| shiva2012 | 18.11.2010 06:37 |
endlich hab ich es rüberbekommen:
OTL Logfile: Code:
OTL logfile created on: 11/18/2010 6:01:34 AM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,023.00 Mb Total Physical Memory | 784.00 Mb Available Physical Memory | 77.00% Memory free
907.00 Mb Paging File | 816.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149.05 Gb Total Space | 89.04 Gb Free Space | 59.74% Space Free | Partition Type: NTFS
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/09 19:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/06/02 03:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/10/02 05:26:42 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/02 05:06:56 | 000,905,216 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/10/02 04:56:44 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/09/13 10:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2010/09/06 21:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/07/04 14:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/02/09 01:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 01:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 01:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 01:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/11/11 20:54:00 | 006,188,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/04 05:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/13 17:10:48 | 000,036,352 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 15:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/09 00:19:16 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/03/22 18:00:00 | 002,547,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/02/11 18:00:00 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Fujitsu-Siemens_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Fujitsu-Siemens_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Fujitsu-Siemens_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKU\Fujitsu-Siemens_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Fujitsu-Siemens_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Fujitsu-Siemens_ON_C\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)
IE - HKU\Fujitsu-Siemens_ON_C\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll File not found
IE - HKU\Fujitsu-Siemens_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)
IE - HKU\Fujitsu-Siemens_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/02/06 13:05:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/08/12 09:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\esnipsxpi@logia.esnips: C:\Programme\Logia\eSnipsDownloader\ext [2010/05/02 10:25:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{DC930B30-4291-487E-B092-911BE2D5A3D4}: C:\Dokumente und Einstellungen\Fujitsu-Siemens\Lokale Einstellungen\Anwendungsdaten\{DC930B30-4291-487E-B092-911BE2D5A3D4} [2010/10/26 09:32:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG10\Firefox\ [2010/11/17 13:04:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010/11/13 10:26:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010/11/13 10:26:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010/05/06 02:35:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010/05/08 12:58:18 | 000,000,000 | ---D | M]
[2010/11/17 13:08:23 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010/05/30 07:48:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2008/12/29 13:33:15 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/10/27 00:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/10/27 00:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/10/27 00:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/10/27 00:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/10/27 00:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll File not found
O2 - BHO: (eSnipsBHO Class) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - C:\Programme\Logia\eSnipsDownloader\eSnipsBHO.dll (Logia Media)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll File not found
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)
O3 - HKU\Fujitsu-Siemens_ON_C\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Fujitsu-Siemens_ON_C\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Programme\myBabylon_English\tbmyBa.dll File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InstantOn] C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\.DEFAULT..\Run: [adsifhdsif.exe] C:\adsifhdsif.exe\adsifhdsif.exe File not found
O4 - HKU\.DEFAULT..\Run: [ajndufhiad.exe] C:\ajndufhiad.exe\ajndufhiad.exe File not found
O4 - HKU\.DEFAULT..\Run: [bootstartx.exe] C:\bootstartx.exe\bootstartx.exe File not found
O4 - HKU\.DEFAULT..\Run: [numberfour.exe] C:\numberfour.exe\numberfour.exe File not found
O4 - HKU\.DEFAULT..\Run: [siodfjisod.exe] C:\siodfjisod.exe\siodfjisod.exe File not found
O4 - HKU\Fujitsu-Siemens_ON_C..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\Fujitsu-Siemens_ON_C..\Run: [siodfjisod.exe] C:\siodfjisod.exe\siodfjisod.exe File not found
O4 - HKU\LocalService_ON_C..\Run: [adsifhdsif.exe] C:\adsifhdsif.exe\adsifhdsif.exe File not found
O4 - HKU\LocalService_ON_C..\Run: [ajndufhiad.exe] C:\ajndufhiad.exe\ajndufhiad.exe File not found
O4 - HKU\LocalService_ON_C..\Run: [bootstartx.exe] C:\bootstartx.exe\bootstartx.exe File not found
