| die.nine | 11.08.2010 21:24 |
Windows Fehlermeldung bei Internetverbindung nach Malwareentfernung.
ok..die OTL.txt Datei hab ich und schick sie..aber wo find ich denn nun die extra.txt datei?
OTL Logfile: Code:
OTL logfile created on: 11.08.2010 22:16:40 - Run 5
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Nine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 76,70 Gb Free Space | 51,46% Space Free | Partition Type: NTFS
Drive D: | 137,33 Gb Total Space | 64,67 Gb Free Space | 47,09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1010,73 Mb Total Space | 1003,86 Mb Free Space | 99,32% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NINE-PC
Current User Name: Nine
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Users\Nine\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Nine\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Stardock\ObjectDock\ObjectDock.exe (Stardock)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\CK Popup Killer\PKILL.EXE (CK Software)
========== Modules (SafeList) ==========
MOD - C:\Users\Nine\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Stardock\ObjectDock\DockShellHook.dll ()
========== Win32 Services (SafeList) ==========
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (ASTSRV) -- C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (NBService) -- C:\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
========== Driver Services (SafeList) ==========
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.4.5
FF - prefs.js..extensions.enabledItems: fbchathistory@firechm.com:1.1.4
FF - prefs.js..extensions.enabledItems: {d7ba87f4-c901-47b7-af80-18d75313aad1}:1.4.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {464F169E-ACE1-4C5F-A778-A433A3DABBAE}:1.0
FF - prefs.js..extensions.enabledItems: {2122962a-1424-fffe-19af-bba2ef3eff4a}:1.0
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Mozilla Firefox\components [2010.08.01 12:00:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Mozilla Firefox\plugins [2010.08.09 23:52:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.07.22 10:44:12 | 000,000,000 | ---D | M]
[2010.02.10 12:26:45 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\mozilla\Extensions
[2010.02.10 12:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.01.09 16:37:46 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\mozilla\Extensions\postbox@postbox-inc.com
[2010.08.11 15:39:27 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions
[2010.06.01 09:17:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.05 00:36:01 | 000,000,000 | ---D | M] (YouTube Downloader for Facebook) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a}
[2010.08.08 12:22:47 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.26 23:13:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.05.20 16:21:19 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010.08.03 20:52:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.06.01 09:17:24 | 000,000,000 | ---D | M] (facebookchatbar) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{d7ba87f4-c901-47b7-af80-18d75313aad1}
[2010.06.15 17:15:56 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.04.27 17:44:43 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.07.23 10:50:55 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\fbchathistory@firechm.com
[2010.07.23 10:51:04 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\ffxtlbr@Facemoods.com
[2010.07.23 10:51:02 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\firefox@facebook.com
[2010.04.27 23:04:56 | 000,000,873 | ---- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\FireFox\Profiles\cmswdcip.default\searchplugins\conduit.xml
[2010.04.24 10:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.10 17:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
O1 HOSTS File: ([2010.08.11 21:57:36 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Nine\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CK POPUP KILLER] C:\CK Popup Killer\PKILL.EXE (CK Software)
O4 - Startup: C:\Users\Nine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nine\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Nine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010.08.11 19:13:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Nine\Desktop\OTL.exe
[2010.08.11 18:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.11 18:01:12 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.11 12:30:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.11 10:11:43 | 000,000,000 | ---D | C] -- C:\Users\Nine\AppData\Roaming\Malwarebytes
