - C:\Microgaming\Casino\RubyFortune\casinogame.exe (HKCU) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Programme\IDT\WDM\STacSV.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O24 - Desktop Component 0: (no name) - hxxp://de.netlogstatic.com/p/oo/103/456/103456628.jpg |
Hallo und :hallo: bitte nen Vollscan mit malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
|
hey danke arne... ich bin gerade dabei bei malware einen scan zu machen... mach dich gleich auf eine geballte ladung infos bereit^^... |
Malwarebytes' Anti-Malware 1.45 Malwarebytes Datenbank Version: 4006 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 19.04.2010 14:54:48 mbam-log-2010-04-19 (14-54-48).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 177134 Laufzeit: 2 Stunde(n), 2 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 7 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4nnp26v3-5s15-ck67-ko13-m6aw5858v8bj} (Generic.Bot.H) -> No action taken. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Downloader) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Programme\spynet\server.exe (Generic.Bot.H) -> No action taken. C:\Dokumente und Einstellungen\H0PE\Lokale Einstellungen\Temp\ptu107_tmp.exe (Adware.Casino) -> No action taken. C:\Dokumente und Einstellungen\H0PE\Lokale Einstellungen\Temp\msgpl_73dd.exe (Adware.Agent) -> No action taken. C:\Dokumente und Einstellungen\H0PE\Lokale Einstellungen\Temp\xxxyyyzzz.dat (Malware.Trace) -> No action taken. C:\Dokumente und Einstellungen\H0PE\Lokale Einstellungen\Temp\MSN.abc (Malware.Trace) -> No action taken. C:\Dokumente und Einstellungen\H0PE\Lokale Einstellungen\Temp\UuU.uUu (Malware.Trace) -> No action taken. C:\Dokumente und Einstellungen\H0PE\Lokale Einstellungen\Temp\XxX.xXx (Malware.Trace) -> No action taken. OTL logfile created on: 19.04.2010 14:56:12 - Run 1 OTL by OldTimer - Version 3.2.1.3 Folder = C:\Dokumente und Einstellungen\H0PE\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.015,00 Mb Total Physical Memory | 224,00 Mb Available Physical Memory | 22,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,88 Gb Total Space | 24,69 Gb Free Space | 44,18% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOPE Current User Name: H0PE Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\H0PE\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\WINDOWS\sttray.exe (IDT, Inc.) PRC - C:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.) PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe () PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\H0PE\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.) MOD - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll () ========== Win32 Services (SafeList) ========== SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.) SRV - (LVSrvLauncher) -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) SRV - (IDriverT) -- c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (LVUVC) Logitech QuickCam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.hs () DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Aktuelle Nachrichten - Bild.de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search" FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=" FF - prefs.js..browser.search.order.1: "Fast Browser Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..keyword.URL: "" FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.03 05:33:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.03 01:41:37 | 000,000,000 | ---D | M] [2009.03.01 13:32:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\H0PE\Anwendungsdaten\Mozilla\Extensions [2010.04.18 21:15:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\H0PE\Anwendungsdaten\Mozilla\Firefox\Profiles\tso1idgm.default\extensions [2009.09.17 19:06:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\H0PE\Anwendungsdaten\Mozilla\Firefox\Profiles\tso1idgm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.08 04:52:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\H0PE\Anwendungsdaten\Mozilla\Firefox\Profiles\tso1idgm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.10.13 17:36:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\H0PE\Anwendungsdaten\Mozilla\Firefox\Profiles\tso1idgm.default\extensions\moveplayer@movenetworks.com [2009.12.26 19:02:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\H0PE\Anwendungsdaten\Mozilla\Firefox\Profiles\tso1idgm.default\extensions\npfax@microgaming.co.uk [2010.04.18 21:15:05 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.09.21 10:59:40 | 001,275,296 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv501.dll [2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv522.dll [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.15 06:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [HKCU] C:\Programme\spynet\server.