| |
| |||||||
Log-Analyse und Auswertung: Bka virus eingefangen... otl logfile mit otlpnet erstelltWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.06.2011, 16:38
| #1 |
 |  Bka virus eingefangen... otl logfile mit otlpnet erstellt Hallo, ich habe mir den bka virus eingefangen und kann nun nichtmehr auf mein system zugreifen... ich habe es schon mit den rescue systemen von avira und kaspersky versucht aber da war leider nichts zu machen. ich kann momentan über knoppix oder otlpnet per cd auf mein system zugreifen allerdings kann ich dort dann auch nicht viel machen weil ich dem linux nicht mächtig bin  ich habe natürlich dann gleich otl nach anleitung scannen lassen und wende mich nun hoffnungsvoll mit meinem logfile an euch, in der hoffnung dass ich mein system nicht neu aufsetzen muss...  Code:
ATTFilter OTL logfile created on: 6/12/2011 6:08:50 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 5.40 Gb Free Space | 3.62% Space Free | Partition Type: NTFS
Drive D: | 149.04 Gb Total Space | 5.88 Gb Free Space | 3.95% Space Free | Partition Type: NTFS
Drive E: | 136.35 Gb Total Space | 1.70 Gb Free Space | 1.25% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 3.52 Gb Free Space | 2.36% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/02/04 07:10:20 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto] -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe -- (NitroReaderDriverReadSpool)
SRV:64bit: - [2010/10/17 18:43:02 | 000,099,048 | ---- | M] (SANDBOXIE L.T.D) [Auto] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2010/10/14 11:16:56 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/05/06 05:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV:64bit: - [2007/08/03 15:24:54 | 000,125,496 | ---- | M] () [Auto] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2011/06/03 12:21:28 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/17 19:45:57 | 003,275,864 | ---- | M] () [Auto] -- C:\Program Files (x86)\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/04/15 05:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/02/06 11:36:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/24 16:33:26 | 000,921,600 | ---- | M] () [Auto] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 08:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/21 09:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 11:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/06 19:57:18 | 000,072,248 | ---- | M] () [Auto] -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe -- (WBVGAservice)
SRV - [2008/11/11 04:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () [Auto] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007/01/04 14:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/03/14 11:52:46 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2010/10/17 18:42:58 | 000,145,512 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2010/07/09 08:19:04 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto] -- C:\Windows\System32\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/04/16 02:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/30 21:58:04 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/18 05:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 05:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/12/07 14:38:23 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/11/11 16:15:44 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/01 13:04:54 | 001,307,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/05 09:27:12 | 001,449,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/04/11 01:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/04/01 20:46:40 | 000,016,440 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2008/11/03 03:03:27 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/09/15 02:57:32 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2008/09/15 02:57:18 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008/09/15 02:57:18 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2008/09/15 02:57:18 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2008/08/28 06:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/08/21 02:39:13 | 000,017,464 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV:64bit: - [2008/08/21 00:18:39 | 001,836,800 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/05/02 01:59:47 | 000,166,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/02/15 21:27:18 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/01/24 01:24:23 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2007/10/17 00:54:20 | 000,015,872 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System] -- C:\Windows\System32\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2007/08/08 04:31:16 | 000,034,336 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\scramby_out.sys -- (scramby_out)
DRV:64bit: - [2007/07/27 22:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 23:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 14:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007/04/16 15:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV:64bit: - [2007/02/13 13:41:26 | 000,029,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\scramby.sys -- (scramby)
DRV:64bit: - [2006/10/27 09:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Bulli_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Bulli_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Bulli_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 6B 59 9A 78 F2 CB 01 [binary data]
IE - HKU\Bulli_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Bulli_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2009/11/10 16:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bulli\AppData\Roaming\Mozilla\Extensions
[2011/06/03 13:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bulli\AppData\Roaming\Mozilla\Firefox\Profiles\voqaui9c.default\extensions
[2010/11/04 15:54:02 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Bulli\AppData\Roaming\Mozilla\Firefox\Profiles\voqaui9c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/01/25 09:14:41 | 000,000,655 | ---- | M] () -- C:\Users\Bulli\AppData\Roaming\Mozilla\Firefox\Profiles\voqaui9c.default\searchplugins\guildwiki-de.xml