[2010.08.11 10:11:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.11 10:11:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.11 10:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.11 10:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.11 10:11:14 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nine\Desktop\mbam146-setup.exe
[2010.08.10 20:08:21 | 000,000,000 | ---D | C] -- C:\Users\Nine\AppData\Local\hpinloguv
[2010.08.10 20:08:01 | 000,000,000 | ---D | C] -- C:\Users\Nine\AppData\Roaming\A8BC87D2D6485630A6AD8E52F4857C48
[2010.08.08 20:37:06 | 000,000,000 | ---D | C] -- C:\Users\Nine\AppData\Roaming\Opera
[2010.08.08 20:37:06 | 000,000,000 | ---D | C] -- C:\Users\Nine\AppData\Local\Opera
[2010.08.08 20:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010.08.08 20:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.08.08 20:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010.08.08 20:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010.08.08 12:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010.08.03 20:53:52 | 000,000,000 | ---D | C] -- C:\Users\Nine\dwhelper
[2010.07.29 13:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010.07.26 23:13:17 | 000,000,000 | ---D | C] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.23 16:00:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.06.25 03:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.06.07 11:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery
[2010.06.07 11:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.05.31 16:48:16 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2010.05.31 16:46:01 | 000,000,000 | ---D | C] -- C:\Users\Nine\AppData\Roaming\Spesoft Audio Converter
[2010.05.28 14:33:20 | 000,000,000 | ---D | C] -- C:\Users\Nine\AppData\Roaming\FileZilla
[2010.05.28 14:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010.05.20 16:25:59 | 000,000,000 | ---D | C] -- C:\Users\Nine\.junique
[2010.05.20 16:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\VMLoad
[2010.05.20 16:25:36 | 000,000,000 | ---D | C] -- C:\Users\Nine\AppData\Roaming\VMLoad
[2010.05.20 16:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\YoutubeDownloader
========== Files - Modified Within 90 Days ==========
[2010.08.11 22:17:59 | 000,782,336 | ---- | M] () -- C:\Windows\System32\drivers\ravag.sys
[2010.08.11 22:17:16 | 002,359,296 | -HS- | M] () -- C:\Users\Nine\NTUSER.DAT
[2010.08.11 21:59:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.11 21:59:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.11 21:58:59 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.11 21:58:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.11 21:58:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.11 21:58:47 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.11 21:58:02 | 000,524,288 | -HS- | M] () -- C:\Users\Nine\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.11 21:58:02 | 000,065,536 | -HS- | M] () -- C:\Users\Nine\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.11 21:57:36 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010.08.11 21:49:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.11 21:43:30 | 002,515,612 | -H-- | M] () -- C:\Users\Nine\AppData\Local\IconCache.db
[2010.08.11 21:33:19 | 000,132,597 | ---- | M] () -- C:\Users\Nine\Desktop\Flash_Disinfector.exe
[2010.08.11 21:24:44 | 000,002,419 | ---- | M] () -- C:\Users\Nine\Desktop\Dokument.rtf
[2010.08.11 19:27:18 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.11 19:27:18 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.11 19:27:18 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.11 19:27:18 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.11 19:27:17 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.11 11:59:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Nine\Desktop\OTL.exe
[2010.08.11 10:11:39 | 000,000,785 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.11 10:01:12 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nine\Desktop\mbam146-setup.exe
[2010.08.11 09:57:22 | 000,363,520 | ---- | M] () -- C:\Users\Nine\Desktop\rkill.com
[2010.08.10 21:30:36 | 000,001,745 | ---- | M] () -- C:\Windows\lsrslt.ini
[2010.08.10 20:08:26 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010.08.10 11:38:33 | 000,801,686 | ---- | M] () -- C:\Users\Nine\Desktop\07_Kawasaki_Z1000_BLU_LE.jpg
[2010.08.09 16:33:07 | 000,045,129 | ---- | M] () -- C:\Users\Nine\Desktop\36798_414188957002_93624892002_5375467_1655063_n.jpg
[2010.08.08 20:25:34 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.08.07 20:27:08 | 000,880,640 | ---- | M] () -- C:\Users\Nine\fbchathistory.dat
[2010.08.01 16:30:12 | 000,089,600 | ---- | M] () -- C:\Users\Nine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.01 16:30:11 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.07.30 17:27:05 | 049,019,025 | ---- | M] () -- C:\Users\Nine\Desktop\insel Kopie.psd