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\H0PE\Startmenü\Programme\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Programme\spynet\server.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Programme\spynet\server.exe () O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 () - hxxp://de.netlogstatic.com/p/oo/103/456/103456628.jpg O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\H0PE\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\H0PE\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2f443363-3fcc-11df-a90f-00234ec248f4}\Shell - "" = AutoRun O33 - MountPoints2\{2f443363-3fcc-11df-a90f-00234ec248f4}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2f443363-3fcc-11df-a90f-00234ec248f4}\Shell\Open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\server.exe -- File not found O33 - MountPoints2\{58fd4ddc-4310-11df-a91c-00234ec248f4}\Shell - "" = AutoRun O33 - MountPoints2\{58fd4ddc-4310-11df-a91c-00234ec248f4}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{58fd4ddc-4310-11df-a91c-00234ec248f4}\Shell\Open\command - "" = D:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\server.exe -- File not found O33 - MountPoints2\{93e0c2a0-e1e3-11de-a7dc-00234ec248f4}\Shell - "" = AutoRun O33 - MountPoints2\{93e0c2a0-e1e3-11de-a7dc-00234ec248f4}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{93e0c2a0-e1e3-11de-a7dc-00234ec248f4}\Shell\Open\command - "" = D:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\server.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.19 12:50:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\H0PE\Anwendungsdaten\Malwarebytes [2010.04.19 12:50:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.19 12:50:39 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.19 12:50:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.19 12:50:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.19 12:49:30 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\H0PE\Desktop\OTL.exe [2010.04.12 05:53:17 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010.04.12 05:50:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.04.12 05:17:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\BricoPacks [2010.04.04 14:39:16 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Symantec Shared [2010.04.04 14:29:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS [2010.04.04 14:29:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0203000.02C [2010.04.04 14:29:57 | 000,000,000 | ---D | C] -- C:\Programme\Norton Security Scan [2010.04.04 14:29:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton [2010.04.04 14:29:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec [2010.04.04 14:29:43 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller [2010.04.04 14:29:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller [2010.04.04 11:26:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2010.03.20 18:29:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\H0PE\Anwendungsdaten\WinRAR [2010.01.01 23:16:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.01.01 23:09:11 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [2009.12.18 00:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software [2009.12.02 23:26:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple [2009.09.20 00:22:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2009.09.20 00:05:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [2008.11.12 18:58:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2008.11.12 18:58:33 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2008.11.12 18:58:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.19 13:45:07 | 006,553,600 | -H-- | M] () -- C:\Dokumente und Einstellungen\H0PE\NTUSER.DAT [2010.04.19 12:49:30 