Trojaner-Board - POLIZEI Cyber Crime Investigation Department

Sorry, bin gestern nicht mehr dazugekommen!!

Ich hoffe es hilft was !!

OTL Logfile:

Code:

OTL Extras logfile created on: 05.09.2012 11:43:05 - Run 1

OTL by OldTimer - Version 3.2.61.0     Folder = C:\Dokumente und Einstellungen\Jacky\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,38% Memory free

3,85 Gb Paging File | 2,90 Gb Available in Paging File | 75,32% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,04 Gb Total Space | 136,04 Gb Free Space | 91,28% Space Free | Partition Type: NTFS

Drive D: | 465,75 Gb Total Space | 5,12 Gb Free Space | 1,10% Space Free | Partition Type: NTFS

 

Computer Name: FIRMA-B1ED317C6 | User Name: Jacky | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_USERS\S-1-5-21-1957994488-287218729-839522115-1003\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"2000:TCP" = 2000:TCP:*:Enabled:Client

"2001:TCP" = 2001:TCP:*:Enabled:IPRegister

"80:TCP" = 80:TCP:*:Enabled:Web

"5985:TCP" = 5985:TCP:*:Enabled:Windows-Remoteverwaltung 

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)

"C:\Programme\DigiProtect\DigiProtect TV8807 Server\Bdvr.exe" = C:\Programme\DigiProtect\DigiProtect TV8807 Server\Bdvr.exe:*:Enabled:Bdvr -- ()

"C:\Programme\DigiProtect\DigiProtect TV8807 Server\WebServer.exe" = C:\Programme\DigiProtect\DigiProtect TV8807 Server\WebServer.exe:*:Enabled:WebServer -- ()

"C:\Programme\GIGABYTE\GEST\run.exe" = C:\Programme\GIGABYTE\GEST\run.exe:*:Enabled:update -- ()

"C:\Dokumente und Einstellungen\Jacky\Anwendungsdaten\Spotify\spotify.exe" = C:\Dokumente und Einstellungen\Jacky\Anwendungsdaten\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{22A647A1-E442-7302-3905-DA8C5FDFCAFB}" = Catalyst Control Center Graphics Previews Common

"{23768150-5EFE-14A4-CECE-914D03FF18B4}" = CCC Help English

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22

"{292899E7-6B8F-8099-0ACD-71D5F448106D}" = ccc-utility

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B06.1227.01

"{41B8A39C-E97D-FDE5-3A4A-8E6FA961E94E}" = ccc-core-static

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1

"{5CA1C102-CFB3-9C8E-2DEF-E98A4B57C8CF}" = Catalyst Control Center InstallProxy

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{9C6105B4-2A33-4ADB-89A0-F423D562F3B9}" = ETC B07.1219.01

"{9CF7BD9C-6DEC-4526-B619-95ADA23AB6E1}" = DigiProtect TV8807 Server

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req

"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS 

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CC4914EF-6618-4949-A1CF-BD4917A00221}" = SYSTEM_INFO B07.1219.01

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1AE6D4D-C37A-487d-83D8-C333125B2459}" = HP Photosmart and Deskjet 7.0 Software (deu)

"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"DealPly" = DealPly

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"TeamViewer 4" = TeamViewer 4

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1957994488-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"FoxTab FLV Player" = FoxTab FLV Player

"Spotify" = Spotify

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 30.07.2012 15:04:04 | Computer Name = FIRMA-B1ED317C6 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x000113c0.

 

Error - 30.07.2012 22:04:05 | Computer Name = FIRMA-B1ED317C6 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x000113c0.

 

Error - 31.07.2012 03:04:04 | Computer Name = FIRMA-B1ED317C6 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x000113c0.

 

Error - 31.07.2012 23:04:06 | Computer Name = FIRMA-B1ED317C6 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x000113c0.

 

Error - 01.08.2012 16:04:06 | Computer Name = FIRMA-B1ED317C6 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x000113c0.

 

Error - 01.08.2012 22:04:05 | Computer Name = FIRMA-B1ED317C6 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x000113c0.

 

Error - 02.08.2012 00:04:08 | Computer Name = FIRMA-B1ED317C6 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x000113c0.

 

Error - 02.08.2012 06:04:04 | Computer Name = FIRMA-B1ED317C6 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x000113c0.

 

Error - 13.08.2012 02:02:17 | Computer Name = FIRMA-B1ED317C6 | Source = ESENT | ID = 490

Description = svchost (1180) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"

 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der

 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet

 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

 

Error - 25.08.2012 02:02:19 | Computer Name = FIRMA-B1ED317C6 | Source = ESENT | ID = 490

Description = svchost (1176) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"

 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der

 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet

 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

 

[ System Events ]

Error - 03.09.2012 05:09:52 | Computer Name = FIRMA-B1ED317C6 | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 03.09.2012 05:10:37 | Computer Name = FIRMA-B1ED317C6 | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   avgio  avipbb  Fips  intelppm  ssmdrv

 

Error - 03.09.2012 05:22:05 | Computer Name = FIRMA-B1ED317C6 | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 03.09.2012 05:23:34 | Computer Name = FIRMA-B1ED317C6 | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 

Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung

 wurde angehalten.

