|
TR/Spy.23040.88 in Factura74.zip TR/Spy.15360.103 in system.exe usw. Hallo werte Forumsgemeinschaft^^ mein Firefox Browser bleibt alle paar minuten kurz hängen deshalb habei ich jetzt einmal AntiVir ausgeführt Und siehe da AntiVir hat mir jetzt 4 Funde mitgeteilt und wartet darauf das ich sie in Quarantäne verschiebe oder abbreche Soll ich die Funde wirklich in Quarantäne verschieben? TR/Spy.23040.88 in Factura74.zip TR/Spy.15360.10 in system.exe TR/Dropper.Gen in pic04[1].gif TR/Spy.15360.103 in 3f2[1].jpg Der CC-cleaner war mir zu umfangreich deshalb habe ich ersteinmal den OTL ausgeführt, hoffe es hilft euch Ich bin euch schon jetzt für jeden Rat Dankbar^^ MfG Paul hier die Logfile OTL logfile created on: 13.05.2010 18:09:45 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\###\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 127,00 Mb Available Physical Memory | 12,00% Memory free 3,00 Gb Paging File | 1,00 Gb Available in Paging File | 51,00% Paging File free Paging file location(s): c:\pagefile.sys 2000 6500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 70,20 Gb Total Space | 51,57 Gb Free Space | 73,46% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ### Current User Name: ### Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\###\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\cammute.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe () ========== Modules (SafeList) ========== MOD - C:\Users\###\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV:64bit: - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\HOTKEY\cammute.exe (Lenovo Group Limited) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation) DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation) DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation) DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation) DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited) DRV - (CSC) -- C:\Windows\CSC [2010.03.07 18:03:35 | 000,000,000 | ---D | M] DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (TPM) -- C:\Windows\SysWOW64\tpm.msc () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 62 EE 6D B4 EB CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "eBay" FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.19 14:54:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.05 19:28:49 | 000,000,000 | ---D | M] [2010.03.07 18:42:55 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\mozilla\Extensions [2010.03.07 18:42:55 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\mozilla\Firefox\Profiles\zosr889h.default\extensions [2010.04.23 13:37:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.03.13 21:36:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.13 21:36:17 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.13 21:36:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.13 21:36:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.13 21:36:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files (x86)\GetRight\xx2gr.dll (Headlight Software, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.) O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRdownload.htm () O8:64bit: - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm () O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRdownload.htm () O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.13 18:07:16 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\###\Desktop\OTL.exe [2010.05.13 17:28:17 | 000,000,000 | ---D | C] -- C:\Users\###\AppData\Roaming\Avira [2010.05.13 17:25:05 | 000,000,000 | ---D | C] -- C:\Users\###\AppData\Local\Diagnostics [2010.05.07 07:23:33 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010.05.07 07:23:32 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.05.07 07:23:32 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010.05.07 07:23:32 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010.05.07 07:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.05.07 07:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010.05.07 06:55:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices [2010.05.07 06:47:23 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igxpun.exe [2010.05.07 06:47:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64 [2010.05.07 06:44:10 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010.05.07 06:44:08 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010.05.07 06:44:06 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll [2010.05.07 06:44:06 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll [2010.05.07 06:44:03 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010.05.07 06:44:03 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010.05.07 06:43:29 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2010.05.07 06:43:29 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll [2010.05.07 06:43:29 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll [2010.05.07 06:43:29 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2010.05.07 06:43:28 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2010.05.07 06:43:28 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2010.05.07 06:43:28 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2010.05.07 06:43:28 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2010.05.07 