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\H0PE\Desktop\OTL.exe [2010.04.19 12:41:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.04.19 12:41:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.04.19 12:41:47 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys [2010.04.18 23:49:16 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\H0PE\ntuser.ini [2010.04.18 21:40:21 | 000,939,473 | ---- | M] () -- C:\Dokumente und Einstellungen\H0PE\Desktop\DSC00260.jpg [2010.04.18 01:42:05 | 000,041,828 | ---- | M] () -- C:\Dokumente und Einstellungen\H0PE\Desktop\porsche-cayman-s-design.jpg [2010.04.18 00:10:11 | 025,174,272 | ---- | M] () -- C:\Dokumente und Einstellungen\H0PE\Desktop\GrupBeydagi-LiveHalay2.mp3 [2010.04.17 23:51:23 | 006,443,136 | ---- | M] () -- C:\Dokumente und Einstellungen\H0PE\Desktop\Kool and the Gang - Fresh (Lyrics).mp3 [2010.04.17 19:06:33 | 000,000,611 | ---- | M] () -- C:\WINDOWS\win.ini [2010.04.16 20:03:57 | 000,016,342 | ---- | M] () -- C:\Dokumente und Einstellungen\H0PE\Eigene Dateien\Bewerbung.odt [2010.04.16 20:03:52 | 000,014,499 | ---- | M] () -- C:\Dokumente und Einstellungen\H0PE\Eigene Dateien\Lebenslauf.odt [2010.04.16 18:01:20 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for H0PE.job [2010.04.14 22:26:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.04.14 15:00:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.04.13 14:10:18 | 002,287,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\TUKernel.exe [2010.04.13 14:10:18 | 000,000,389 | RHS- | M] () -- C:\boot.ini [2010.04.12 06:55:54 | 000,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.04.12 05:23:15 | 000,054,785 | ---- | M] () -- C:\WINDOWS\BricoPackUninst.cmd [2010.04.12 05:23:15 | 000,006,112 | ---- | M] () -- C:\WINDOWS\BricoPackFoldersDelete.cmd [2010.04.12 05:22:52 | 005,760,054 | ---- | M] () -- C:\WINDOWS\BricoPack Wallpaper.bmp [2010.04.12 05:22:36 | 000,000,842 | ---- | M] () -- C:\Dokumente und Einstellungen\H0PE\Startmenü\Programme\Autostart\RocketDock.lnk [2010.04.10 01:17:58 | 000,014,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\H0PE\Desktop\photothumb.db [2010.04.10 01:17:56 | 000,007,168 | -H-- | M] () -- C:\Dokumente und Einstellungen\H0PE\Eigene Dateien\photothumb.db [2010.04.08 17:35:17 | 000,020,480 | ---- | M] () -- C:\Dokumente und Einstellungen\H0PE\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.06 23:57:24 | 000,000,869 | ---- | M] () -- C:\Dokumente und Einstellungen\H0PE\Eigene Dateien\TeamViewer 5.lnk [2010.04.06 21:30:43 | 000,459,396 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.04.06 21:30:43 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.04.06 21:30:43 | 000,084,722 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.04.06 21:30:43 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.04.06 21:30:42 | 001,069,904 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.04.05 00:15:36 | 000,000,037 | ---- | M] () -- C:\WINDOWS\MessengerPlus.ini [2010.04.04 14:29:59 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0203000.02C\isolate.ini [2010.04.03 23:38:10 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\H0PE\Eigene Dateien\iTunes.lnk [2010.04.01 15:17:48 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2010.04.01 15:11:26 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.18 21:39:48 | 000,939,473 | ---- | C] () -- C:\Dokumente und Einstellungen\H0PE\Desktop\DSC00260.jpg [2010.04.18 01:41:56 | 000,041,828 | ---- | C] () -- C:\Dokumente und Einstellungen\H0PE\Desktop\porsche-cayman-s-design.jpg [2010.04.18 00:00:51 | 025,174,272 | ---- | C] () -- C:\Dokumente und Einstellungen\H0PE\Desktop\GrupBeydagi-LiveHalay2.mp3 [2010.04.17 23:49:49 | 006,443,136 | ---- | C] () -- C:\Dokumente und Einstellungen\H0PE\Desktop\Kool and the Gang - Fresh (Lyrics).mp3 [2010.04.12 05:23:15 | 000,054,785 | ---- | C] () -- C:\WINDOWS\BricoPackUninst.cmd [2010.04.12 05:23:11 | 000,000,842 | ---- | C] () -- C:\Dokumente und Einstellungen\H0PE\Startmenü\Programme\Autostart\RocketDock.lnk [2010.04.12 05:22:52 | 005,760,054 | ---- | C] () -- C:\WINDOWS\BricoPack Wallpaper.bmp [2010.04.12 05:18:56 | 000,006,112 | ---- | C] () -- C:\WINDOWS\BricoPackFoldersDelete.cmd [2010.04.06 23:57:24 | 000,000,869 | ---- | C] () -- C:\Dokumente und Einstellungen\H0PE\Eigene Dateien\TeamViewer 