[2011/03/24 05:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/18 10:51:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/11 06:45:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/21 14:33:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/22 12:43:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/18 12:38:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\BULLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VOQAUI9C.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\BULLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VOQAUI9C.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BULLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VOQAUI9C.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2009/11/15 16:47:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/29 05:34:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 16:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/01/01 04:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/01/01 04:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3 - HKU\Bulli_ON_C\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe (ChkMail)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files (x86)\P4P\P4P.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Turbo Gear] C:\Program Files\ASUS\Turbo Gear\TurboGear.exe ()
O4 - HKLM..\Run: [Turbo Gear Help] C:\Program Files\ASUS\Turbo Gear\GearHelp.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKU\Bulli_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\Bulli_ON_C..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\Bulli_ON_C..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\Bulli_ON_C..\Run: [UIWatcher] File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Bulli_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Bulli_ON_C Winlogon: Shell - (C:\Users\Bulli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGM9Q2KD\readme[1].exe) - C:\Users\Bulli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGM9Q2KD\readme[1].exe (iu)
O24 - Desktop WallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O24 - Desktop BackupWallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/14 10:41:22 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{144bec39-de93-11de-bb91-002243cc3463}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{4fa1649b-8842-11df-af6b-002243cc3463}\Shell\AutoRun\command - "" = J:\pakhet.exe
O33 - MountPoints2\{4fa1649b-8842-11df-af6b-002243cc3463}\Shell\open\Command - "" = J:\pakhet.exe
O33 - MountPoints2\{d8a11cf0-0e8f-11e0-abae-002243cc3463}\Shell\AutoRun\command - "" = J:\Menu.exe
O33 - MountPoints2\{e9ecba20-cfa5-11de-a863-002243cc3463}\Shell - "" = AutoRun
O33 - MountPoints2\{e9ecba20-cfa5-11de-a863-002243cc3463}\Shell\AutoRun\command - "" = I:\Trials_2_Second_Edition_Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/10 16:50:24 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/05/28 20:36:52 | 000,000,000 | ---D | C] -- C:\Users\Bulli\AppData\Roaming\go
[2011/05/28 20:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/05/23 14:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/23 14:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/23 14:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/05/16 09:10:57 | 000,000,000 | --SD | C] -- C:\Users\Bulli\Documents\Eigene Datenquellen
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/12 09:09:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/11 20:15:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/11 20:15:13 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011/06/11 20:14:59 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/11 20:14:53 | 000,036,917 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/06/11 20:14:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/11 20:14:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/11 08:21:42 | 005,291,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/10 17:16:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/10 16:55:27 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/06/10 16:55:27 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/10 16:55:27 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/06/10 16:55:27 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/10 16:50:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/10 16:47:06 | 000,036,917 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/06/09 15:49:01 | 000,071,168 | ---- | M] () -- C:\Users\Bulli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/06 13:44:40 | 000,000,680 | ---- | M] () -- C:\Users\Bulli\AppData\Local\d3d9caps.dat
[2011/05/28 20:36:52 | 000,001,562 | ---- | M] () -- C:\Users\Bulli\Desktop\Spielen (EasyBits GO).lnk
[2011/05/23 14:05:44 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/23 14:05:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/05/28 20:36:52 | 000,001,592 | ---- | C] () -- C:\Users\Bulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spielen (EasyBits GO).lnk
[2011/05/28 20:36:52 | 000,001,562 | ---- | C] () -- C:\Users\Bulli\Desktop\Spielen (EasyBits GO).lnk
[2011/05/23 14:05:44 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/24 12:01:39 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010/12/17 08:41:07 | 000,002,508 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/09/30 18:27:52 | 000,000,680 | ---- | C] () -- C:\Users\Bulli\AppData\Local\d3d9caps.dat
[2010/09/07 16:54:08 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2009/12/04 15:11:40 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/04 15:11:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/04 15:11:03 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/01 12:50:19 | 000,004,096 | -H-- | C] () -- C:\Users\Bulli\AppData\Local\keyfile3.drm
[2009/11/28 19:05:36 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/11/14 12:30:02 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2009/11/14 12:29:54 | 000,000,700 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2009/11/14 12:29:05 | 000,002,391 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2009/11/14 12:29:05 | 000,000,132 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2009/11/13 13:08:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/13 12:56:40 | 000,036,917 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/13 11:27:37 | 000,036,917 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/10 16:25:56 | 000,071,168 | ---- | C] () -- C:\Users\Bulli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/10 16:21:36 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2009/09/17 00:05:24 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\ChkMail.ini