[2010.07.30 17:25:30 | 022,357,693 | ---- | M] () -- C:\Users\Nine\Desktop\30-san-bals-insel-360 Kopie.psd
[2010.07.30 12:05:20 | 000,115,080 | ---- | M] () -- C:\Users\Nine\Desktop\pp-wilson1.jpg
[2010.07.30 12:01:06 | 000,016,669 | ---- | M] () -- C:\Users\Nine\Desktop\..jpg
[2010.07.30 11:29:01 | 000,208,280 | ---- | M] () -- C:\Users\Nine\Desktop\30-san-bals-insel-360.jpg
[2010.07.30 11:28:47 | 000,165,514 | ---- | M] () -- C:\Users\Nine\Desktop\29-san-blas-insel-333.jpg
[2010.07.30 11:24:02 | 000,549,456 | ---- | M] () -- C:\Users\Nine\Desktop\insel.jpg
[2010.07.29 13:28:25 | 006,284,396 | ---- | M] () -- C:\Users\Nine\Desktop\Bewerbung_j.schlesinger.pdf
[2010.07.23 11:17:05 | 000,000,680 | ---- | M] () -- C:\Users\Nine\AppData\Local\d3d9caps.dat
[2010.06.12 03:23:53 | 002,185,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.01 15:12:41 | 000,000,011 | R--- | M] () -- C:\Windows\amunres.lsl
[2010.05.20 10:10:45 | 000,069,104 | ---- | M] () -- C:\Users\Nine\Documents\passbilder.pdf
========== Files Created - No Company Name ==========
[2010.08.11 21:34:08 | 000,132,597 | ---- | C] () -- C:\Users\Nine\Desktop\Flash_Disinfector.exe
[2010.08.11 18:16:30 | 000,002,419 | ---- | C] () -- C:\Users\Nine\Desktop\Dokument.rtf
[2010.08.11 15:20:23 | 3220,463,616 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.11 10:11:39 | 000,000,785 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.11 10:09:55 | 000,363,520 | ---- | C] () -- C:\Users\Nine\Desktop\rkill.com
[2010.08.10 21:30:36 | 000,001,745 | ---- | C] () -- C:\Windows\lsrslt.ini
[2010.08.10 20:08:25 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010.08.10 20:08:21 | 000,782,336 | ---- | C] () -- C:\Windows\System32\drivers\ravag.sys
[2010.08.10 11:38:33 | 000,801,686 | ---- | C] () -- C:\Users\Nine\Desktop\07_Kawasaki_Z1000_BLU_LE.jpg
[2010.08.09 16:33:07 | 000,045,129 | ---- | C] () -- C:\Users\Nine\Desktop\36798_414188957002_93624892002_5375467_1655063_n.jpg
[2010.08.08 20:25:34 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.07.30 17:26:07 | 049,019,025 | ---- | C] () -- C:\Users\Nine\Desktop\insel Kopie.psd
[2010.07.30 17:25:27 | 022,357,693 | ---- | C] () -- C:\Users\Nine\Desktop\30-san-bals-insel-360 Kopie.psd
[2010.07.30 12:05:20 | 000,115,080 | ---- | C] () -- C:\Users\Nine\Desktop\pp-wilson1.jpg
[2010.07.30 12:01:06 | 000,016,669 | ---- | C] () -- C:\Users\Nine\Desktop\..jpg
[2010.07.30 11:29:01 | 000,208,280 | ---- | C] () -- C:\Users\Nine\Desktop\30-san-bals-insel-360.jpg
[2010.07.30 11:28:47 | 000,165,514 | ---- | C] () -- C:\Users\Nine\Desktop\29-san-blas-insel-333.jpg
[2010.07.30 11:24:02 | 000,549,456 | ---- | C] () -- C:\Users\Nine\Desktop\insel.jpg
[2010.07.29 13:21:59 | 006,284,396 | ---- | C] () -- C:\Users\Nine\Desktop\Bewerbung_j.schlesinger.pdf
[2010.06.07 11:07:31 | 000,006,200 | ---- | C] () -- C:\Windows\System32\INT13EXT.VXD
[2010.06.01 15:12:41 | 000,000,011 | R--- | C] () -- C:\Windows\amunres.lsl
[2010.05.20 10:10:45 | 000,069,104 | ---- | C] () -- C:\Users\Nine\Documents\passbilder.pdf
[2010.03.14 13:29:31 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.01.30 15:56:06 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.14 20:27:17 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.12.14 20:26:12 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.12.11 12:36:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.10 15:58:30 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2009.12.08 10:08:48 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009.12.08 04:23:28 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.12.07 22:28:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.12.07 19:23:04 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002.03.19 01:18:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\LAME_ENC.DLL
========== LOP Check ==========
[2010.08.10 21:08:14 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\A8BC87D2D6485630A6AD8E52F4857C48
[2010.02.25 17:29:55 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Alien Skin
[2010.01.30 15:53:10 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\avidemux
[2010.08.10 20:09:45 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Azureus
[2010.08.11 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Dropbox
[2010.07.26 23:13:17 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.08 17:34:28 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Facebook
[2010.07.23 16:04:41 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\FileZilla
[2010.01.25 11:55:29 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\FRITZ!