5.lnk [2010.04.04 14:30:13 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for H0PE.job [2010.04.04 14:29:59 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0203000.02C\isolate.ini [2010.01.03 03:14:10 | 000,002,623 | ---- | C] () -- C:\WINDOWS\System32\ODCB.INI [2010.01.03 02:56:41 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\Beclickz.dll [2009.12.18 23:39:47 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\H0PE\Anwendungsdaten\setup_ldm.iss [2009.12.08 16:19:59 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009.12.08 16:19:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009.12.08 16:19:50 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.12.08 16:19:50 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.12.08 16:19:43 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009.12.08 16:19:42 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.10.18 02:56:19 | 000,020,480 | ---- | C] () -- C:\Dokumente und Einstellungen\H0PE\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.05 21:16:37 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009.09.26 10:43:16 | 000,000,037 | ---- | C] () -- C:\WINDOWS\MessengerPlus.ini [2009.04.30 22:39:36 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2009.02.12 15:51:26 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\H0PE\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.02.12 15:51:23 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\H0PE\ntuser.dat.LOG [2009.02.12 15:51:23 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\H0PE\ntuser.ini [2009.02.12 15:51:22 | 006,553,600 | -H-- | C] () -- C:\Dokumente und Einstellungen\H0PE\NTUSER.DAT [2009.02.12 15:50:24 | 000,262,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT [2009.02.12 15:50:24 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT.LOG [2008.11.12 19:23:06 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008.11.12 19:08:15 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2008.07.30 11:55:02 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2008.06.25 10:14:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007.10.11 19:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2005.02.17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005.02.17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 487 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF < End of report > OTL Extras logfile created on: 19.04.2010 14:56:12 - Run 1 OTL by OldTimer - Version 3.2.1.3 Folder = C:\Dokumente und Einstellungen\H0PE\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.015,00 Mb Total Physical Memory | 224,00 Mb Available Physical Memory | 22,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,88 Gb Total Space | 24,69 Gb Free Space | 44,18% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOPE Current User Name: H0PE Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{022C5679-05DD-4902-9F5B-9AE22FA4BB4F}" = HP Mobile Broadband Setup Utility "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{1178CE69-1B1D-4ED2-9E52-3E98A8C99816}" = HP User Guides 0119 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC05AC51-5E65-448C-B555-CF956768B76C}" = High Pulse "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:30 "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Broadcom 802.11b Network Adapter" = Broadcom 802.11-WLAN-Adapter "Flatcast_is1" = Flatcast Viewer Plugin 5.0.356 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free Sound Recorder_is1" = Free Sound Recorder v8.1.1 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Full) "lvdrivers_11.50" = Logitech QuickCam-Treiberpaket "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MSNINST" = MSN "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NSS" = Norton Security Scan "Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0 "PhotoScape" = PhotoScape "PokerStars" = PokerStars "Recuva" = Recuva "rubyfortune" = Ruby Fortune Casino "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamViewer 5" = TeamViewer 5 "TuneUp Utilities" = TuneUp Utilities "Uninstall_is1" = Uninstall 1.0.0.1 "Veoh Web Player Beta" = Veoh Web Player "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 02.10.2009 15:52:27 | Computer Name = HOPE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung pprekop.exe, Version 