[2009/09/16 23:57:06 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/09/16 23:51:56 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/09/16 23:51:56 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/09/16 22:38:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/09/16 22:37:00 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/04/08 13:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/12/19 02:42:28 | 000,000,518 | ---- | C] () -- C:\Windows\cm106.ini
[2008/11/07 21:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/08/04 14:29:59 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/05/22 11:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2008/04/29 22:22:42 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2000/08/02 14:47:20 | 000,026,112 | ---- | C] () -- C:\Windows\RunUnDrv.exe
========== LOP Check ==========
[2011/04/12 15:07:32 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\.minecraft
[2010/09/07 17:45:23 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\10 Finger BreakOut
[2010/10/14 12:47:39 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Autodesk
[2011/04/05 10:27:13 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Camfrog
[2010/01/05 18:54:22 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/11/12 14:04:30 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\DAEMON Tools
[2009/11/11 16:43:24 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\DAEMON Tools Lite
[2011/05/13 09:25:54 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Downloaded Installations
[2010/11/04 15:54:01 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/01/11 10:42:22 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\FreeMoviesToDVD
[2011/06/10 16:48:34 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\go
[2009/11/18 15:12:23 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\InterVideo
[2010/04/04 16:48:06 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Leadertech
[2011/01/14 21:23:57 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Local
[2010/09/07 16:58:12 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\MAGIX
[2011/05/13 09:27:36 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Nitro PDF
[2009/11/10 14:39:50 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Nokia
[2010/10/14 09:07:17 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Nseries
[2009/11/10 16:08:21 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\PC Suite
[2011/04/30 13:25:11 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Power Sound Editor Free
[2010/03/15 12:47:44 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\ScreenSeven
[2009/11/10 16:21:39 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Shark007
[2011/05/03 19:07:50 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\SteelBytes
[2010/04/13 13:25:21 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Super-Cow
[2011/05/04 14:28:02 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\TeamViewer
[2010/01/31 14:56:03 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\TS3Client
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/01/22 19:43:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Ashampoo
[2010/02/27 12:40:20 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS
[2011/04/09 09:51:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2010/07/09 07:02:54 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2009/11/11 16:15:07 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/06/10 17:28:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Easybits GO
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/05/13 10:29:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Insight Software
[2010/05/13 10:29:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Insight Software Solutions
[2010/02/22 14:03:29 | 000,000,000 | ---D | M] -- C:\ProgramData\InterVideo
[2011/04/09 10:20:24 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2011/05/13 09:26:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Nitro PDF
[2009/11/10 16:08:09 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2011/04/03 10:30:36 | 000,000,000 | ---D | M] -- C:\ProgramData\RapidSolution
[2011/02/06 12:37:45 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2009/11/10 16:21:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Shark007
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/04/26 09:28:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/04/04 20:47:04 | 000,000,000 | ---D | M] -- C:\ProgramData\TrackMania
[2010/12/10 13:08:35 | 000,000,000 | ---D | M] -- C:\ProgramData\TVersity
[2009/11/30 13:01:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2010/05/23 10:10:18 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/06/11 20:15:45 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2009/12/09 07:50:53 | 000,000,000 | ---D | M](C:\Users\Bulli\Documents\??? ????) -- C:\Users\Bulli\Documents\Мои игры
[2009/12/09 07:50:53 | 000,000,000 | ---D | C](C:\Users\Bulli\Documents\??? ????) -- C:\Users\Bulli\Documents\Мои игры
========== Alternate Data Streams ==========
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E8BE05FA
< End of report >
Gruß, Bulli |
|
12.06.2011, 17:07
| #2 |
| /// Malware-holic   | Bka virus eingefangen... otl logfile mit otlpnet erstellt aloa,
__________________auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O20 - HKU\Bulli_ON_C Winlogon: Shell - (C:\Users\Bulli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGM9Q2KD\readme[1].exe) - C:\Users\Bulli\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\ZGM9Q2KD\readme[1].exe (iu)
:Files
C:\Users\Bulli\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\ZGM9Q2KD\readme[1].exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
|
12.06.2011, 18:40
| #3 |
| | Bka virus eingefangen... otl logfile mit otlpnet erstellt Hallo markusg,