O4 - HKU\NetworkService_ON_C..\Run: [ajndufhiad.exe] C:\ajndufhiad.exe\ajndufhiad.exe File not found
O4 - HKU\NetworkService_ON_C..\Run: [bootstartx.exe] C:\bootstartx.exe\bootstartx.exe File not found
O4 - HKU\NetworkService_ON_C..\Run: [numberfour.exe] C:\numberfour.exe\numberfour.exe File not found
O4 - HKU\NetworkService_ON_C..\Run: [siodfjisod.exe] C:\siodfjisod.exe\siodfjisod.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Fujitsu-Siemens_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\usrinit.exe) - C:\WINDOWS\system32\usrinit.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/09 11:08:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dwwirsvp - (C:\WINDOWS\TEMP\chkddiag.dll) - C:\WINDOWS\TEMP\chkddiag.dll File not found
O36 - AppCertDlls: dwwismui - (C:\WINDOWS\system32\chkddiag.dll) - C:\WINDOWS\System32\chkddiag.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/17 13:06:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\AVG10
[2010/11/17 13:03:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010/11/17 13:03:55 | 000,000,000 | ---D | C] -- C:\Programme\AVG
[2010/11/17 12:48:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Lokale Einstellungen\Anwendungsdaten\ConduitEngine
[2010/11/17 12:48:35 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine
[2010/11/13 10:24:41 | 008,402,944 | ---- | C] (Mozilla) -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Desktop\Firefox Setup 3.6.12.exe
[2010/11/13 10:07:18 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache
[2010/11/13 10:05:51 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2010/11/13 10:05:51 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\SendTo
[2010/11/13 10:05:51 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
[2010/11/13 10:05:51 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü
[2010/11/13 10:05:51 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\Cookies
[2010/11/13 10:05:51 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Vorlagen
[2010/11/13 10:05:51 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2010/11/13 10:05:51 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
[2010/11/13 10:05:51 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
[2010/11/13 10:05:51 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
[2010/11/13 10:05:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010/11/13 10:05:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intel
[2010/11/13 10:05:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Favoriten
[2010/11/13 10:05:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop
[2010/11/05 02:48:10 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\LocalService\Favoriten
[2010/11/05 02:48:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010/11/04 03:48:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Yqoge
[2010/11/04 03:48:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Uvusra
[2010/11/01 03:23:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Desktop\2010-11 (Nov)
[2010/10/30 02:09:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config\systemprofile\Anwendungsdaten\PC Suite
[2010/10/26 09:32:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Lokale Einstellungen\Anwendungsdaten\{DC930B30-4291-487E-B092-911BE2D5A3D4}
[2010/10/26 01:39:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Desktop\2010-10 (Okt)
[2010/10/22 08:11:26 | 000,000,000 | ---D | C] -- C:\Programme\Safari
[2010/10/22 08:11:08 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010/10/22 08:11:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Lokale Einstellungen\Anwendungsdaten\Apple
[2010/10/22 08:10:59 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010/10/19 07:45:41 | 000,000,000 | ---D | C] -- C:\Programme\COMODO
[2010/10/19 07:15:51 | 000,000,000 | ---D | C] -- C:\Programme\CrystalDiskMark
[2007/08/13 10:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Lokale Einstellungen\Anwendungsdaten\CDRip.dll
[2007/01/18 14:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Lokale Einstellungen\Anwendungsdaten\No23 Recorder.exe
[2006/12/11 12:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Lokale Einstellungen\Anwendungsdaten\basscd.dll
[2006/12/11 12:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Lokale Einstellungen\Anwendungsdaten\bass.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/11/17 23:46:50 | 000,000,289 | ---- | M] () -- C:\Windows Xp (C).lnk
[2010/11/17 23:00:04 | 000,204,016 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/17 22:59:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/17 19:13:15 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0FBCB9B3-790C-4E2A-A648-0A0B3423E80E}.job
[2010/11/17 13:56:53 | 000,448,470 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010/11/17 13:56:53 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/17 13:56:53 | 000,079,910 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010/11/17 13:56:53 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/17 12:34:07 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/11/16 05:05:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/13 10:45:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/13 10:26:58 | 000,001,594 | ---- | M] () -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/13 10:24:54 | 008,402,944 | ---- | M] (Mozilla) -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Desktop\Firefox Setup 3.6.12.exe