06:43:11 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2010.05.07 06:43:11 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys [2010.05.07 06:42:54 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010.05.07 06:42:54 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2010.05.07 06:42:54 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2010.05.07 06:42:49 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010.05.07 06:42:48 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010.05.07 06:42:48 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010.05.07 06:42:43 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2010.05.07 06:42:43 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2010.05.07 06:42:43 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll [2010.05.07 06:42:43 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll [2010.05.07 06:42:43 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll [2010.05.07 06:42:43 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll [2010.05.07 06:42:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll [2010.05.07 06:42:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll [2010.05.07 06:42:43 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll [2010.05.07 06:42:39 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.05.07 06:42:38 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.05.07 06:42:38 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010.05.07 06:42:38 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010.05.07 06:42:38 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2010.05.07 06:42:38 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2010.05.07 06:42:33 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2010.05.07 06:42:33 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll [2010.05.07 06:42:30 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2010.05.07 06:42:30 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll [2010.05.07 06:42:28 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys [2010.05.07 06:42:16 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2010.05.07 06:42:16 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll [2010.05.07 06:42:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2010.05.07 06:42:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2010.05.07 06:42:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2010.05.07 06:42:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2010.05.07 06:42:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2010.05.07 06:42:15 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2010.05.07 06:42:15 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2010.05.07 06:42:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010.05.07 06:42:14 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2010.05.03 00:50:34 | 000,000,000 | ---D | C] -- C:\Users\###\AppData\Roaming\Edvii [2010.04.27 14:35:37 | 000,000,000 | ---D | C] -- C:\Users\###\AppData\Roaming\Ihtyli [2010.04.23 13:49:38 | 000,000,000 | ---D | C] -- C:\Users\r###\AppData\Roaming\skypePM [2010.04.23 13:37:22 | 000,000,000 | ---D | C] -- C:\Users\###\AppData\Roaming\Skype [2010.04.23 13:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.04.23 13:36:43 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2010.04.23 13:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010.04.17 16:56:53 | 000,000,000 | ---D | C] -- C:\Users\###\AppData\Roaming\DivX [2010.04.17 16:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2010.04.17 16:56:05 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2010.04.17 16:54:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2010.04.17 16:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2010.04.17 16:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX ========== Files - Modified Within 30 Days ========== [2010.05.13 18:13:53 | 003,407,872 | -HS- | M] () -- C:\Users\###\NTUSER.DAT [2010.05.13 18:07:50 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\###\Desktop\OTL.exe [2010.05.13 17:23:03 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.13 17:23:03 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.13 17:17:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.13 10:07:32 | 002,739,956 | ---- | M] () -- C:\Users\###\Desktop\Stundenzettel 2010.xlsm [2010.05.13 10:02:59 | 001,962,496 | ---- | M] () -- C:\Users\###\Desktop\tagesnachweis ###.doc [2010.05.13 09:52:41 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.05.13 09:52:41 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.05.13 09:52:41 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.05.13 09:52:41 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.05.13 09:52:41 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.05.12 23:33:02 | 002,235,794 | -H-- | M] () -- C:\Users\###\AppData\Local\IconCache.db [2010.05.11 19:24:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.11 19:24:09 | 797,777,920 | -HS- | M] () -- C:\hiberfil.sys [2010.05.11 19:15:37 | 000,009,316 | ---- | M] () -- C:\Users\###\Documents\abschlussprojekt.xlsx [2010.05.08 10:26:20 | 000,007,605 | ---- | M] () -- C:\Users\###\AppData\Local\Resmon.ResmonCfg [2010.05.08 09:32:24 | 002,151,330 | ---- | M] () -- C:\Users\###\Desktop\Handbuch_FRITZBox_Fon_WLAN_7050.pdf [2010.05.07 07:02:40 | 000,339,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.05.05 19:28:52 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.05.01 19:28:52 | 000,014,534 | ---- | M] () -- C:\Users\###\Documents\Mappe1.xlsx [2010.05.01 19:28:51 | 000,008,793 | ---- | M] () -- C:\Users\###\Documents\Mappe2.xlsx [2010.04.23 20:38:53 | 000,015,336 | ---- | M] () -- C:\Users\###\Desktop\dd.pdf [2010.04.23 13:49:38 | 000,000,048 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2010.04.23 13:36:47 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.04.22 18:59:51 | 002,732,981 | ---- | M] () -- C:\Users\###\Documents\Stundenzettel 2010.xlsm [2010.04.22 18:58:48 | 000,000,165 | -H-- | M] () -- C:\Users\###\Documents\~$Stundenzettel 2010.xlsm [2010.04.17 16:57:33 | 000,001,573 | ---- | M] () -- C:\Users\###\Desktop\DivX Movies.lnk [2010.04.14 21:35:25 | 000,000,165 | -H-- | M] () -- C:\Users\###\Desktop\~$Stundenzettel 2010 ###.xlsm ========== Files Created - No Company Name ========== [2010.05.13 09:49:19 | 001,962,496 | ---- | C] () -- C:\Users\###\Desktop\tagesnachweis ###.doc [2010.05.11 19:15:31 | 000,009,316 | ---- | C] () -- C:\Users\###\Documents\abschlussprojekt.xlsx [2010.05.08 09:57:16 | 000,007,605 | ---- | C] () -- C:\Users\###\AppData\Local\Resmon.ResmonCfg [2010.05.08 09:32:24 | 002,151,330 | ---- | C] () -- C:\Users\###\Desktop\Handbuch_FRITZBox_Fon_WLAN_7050.pdf [2010.05.05 19:28:52 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.04.23 20:38:53 | 000,015,336 | ---- | C] () -- C:\Users\###\Desktop\dd.pdf [2010.04.23 13:49:38 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.23 13:36:47 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010.04.22 18:58:48 | 002,732,981 | ---- | C] () -- C:\Users\###\Documents\Stundenzettel 2010.xlsm [2010.04.22 18:58:48 | 000,000,165 | -H-- | C] () -- C:\Users\###\Documents\~$Stundenzettel 2010.xlsm [2010.04.17 16:57:33 | 000,001,573 | ---- | C] () -- C:\Users\###\Desktop\DivX Movies.lnk [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll < End of report > OTL Extras logfile created on: 13.05.2010 18:09:46 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\###\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 127,00 Mb Available Physical Memory | 12,00% Memory free 3,00 Gb Paging File | 1,00 Gb Available in Paging File | 51,00% Paging File free Paging file location(s): c:\pagefile.sys 2000 6500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 70,20 Gb Total Space | 51,57 Gb Free Space | 73,46% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ### Current User Name: ### Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{20140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 (Beta) "{20140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 (Beta) "{20140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 (Beta) "{20140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Beta) "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{AB4794A6-40D9-405F-B735-2F619000D20D}" = ThinkVantage Fingerprint Software "{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software "HDMI" = Intel(R) Graphics Media Accelerator Driver "LENOVO.SMIIF" = Lenovo System Interface Driver "OnScreenDisplay" = Anzeige am Bildschirm "Power Management Driver" = ThinkPad Power Management Driver "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{19B2FBFE-27D2-458C-9C75-5280C831E49C}" = CoPilot Central 2.0 "{20140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 (Beta) "{20140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 (Beta) "{20140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 (Beta) "{20140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 (Beta) "{20140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 (Beta) "{20140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 (Beta) "{20140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta) "{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta) "{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta) "{20140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 (Beta) "{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta) "{20140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 (Beta) "{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta) "{20140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 (Beta) "{20140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 (Beta) "{20140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010 (Beta) "{20140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 (Beta) "{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta) "{20140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 (Beta) "{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta) "{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{3B9DC4B3-A06A-46B9-8CCE-CAB0BE913244}" = Win7 RnR Sysprep Patch "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DivX Setup.divx.com" = DivX-Setup "E-PlusOnlineConnect" = E-Plus Online Connect "GetRight_is1" = GetRight "InstallShield_{19B2FBFE-27D2-458C-9C75-5280C831E49C}" = CoPilot Central 2.0 "Mobile Partner" = Mobile Partner "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Office14.SingleImage" = Microsoft Office Professional 2010 "Office14.VISIO" = Microsoft Visio 2010 "Samsung ML-2010 Series" = Samsung ML-2010 Series "SecondLifeViewer2" = SecondLifeViewer2 (remove only) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 05.05.2010 15:36:24 | Computer Name = ###| Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3743 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 220 Startzeit: 01caec63fa672672 Endzeit: 27569 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 641e4898-587d-11df-abd4-0016d3b99c12 Error - 05.05.2010 18:30:16 | Computer Name = ###| Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax. Error - 06.05.2010 17:04:51 | Computer Name = ###| Source = RasClient | ID = 20227 Description = Error - 06.05.2010 17:05:10 | Computer Name = ###| Source = RasClient | ID = 20227 Description = Error - 07.05.2010 01:06:07 | Computer Name = ###| Source = RasClient | ID = 20227 Description = Error - 07.05.2010 03:36:36 | Computer Name = ###| Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax. Error - 07.05.2010 14:48:30 | Computer Name = ###| Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3743 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ea4 Startzeit: 01caeda344e35835 Endzeit: 15952 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 07eea42f-5a09-11df-becf-0016d3b99c12 Error - 08.05.2010 18:46:46 | Computer Name = ###| Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax. Error - 11.05.2010 00:50:34 | Computer Name = ###| Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3743 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1184 Startzeit: 01caf05d3fa98293 Endzeit: 4749 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 8ce4625b-5cb8-11df-becf-0016d3b99c12 Error - 12.05.2010 14:59:14 | Computer Name = ###| Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax. [ Media Center Events ] Error - 30.04.2010 00:17:46 | Computer Name = ###| Source = MCUpdate | ID = 0 Description = 06:17:40 - Fehler beim Herstellen der Internetverbindung. 06:17:41 - Serververbindung konnte nicht hergestellt werden.. Error - 30.04.2010 00:18:10 | Computer Name = ###| Source = MCUpdate | ID = 0 Description = 06:17:52 - Fehler beim Herstellen der Internetverbindung. 06:17:52 - Serververbindung konnte nicht hergestellt werden.. Error - 04.05.2010 00:47:47 | Computer Name = ###| Source = MCUpdate | ID = 0 Description = 06:47:47 - Fehler beim Herstellen der Internetverbindung. 06:47:47 - Serververbindung konnte nicht hergestellt werden.. Error - 04.05.2010 00:47:59 | Computer Name = ###| Source = MCUpdate | ID = 0 Description = 06:47:53 - Fehler beim Herstellen der Internetverbindung. 06:47:53 - Serververbindung konnte nicht hergestellt werden.. Error - 04.05.2010 09:35:18 | Computer Name = ###| Source = MCUpdate | ID = 0 Description = 15:35:17 - Fehler beim Herstellen der Internetverbindung. 15:35:17 - Serververbindung konnte nicht hergestellt werden.. Error - 04.05.2010 09:35:30 | Computer Name = ###| Source = MCUpdate | ID = 0 Description = 15:35:23 - Fehler beim Herstellen der Internetverbindung. 15:35:23 - Serververbindung konnte nicht hergestellt werden.. Error - 05.05.2010 00:32:44 | Computer Name = ###| Source = MCUpdate | ID = 0 Description = 06:32:43 - Fehler beim Herstellen der Internetverbindung. 06:32:44 - Serververbindung konnte nicht hergestellt werden.. Error - 05.05.2010 00:32:55 | Computer Name = ###| Source = MCUpdate | ID = 0 Description = 06:32:49 - Fehler beim Herstellen der Internetverbindung. 06:32:49 - Serververbindung konnte nicht hergestellt werden.. Error - 05.05.2010 10:14:00 | Computer Name = ###| Source = MCUpdate | ID = 0 Description = 16:13:59 - Fehler beim Herstellen der Internetverbindung. 16:13:59 - Serververbindung konnte nicht hergestellt werden.. Error - 05.05.2010 10:14:11 | Computer Name = ###| Source = MCUpdate | ID = 0 Description = 16:14:05 - Fehler beim Herstellen der Internetverbindung. 16:14:05 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 12.05.2010 12:52:46 | Computer Name = ###| Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden. Error - 12.05.2010 12:52:46 | Computer Name = ###| Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden. Error - 12.05.2010 12:52:46 | Computer Name = ###| Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden. Error - 12.05.2010 17:12:58 | Computer Name = ###| Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht. Error - 13.05.2010 02:06:19 | Computer Name = ###| Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden. Error - 13.05.2010 07:45:58 | Computer Name = ###| Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden. Error - 13.05.2010 09:38:06 | Computer Name = ###| Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden. Error - 13.05.2010 09:38:06 | Computer Name = ###| Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden. Error - 13.05.2010 09:38:06 | Computer Name = ###| Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden. Error - 13.05.2010 09:38:06 | Computer Name = ###| Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden. < End of report > Seid mir nicht bös wenn ich in meinem 1. Thema nicht gleich alles richtig gemacht habe. |
Tja Schade naja was solls werdes ichs in anderen Foren probieren müssen MfG Paul meinetwegen schliesst das teil |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 23:35 Uhr. |
Copyright ©2000-2025, Trojaner-Board