__________________dake für deine schnelle antwort. ich habe die fix.txt in otl eingefügt und dann auf fix geklickt anschliessend kam die meldung, dass ein neustart notwendig ist dann hab ich auf ja geklickt und er hat nicht von allein neugestartet. ich habe dann manuell neu gestartet und die cd entfernt um windows zu booten aber da kam ich dann immer noch nicht ins system. anschliessend habe ich wieder mit der otlpnet cd gestartet und nochmal den fix ausgeführt und nach der neustartmeldung dann über otlpnet die dateien und das logfile rübergezogen... Code:
ATTFilter OTL logfile created on: 6/12/2011 6:08:50 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 5.40 Gb Free Space | 3.62% Space Free | Partition Type: NTFS
Drive D: | 149.04 Gb Total Space | 5.88 Gb Free Space | 3.95% Space Free | Partition Type: NTFS
Drive E: | 136.35 Gb Total Space | 1.70 Gb Free Space | 1.25% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 3.52 Gb Free Space | 2.36% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/02/04 07:10:20 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto] -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe -- (NitroReaderDriverReadSpool)
SRV:64bit: - [2010/10/17 18:43:02 | 000,099,048 | ---- | M] (SANDBOXIE L.T.D) [Auto] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2010/10/14 11:16:56 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/05/06 05:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV:64bit: - [2007/08/03 15:24:54 | 000,125,496 | ---- | M] () [Auto] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2011/06/03 12:21:28 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/17 19:45:57 | 003,275,864 | ---- | M] () [Auto] -- C:\Program Files (x86)\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/04/15 05:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/02/06 11:36:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/24 16:33:26 | 000,921,600 | ---- | M] () [Auto] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 08:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/21 09:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 11:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/06 19:57:18 | 000,072,248 | ---- | M] () [Auto] -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe -- (WBVGAservice)
SRV - [2008/11/11 04:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () [Auto] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007/01/04 14:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/03/14 11:52:46 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2010/10/17 18:42:58 | 000,145,512 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2010/07/09 08:19:04 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto] -- C:\Windows\System32\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/04/16 02:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/30 21:58:04 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/18 05:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 05:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/12/07 14:38:23 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/11/11 16:15:44 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/01 13:04:54 | 001,307,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/05 09:27:12 | 001,449,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/04/11 01:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/04/01 20:46:40 | 000,016,440 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2008/11/03 03:03:27 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/09/15 02:57:32 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2008/09/15 02:57:18 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008/09/15 02:57:18 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2008/09/15 02:57:18 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2008/08/28 06:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/08/21 02:39:13 | 000,017,464 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV:64bit: - [2008/08/21 00:18:39 | 001,836,800 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/05/02 01:59:47 | 000,166,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/02/15 21:27:18 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/01/24 01:24:23 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2007/10/17 00:54:20 | 000,015,872 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System] -- C:\Windows\System32\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2007/08/08 04:31:16 | 000,034,336 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\scramby_out.sys -- (scramby_out)
DRV:64bit: - [2007/07/27 22:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 23:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 14:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007/04/16 15:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV:64bit: - [2007/02/13 13:41:26 | 000,029,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\scramby.sys -- (scramby)
DRV:64bit: - [2006/10/27 09:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Bulli_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Bulli_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Bulli_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 6B 59 9A 78 F2 CB 01 [binary data]
IE - HKU\Bulli_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Bulli_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2009/11/10 16:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bulli\AppData\Roaming\Mozilla\Extensions
[2011/06/03 13:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bulli\AppData\Roaming\Mozilla\Firefox\Profiles\voqaui9c.default\extensions
[2010/11/04 15:54:02 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Bulli\AppData\Roaming\Mozilla\Firefox\Profiles\voqaui9c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/01/25 09:14:41 | 000,000,655 | ---- | M] () -- C:\Users\Bulli\AppData\Roaming\Mozilla\Firefox\Profiles\voqaui9c.default\searchplugins\guildwiki-de.xml