 

 

< End of report >

--- --- ---

OTL Logfile:

Code:

OTL logfile created on: 05.09.2012 11:43:05 - Run 1

OTL by OldTimer - Version 3.2.61.0     Folder = C:\Dokumente und Einstellungen\Jacky\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,38% Memory free

3,85 Gb Paging File | 2,90 Gb Available in Paging File | 75,32% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,04 Gb Total Space | 136,04 Gb Free Space | 91,28% Space Free | Partition Type: NTFS

Drive D: | 465,75 Gb Total Space | 5,12 Gb Free Space | 1,10% Space Free | Partition Type: NTFS

 

Computer Name: FIRMA-B1ED317C6 | User Name: Jacky | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\Jacky\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Programme\TeamViewer\Version4\TeamViewer.exe (TeamViewer GmbH)

PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\GIGABYTE\GEST\GSvr.exe ()

PRC - C:\Programme\DigiProtect\DigiProtect TV8807 Server\Bdvr.exe ()

PRC - C:\Programme\DigiProtect\DigiProtect TV8807 Server\WebServer.exe ()

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()

MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()

MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()

MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll ()

MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()

MOD - C:\Programme\GIGABYTE\GEST\GSvr.exe ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\DFBackup.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\DFComm.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\DFCSearch.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\BOption.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\DFSub2.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\BSearch.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\DFCtl32.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\BSub.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\DFCSub.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\KRunDll.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\DFCOMPJ.DLL ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\KSv.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\Bdvr.exe ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\DFMSG.DLL ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\WebServer.exe ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\Newpasswd.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\SMTP.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\IPRegister.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\dview.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\DFBACK.DLL ()

MOD - C:\WINDOWS\system32\tsd32.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\MViaDecoder.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\MviaEncoder.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\MViaEncOld.dll ()

MOD - C:\Programme\DigiProtect\DigiProtect TV8807 Server\DetectWM.dll ()

MOD - C:\WINDOWS\system32\Accugnt5.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (TeamViewer4) -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (GEST Service) -- C:\Programme\GIGABYTE\GEST\GSvr.exe ()

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (lbrtfdc) --  File not found

DRV - (i2omgmt) --  File not found

DRV - (Changer) --  File not found

DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ET5Drv) -- C:\WINDOWS\system32\drivers\ET5Drv.sys (Windows (R) 2000 DDK provider)

DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)

DRV - (NanoBt) -- C:\WINDOWS\system32\drivers\NanoBt.sys (Nano sw.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1957994488-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search

IE - HKU\S-1-5-21-1957994488-287218729-839522115-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-1957994488-287218729-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1957994488-287218729-839522115-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=b86fc639000000000000001fd05a789c

IE - HKU\S-1-5-21-1957994488-287218729-839522115-1003\..\SearchScopes\{8348A564-392A-4C8D-A8E7-E94A3CEB3305}: "URL" = hxxp://www.google.at/#hl=de&source=hp&q={searchTerms}&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=5338843fe4b88395

IE - HKU\S-1-5-21-1957994488-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

 

[2012.09.03 16:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.05.03 12:16:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2012.05.03 12:15:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.06 13:34:42 | 000,002,288 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml

 

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)

O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [GEST] C:\Programme\GIGABYTE\GEST\run.exe ()

O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DigiProtect TV8807 Server.lnk = C:\Programme\DigiProtect\DigiProtect TV8807 Server\Bdvr.exe ()

O4 - Startup: C:\Dokumente und Einstellungen\Jacky\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1957994488-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285687037437 (WUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4127385-946C-4B4A-8357-2F4D1D361017}: NameServer = 195.58.160.194,195.58.161.122

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.09.28 12:38:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.09.05 11:39:58 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jacky\Desktop\OTL.exe

[2012.09.03 16:34:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jacky\Eigene Dateien\Downloads

[2012.09.03 11:18:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2012.09.03 11:12:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jacky\Anwendungsdaten\Malwarebytes

[2012.09.03 11:12:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.09.03 11:12:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.09.03 11:12:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.09.03 11:12:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.09.03 11:09:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC

[2012.09.01 06:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.09.05 11:49:14 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys

[2012.09.05 11:40:01 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jacky\Desktop\OTL.exe

[2012.09.05 11:04:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.09.05 08:02:41 | 000,000,008 | ---- | M] () -- C:\Dfeventchk

[2012.09.05 08:02:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.09.05 08:01:43 | 000,680,960 | ---- | M] (DivXNetworks, Inc.) -- C:\WINDOWS\System32\KM4.dll

[2012.09.05 08:01:43 | 000,238,675 | --S- | M] (Digi-Flower Corporation) -- C:\WINDOWS\System32\DFM.DLL