4.2.0.172, fehlgeschlagenes Modul ole32.dll, Version 5.1.2600.2182, Fehleradresse 0x10017bed. Error - 30.10.2009 05:13:37 | Computer Name = HOPE | Source = Google Update | ID = 20 Description = Error - 30.10.2009 06:26:20 | Computer Name = HOPE | Source = MsiInstaller | ID = 1013 Description = Produkt: Adobe Reader 9.2 - Deutsch -- Es wird ein Vorgang ausgeführt, der nicht vom Installationsprogramm beendet werden kann. Schließen Sie vor einem erneuten Versuche alle Anwendungen oder starten Sie Ihrem Computer neu. Error - 05.11.2009 09:53:53 | Computer Name = HOPE | Source = MsiInstaller | ID = 11704 Description = Produkt: O&O SafeErase -- Fehler 1704. Eine Installation von Java(TM) 6 Update 17 ist im Augenblick unterbrochen. Sie müssen die von dieser Installation vorgenommenen Änderungen rückgängig machen, bevor Sie fortfahren können. Möchten Sie diese Änderungen rückgängig machen? Error - 16.11.2009 14:54:26 | Computer Name = HOPE | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 21.11.2009 15:32:27 | Computer Name = HOPE | Source = Windows Live Messenger | ID = 1000 Description = Error - 21.11.2009 15:35:32 | Computer Name = HOPE | Source = Windows Live Messenger | ID = 1000 Description = Error - 25.12.2009 14:55:53 | Computer Name = HOPE | Source = Windows Live Messenger | ID = 1000 Description = Error - 21.01.2010 08:56:05 | Computer Name = HOPE | Source = Windows Live Messenger | ID = 1000 Description = Error - 21.01.2010 15:15:01 | Computer Name = HOPE | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Für diesen Befehl ist nicht genügend Speicher verfügbar. . [ System Events ] Error - 09.04.2010 08:38:45 | Computer Name = HOPE | Source = PlugPlayManager | ID = 12 Description = Das Gerät "Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller" (PCI\VEN_11AB&DEV_4354&SUBSYS_361A103C&REV_00\4&23c6fc68&0&00E1) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 10.04.2010 18:20:15 | Computer Name = HOPE | Source = BTWUSB | ID = 262187 Description = Error - 11.04.2010 19:25:55 | Computer Name = HOPE | Source = PlugPlayManager | ID = 12 Description = Das Gerät "Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller" (PCI\VEN_11AB&DEV_4354&SUBSYS_361A103C&REV_00\4&23c6fc68&0&00E1) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 12.04.2010 00:57:43 | Computer Name = HOPE | Source = PlugPlayManager | ID = 12 Description = Das Gerät "Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller" (PCI\VEN_11AB&DEV_4354&SUBSYS_361A103C&REV_00\4&23c6fc68&0&00E1) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 13.04.2010 21:01:57 | Computer Name = HOPE | Source = PlugPlayManager | ID = 12 Description = Das Gerät "Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller" (PCI\VEN_11AB&DEV_4354&SUBSYS_361A103C&REV_00\4&23c6fc68&0&00E1) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 14.04.2010 10:50:07 | Computer Name = HOPE | Source = PlugPlayManager | ID = 12 Description = Das Gerät "Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller" (PCI\VEN_11AB&DEV_4354&SUBSYS_361A103C&REV_00\4&23c6fc68&0&00E1) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 16.04.2010 10:52:12 | Computer Name = HOPE | Source = PlugPlayManager | ID = 12 Description = Das Gerät "Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller" (PCI\VEN_11AB&DEV_4354&SUBSYS_361A103C&REV_00\4&23c6fc68&0&00E1) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 17.04.2010 18:35:20 | Computer Name = HOPE | Source = DCOM | ID = 10010 Description = Der Server "{DC0C2640-1415-4644-875C-6F4D769839BA}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 18.04.2010 15:38:17 | Computer Name = HOPE | Source = PlugPlayManager | ID = 12 Description = Das Gerät "Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller" (PCI\VEN_11AB&DEV_4354&SUBSYS_361A103C&REV_00\4&23c6fc68&0&00E1) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 18.04.2010 17:28:56 | Computer Name = HOPE | Source = BTWUSB | ID = 262187 Description = < End of report > sooo wie du es haben wolltest...oder^^....hoffe kannst mir helfen... |
Ok. Dann mach jetzt bitte nen Durchgang mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
http://saved.im/mtm0nzyzmzd5/cofi.jpg
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 16:04 Uhr. |
Copyright ©2000-2025, Trojaner-Board