[2010.08.03 13:56:32 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Image Zone Express
[2010.04.23 18:58:55 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\MAXON
[2010.05.12 17:25:52 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\OpenOffice.org
[2010.08.08 20:37:06 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Opera
[2010.02.01 18:05:56 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Passware
[2010.01.09 16:37:45 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Postbox
[2010.02.13 17:48:18 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Printer Info Cache
[2010.05.31 16:46:01 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Spesoft Audio Converter
[2010.02.10 12:26:45 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Thunderbird
[2009.12.07 19:05:19 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\TuneUp Software
[2010.05.25 13:32:39 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\VMLoad
[2010.08.11 21:58:04 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.04.16 13:27:17 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2007.04.04 21:01:54 | 000,000,019 | ---- | M] () -- C:\CA21.txt
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009.03.11 09:16:50 | 000,000,027 | ---- | M] () -- C:\DRIVER.20
[2009.02.24 02:20:26 | 001,048,576 | ---- | M] () -- C:\F50SLAS.BIN
[2010.08.11 21:58:47 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys
[2009.12.07 19:21:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.12.07 19:21:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.08.11 21:58:45 | 3534,049,280 | -HS- | M] () -- C:\pagefile.sys
[2008.09.12 04:01:31 | 000,000,028 | ---- | M] () -- C:\RECOVERY.DAT
[2010.08.11 10:35:05 | 000,000,350 | ---- | M] () -- C:\rkill.log
[2010.08.10 20:08:26 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010.02.20 11:22:20 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008.01.21 04:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008.01.21 04:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2009.12.10 10:38:54 | 001,924,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player10.0.42.34.exe
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008.12.01 09:47:30 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-10 06:55:10
< End of report >
--- --- ---
Programm endet irgendwann mit der Meldung:
gmer has found system modification caused by rootkit activity Code:
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-11 23:42:39
Windows 6.0.6002 Service Pack 2
Running: 9pyrnivh.exe; Driver: C:\Users\Nine\AppData\Local\Temp\kwldqpow.sys
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\ravag.sys Ein an das System angeschlossenes Gerät funktioniert nicht. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E404000, 0x23097E, 0xE8000020]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 868104C0
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [BOOT] ravag <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\ravag@Type 1
Reg HKLM\SYSTEM\ControlSet001\Services\ravag@Start 0
Reg HKLM\SYSTEM\ControlSet001\Services\ravag@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet001\Services\ravag@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\ravag@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ravag@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ravag@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ravag@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\ravag@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\ravag@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\ravag@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\ravag@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet004\Services\ravag@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\ravag@Start 0
Reg HKLM\SYSTEM\ControlSet004\Services\ravag@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\ravag@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet005\Services\ravag@Type 1
Reg HKLM\SYSTEM\ControlSet005\Services\ravag@Start 0
Reg HKLM\SYSTEM\ControlSet005\Services\ravag@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet005\Services\ravag@Group Boot Bus Extender
---- EOF - GMER 1.0.15 ----
|