[2011/03/24 05:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/18 10:51:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/11 06:45:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/21 14:33:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/22 12:43:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/18 12:38:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\BULLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VOQAUI9C.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\BULLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VOQAUI9C.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BULLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VOQAUI9C.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2009/11/15 16:47:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/29 05:34:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 16:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/01/01 04:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/01/01 04:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3 - HKU\Bulli_ON_C\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe (ChkMail)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files (x86)\P4P\P4P.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Turbo Gear] C:\Program Files\ASUS\Turbo Gear\TurboGear.exe ()
O4 - HKLM..\Run: [Turbo Gear Help] C:\Program Files\ASUS\Turbo Gear\GearHelp.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKU\Bulli_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\Bulli_ON_C..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\Bulli_ON_C..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\Bulli_ON_C..\Run: [UIWatcher] File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Bulli_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Bulli_ON_C Winlogon: Shell - (C:\Users\Bulli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGM9Q2KD\readme[1].exe) - C:\Users\Bulli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGM9Q2KD\readme[1].exe (iu)
O24 - Desktop WallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O24 - Desktop BackupWallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/14 10:41:22 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{144bec39-de93-11de-bb91-002243cc3463}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{4fa1649b-8842-11df-af6b-002243cc3463}\Shell\AutoRun\command - "" = J:\pakhet.exe
O33 - MountPoints2\{4fa1649b-8842-11df-af6b-002243cc3463}\Shell\open\Command - "" = J:\pakhet.exe
O33 - MountPoints2\{d8a11cf0-0e8f-11e0-abae-002243cc3463}\Shell\AutoRun\command - "" = J:\Menu.exe
O33 - MountPoints2\{e9ecba20-cfa5-11de-a863-002243cc3463}\Shell - "" = AutoRun
O33 - MountPoints2\{e9ecba20-cfa5-11de-a863-002243cc3463}\Shell\AutoRun\command - "" = I:\Trials_2_Second_Edition_Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/10 16:50:24 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/05/28 20:36:52 | 000,000,000 | ---D | C] -- C:\Users\Bulli\AppData\Roaming\go
[2011/05/28 20:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/05/23 14:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/23 14:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/23 14:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/05/16 09:10:57 | 000,000,000 | --SD | C] -- C:\Users\Bulli\Documents\Eigene Datenquellen
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/12 09:09:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/11 20:15:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/11 20:15:13 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011/06/11 20:14:59 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/11 20:14:53 | 000,036,917 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/06/11 20:14:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/11 20:14:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/11 08:21:42 | 005,291,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/10 17:16:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/10 16:55:27 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/06/10 16:55:27 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/10 16:55:27 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/06/10 16:55:27 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/10 16:50:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/10 16:47:06 | 000,036,917 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/06/09 15:49:01 | 000,071,168 | ---- | M] () -- C:\Users\Bulli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/06 13:44:40 | 000,000,680 | ---- | M] () -- C:\Users\Bulli\AppData\Local\d3d9caps.dat
[2011/05/28 20:36:52 | 000,001,562 | ---- | M] () -- C:\Users\Bulli\Desktop\Spielen (EasyBits GO).lnk
[2011/05/23 14:05:44 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/23 14:05:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/05/28 20:36:52 | 000,001,592 | ---- | C] () -- C:\Users\Bulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spielen (EasyBits GO).lnk
[2011/05/28 20:36:52 | 000,001,562 | ---- | C] () -- C:\Users\Bulli\Desktop\Spielen (EasyBits GO).lnk
[2011/05/23 14:05:44 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/24 12:01:39 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010/12/17 08:41:07 | 000,002,508 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/09/30 18:27:52 | 000,000,680 | ---- | C] () -- C:\Users\Bulli\AppData\Local\d3d9caps.dat
[2010/09/07 16:54:08 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2009/12/04 15:11:40 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/04 15:11:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/04 15:11:03 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/01 12:50:19 | 000,004,096 | -H-- | C] () -- C:\Users\Bulli\AppData\Local\keyfile3.drm
[2009/11/28 19:05:36 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/11/14 12:30:02 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2009/11/14 12:29:54 | 000,000,700 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2009/11/14 12:29:05 | 000,002,391 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2009/11/14 12:29:05 | 000,000,132 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2009/11/13 13:08:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/13 12:56:40 | 000,036,917 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/13 11:27:37 | 000,036,917 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/10 16:25:56 | 000,071,168 | ---- | C] () -- C:\Users\Bulli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/10 16:21:36 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2009/09/17 00:05:24 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\ChkMail.ini