[2010/11/12 18:44:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pmikakucur.bin
[2010/11/06 10:16:06 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Mvigoc.dat
[2010/10/29 00:53:36 | 000,001,766 | ---- | M] () -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Desktop\hop008c.htm
[2010/10/22 08:17:10 | 000,002,401 | ---- | M] () -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/22 08:11:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/11/17 23:46:50 | 000,000,289 | ---- | C] () -- C:\Windows Xp (C).lnk
[2010/11/13 10:26:58 | 000,001,594 | ---- | C] () -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/29 00:53:36 | 000,001,766 | ---- | C] () -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Desktop\hop008c.htm
[2010/10/26 09:32:42 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Mvigoc.dat
[2010/10/26 09:32:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pmikakucur.bin
[2010/10/22 08:11:37 | 000,002,401 | ---- | C] () -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/22 08:11:02 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/25 00:13:39 | 000,067,128 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010/05/30 08:14:27 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\Chip.dll
[2010/05/08 12:24:16 | 000,001,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Lokale Einstellungen\Anwendungsdaten\RecConfig.xml
[2010/03/10 03:23:02 | 000,021,504 | ---- | C] () -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/06 14:08:16 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Ÿ9Ÿ9
[2008/12/16 13:18:18 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/12/09 12:13:30 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/12/09 12:02:24 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/09 12:02:24 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/09 12:02:24 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/09 12:02:24 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/12/09 11:01:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/07 03:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 03:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/04/13 17:10:48 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\disk.sys
[2007/08/13 10:46:00 | 000,155,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Lokale Einstellungen\Anwendungsdaten\lame_enc.dll
[2006/10/25 18:06:48 | 000,064,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Lokale Einstellungen\Anwendungsdaten\vorbisenc.dll
[2006/10/25 18:06:48 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Lokale Einstellungen\Anwendungsdaten\vorbisfile.dll
[2006/10/25 18:06:46 | 000,143,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Lokale Einstellungen\Anwendungsdaten\vorbis.dll
[2006/10/25 18:06:36 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Lokale Einstellungen\Anwendungsdaten\ogg.dll
[2005/08/23 15:34:06 | 000,029,184 | ---- | C] () -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Lokale Einstellungen\Anwendungsdaten\no23xwrapper.dll
========== LOP Check ==========
[2010/10/30 02:09:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\System32\config\systemprofile\Anwendungsdaten\PC Suite
[2010/05/30 08:14:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Acoustica
[2010/11/17 13:06:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\AVG10
[2010/05/02 14:46:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Babylon
[2010/10/27 02:23:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Ezodn
[2010/10/11 08:49:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\FileZilla
[2008/12/29 13:33:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Foxit
[2010/05/02 10:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Logia
[2009/08/12 09:31:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Nokia
[2009/09/23 11:30:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Notepad++
[2010/10/27 02:23:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Ofvad
[2008/12/29 12:14:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\OpenOffice.org
[2009/08/12 09:30:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\PC Suite
[2010/11/17 14:54:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\PriceGong
[2009/09/28 13:14:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Skinux
[2010/05/06 02:35:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Thunderbird
[2010/11/05 04:04:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Uvusra
[2010/11/04 05:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fujitsu-Siemens\Anwendungsdaten\Yqoge
[2010/10/14 06:00:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\PriceGong
[2010/11/17 19:13:15 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0FBCB9B3-790C-4E2A-A648-0A0B3423E80E}.job
========== Purity Check ==========
< End of report >
--- --- ---
[/QUOTE]
habe nur die zeilen mit open office text dokumenten rausgenommen (privat)
wie man sieht, habe ich folgende Verzeichnisse gelöscht:
C:\adsifhdsif.exe\
C:\ajndufhiad.exe\
C:\bootstartx.exe\
C:\numberfour.exe\
C:\siodfjisod.exe\
Edit: über numberfour.exe habe ich folgenden link gefunden: hxxp://www.threatexpert.com/report.aspx?md5=2c524d0b5d3e6fbdd59ddbd3020d393c
dort sind registry Einträge aufgeführt, die erzeugt werden.
Komme ich mit OTLPE da ra un kann diese manuell löschen? |