[2012.09.05 08:01:43 | 000,221,215 | ---- | M] (DivXNetworks, Inc.) -- C:\WINDOWS\System32\divxdec.ax

[2012.09.05 08:01:43 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\KMSYUV.DLL

[2012.09.05 08:01:43 | 000,000,127 | ---- | M] () -- C:\dvrwindow.bin

[2012.09.05 08:01:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.09.03 11:44:32 | 000,000,180 | ---- | M] () -- C:\dfmanager

[2012.09.03 11:21:05 | 000,000,196 | -HS- | M] () -- C:\boot.ini

[2012.09.03 11:12:43 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.03 11:07:44 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ism_0_llatsni.pad

[2012.09.01 07:46:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.08.15 20:04:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012.08.15 20:04:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.09.03 11:12:43 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.01 07:46:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.09.01 06:36:37 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ism_0_llatsni.pad

[2012.05.03 11:53:34 | 000,134,904 | ---- | C] () -- C:\WINDOWS\HPHins12.dat

[2012.05.03 11:53:34 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat

[2012.05.03 11:53:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2011.07.20 12:04:04 | 000,009,728 | ---- | C] () -- C:\Dokumente und Einstellungen\Jacky\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.09.30 07:59:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010.09.28 16:56:32 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\CABARC.EXE

[2010.09.28 16:54:57 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\Accugnt5.dll

[2010.09.28 16:33:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2010.09.28 16:33:13 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2010.09.28 16:33:12 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe

[2010.09.28 16:33:12 | 000,219,348 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2010.09.28 16:33:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe

[2010.09.28 16:33:12 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2010.09.28 16:21:19 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2010.09.28 13:28:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010.09.28 13:27:26 | 000,122,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010.09.28 12:39:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010.09.28 12:35:24 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
 

< End of report >

--- --- ---

All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1957994488-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-1957994488-287218729-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1957994488-287218729-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1957994488-287218729-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1957994488-287218729-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8348A564-392A-4C8D-A8E7-E94A3CEB3305}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8348A564-392A-4C8D-A8E7-E94A3CEB3305}\ not found.
HKU\S-1-5-21-1957994488-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup not found.
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1957994488-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET90.tmp deleted successfully.
C:\WINDOWS\System32\SET91.tmp deleted successfully.
C:\WINDOWS\System32\SET92.tmp deleted successfully.
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ism_0_llatsni.pad moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.exe not found.
File\Folder C:\Dokumente und Einstellungen\Jacky\Anwendungsdaten\*.exe not found.
File\Folder C:\Dokumente und Einstellungen\Jacky\Lokale Einstellungen\Anwendungsdaten\*.exe not found.
File\Folder C:\Dokumente und Einstellungen\Jacky\*.exe not found.
File\Folder C:\Dokumente und Einstellungen\Jacky\Startmenü\Programme\Autostart\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache konnte nicht geleert werden: Beim Ausführen der Funktion ist ein Fehler aufgetreten.
C:\Dokumente und Einstellungen\Jacky\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Jacky\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Jacky
->Temp folder emptied: 350199221 bytes
->Temporary Internet Files folder emptied: 268701348 bytes
->Java cache emptied: 47485 bytes
->Flash cache emptied: 27508 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134333 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 243200 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 592689 bytes
RecycleBin emptied: 546720 bytes

Total Files Cleaned = 594,00 mb

OTL by OldTimer - Version 3.2.61.0 log created on 09062012_135852

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\Jacky\Lokale Einstellungen\Temp\~DFC0D0.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Jacky\Lokale Einstellungen\Temp\~DFC14B.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Jacky\Lokale Einstellungen\Temp\~DFC1F9.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Jacky\Lokale Einstellungen\Temp\~DFC20F.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Jacky\Lokale Einstellungen\Temp\~DFC4BA.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Jacky\Lokale Einstellungen\Temp\~DFC525.tmp not found!
C:\Dokumente und Einstellungen\Jacky\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZZ3TZF1A\ads[5].htm moved successfully.
C:\Dokumente und Einstellungen\Jacky\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZZ3TZF1A\ads[6].htm moved successfully.
C:\Dokumente und Einstellungen\Jacky\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZZ3TZF1A\si[3].htm moved successfully.
C:\Dokumente und Einstellungen\Jacky\Lokale Einstellungen\Temporary Internet Files\Content.IE5\I58PEJHX\si[4].htm moved successfully.
C:\Dokumente und Einstellungen\Jacky\Lokale Einstellungen\Temporary Internet Files\Content.IE5\B5PVLD78\123386-polizei-cyber-crime-investigation-department[3].html moved successfully.
C:\Dokumente und Einstellungen\Jacky\Lokale Einstellungen\Temporary Internet Files\Content.IE5\B5PVLD78\ads[3].htm moved successfully.
C:\Dokumente und Einstellungen\Jacky\Lokale Einstellungen\Temporary Internet Files\Content.IE5\B5PVLD78\si[1].htm moved successfully.
C:\Dokumente und Einstellungen\Jacky\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...