[2009/09/16 23:57:06 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/09/16 23:51:56 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/09/16 23:51:56 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/09/16 22:38:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/09/16 22:37:00 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/04/08 13:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/12/19 02:42:28 | 000,000,518 | ---- | C] () -- C:\Windows\cm106.ini
[2008/11/07 21:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/08/04 14:29:59 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/05/22 11:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2008/04/29 22:22:42 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2000/08/02 14:47:20 | 000,026,112 | ---- | C] () -- C:\Windows\RunUnDrv.exe
========== LOP Check ==========
[2011/04/12 15:07:32 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\.minecraft
[2010/09/07 17:45:23 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\10 Finger BreakOut
[2010/10/14 12:47:39 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Autodesk
[2011/04/05 10:27:13 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Camfrog
[2010/01/05 18:54:22 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/11/12 14:04:30 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\DAEMON Tools
[2009/11/11 16:43:24 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\DAEMON Tools Lite
[2011/05/13 09:25:54 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Downloaded Installations
[2010/11/04 15:54:01 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/01/11 10:42:22 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\FreeMoviesToDVD
[2011/06/10 16:48:34 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\go
[2009/11/18 15:12:23 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\InterVideo
[2010/04/04 16:48:06 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Leadertech
[2011/01/14 21:23:57 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Local
[2010/09/07 16:58:12 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\MAGIX
[2011/05/13 09:27:36 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Nitro PDF
[2009/11/10 14:39:50 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Nokia
[2010/10/14 09:07:17 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Nseries
[2009/11/10 16:08:21 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\PC Suite
[2011/04/30 13:25:11 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Power Sound Editor Free
[2010/03/15 12:47:44 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\ScreenSeven
[2009/11/10 16:21:39 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Shark007
[2011/05/03 19:07:50 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\SteelBytes
[2010/04/13 13:25:21 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\Super-Cow
[2011/05/04 14:28:02 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\TeamViewer
[2010/01/31 14:56:03 | 000,000,000 | ---D | M] -- C:\Users\Bulli\AppData\Roaming\TS3Client
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/01/22 19:43:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Ashampoo
[2010/02/27 12:40:20 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS
[2011/04/09 09:51:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2010/07/09 07:02:54 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2009/11/11 16:15:07 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/06/10 17:28:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Easybits GO
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/05/13 10:29:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Insight Software
[2010/05/13 10:29:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Insight Software Solutions
[2010/02/22 14:03:29 | 000,000,000 | ---D | M] -- C:\ProgramData\InterVideo
[2011/04/09 10:20:24 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2011/05/13 09:26:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Nitro PDF
[2009/11/10 16:08:09 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2011/04/03 10:30:36 | 000,000,000 | ---D | M] -- C:\ProgramData\RapidSolution
[2011/02/06 12:37:45 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2009/11/10 16:21:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Shark007
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/04/26 09:28:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/04/04 20:47:04 | 000,000,000 | ---D | M] -- C:\ProgramData\TrackMania
[2010/12/10 13:08:35 | 000,000,000 | ---D | M] -- C:\ProgramData\TVersity
[2009/11/30 13:01:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2010/05/23 10:10:18 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/06/11 20:15:45 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2009/12/09 07:50:53 | 000,000,000 | ---D | M](C:\Users\Bulli\Documents\??? ????) -- C:\Users\Bulli\Documents\Мои игры
[2009/12/09 07:50:53 | 000,000,000 | ---D | C](C:\Users\Bulli\Documents\??? ????) -- C:\Users\Bulli\Documents\Мои игры
========== Alternate Data Streams ==========
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E8BE05FA
< End of report >
Bulli |
|
12.06.2011, 19:11
| #4 |
| /// Malware-holic | Bka virus eingefangen... otl logfile mit otlpnet erstellt hallo, moved files hat hier nichts zu suchen, bitte lesen wos hingehört hätte. versuch das neue otl script Code:
ATTFilter :OTL
:Files
C:\Users\Bulli\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\ZGM9Q2KD\readme[1].exe
:Commands
[Reboot]
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2011, 19:26
| #5 |
| | Bka virus eingefangen... otl logfile mit otlpnet erstellt habe die moved files nochmal an entsprechender stelle hochgeladen... deinen neuen fix habe ich auch ausgeführt. aber nachdem ich in dem fenster mit dem neustart auf ja klicke startet er nicht von alleine neu... soll ich nun manuell neustarten und windows booten um weiterzukommen oder ist da noch irgendwas fehlerhaft? |
|
12.06.2011, 19:35
| #6 |
| /// Malware-holic | Bka virus eingefangen... otl logfile mit otlpnet erstellt der fix war auch vorher nciht fehlerhaft, aber starte mal manuell neu.
__________________ --> Bka virus eingefangen... otl logfile mit otlpnet erstellt |
|
12.06.2011, 19:44
| #7 |
| | Bka virus eingefangen... otl logfile mit otlpnet erstellt ok.... hab neu gestartet und kann auch wieder auf den desktop zugreifen  wars das etwa schon oder muss ich den virus nun noch entgültig entfernen? |
|
12.06.2011, 19:52
| #8 |
| /// Malware-holic | Bka virus eingefangen... otl logfile mit otlpnet erstellt jetzt musst du mir noch mal moved files im upload channel hochladen, da jetzt erst die datei gelöscht wurde. ist der destkop von allein gekommen oder musstest du explorer.exe starten?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2011, 19:55
| #9 |
| | Bka virus eingefangen... otl logfile mit otlpnet erstellt kam alles von alleine... musste den explorer.exe nicht manuell starten. werde jetzt die moved files nochmal rüberziehen und hochladen... |
|
12.06.2011, 20:00
| #10 |
| /// Malware-holic | Bka virus eingefangen... otl logfile mit otlpnet erstellt hast du das alte archiv hochgeladen oder ist der ordner moved files nur 2 kb groß?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2011, 20:09
| #11 |
| | Bka virus eingefangen... otl logfile mit otlpnet erstellt der ordner ist 7,31 kb groß das rar archiv ist 2,19kb groß habe den aktuellen ordner hochgeladen in dem 3 verschiedene dateien enthalten sind... 2 davon waren anscheinen von meinen ersten beiden versuchen und das dritte war jetzt neu... |
|
12.06.2011, 20:15
| #12 |
| /// Malware-holic | Bka virus eingefangen... otl logfile mit otlpnet erstellt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2011, 21:21
| #13 |
| | Bka virus eingefangen... otl logfile mit otlpnet erstellt erstellt und gepostet.... Code:
ATTFilter ComboFix 11-06-11.01 - Bulli 12.06.2011 23:31:22.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.6142.4012 [GMT 2:00]
ausgeführt von:: c:\users\Bulli\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\5.ddi
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\6.ddi
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\Monk.S06E03.GERMAN.DUBBED.DL.DVDRiP.WS.XviD.avi.ddr
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\Monk.S06E04.GERMAN.DUBBED.DL.DVDRiP.WS.XviD.avi.ddr
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\Monk.S06E05.GERMAN.DUBBED.DL.DVDRiP.WS.XviD.avi.ddr
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\Monk.S06E06.GERMAN.DUBBED.DL.DVDRiP.WS.XviD.avi.ddr
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\mse_monk_s01e01.avi.ddr
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Monk.german.XviD.iFF.S06E02.avi.ddp
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Monk.S06E02.GERMAN.DUBBED.DL.DVDRiP.WS.XviD.avi(2).ddp
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Monk.S06E02.GERMAN.DUBBED.DL.DVDRiP.WS.XviD.avi.ddp
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Monk.S06E03.GERMAN.DUBBED.DL.DVDRiP.WS.XviD.avi.ddp
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Monk.S06E04.GERMAN.DUBBED.DL.DVDRiP.WS.XviD.avi
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Monk.S06E04.GERMAN.DUBBED.DL.DVDRiP.WS.XviD.avi.ddp
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Monk.S06E05.GERMAN.DUBBED.DL.DVDRiP.WS.XviD.avi
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Monk.S06E06.GERMAN.DUBBED.DL.DVDRiP.WS.XviD.avi
c:\users\Bulli\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\mse_monk_s01e01.avi.ddp
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-12 bis 2011-06-12 ))))))))))))))))))))))))))))))
.
.
2011-06-12 23:49 . 2011-03-06 22:12 2234368 ----a-r- C:\OTLPE.exe
2011-06-12 23:49 . 2011-06-12 20:56 -------- d-----w- C:\_OTL
2011-06-12 22:11 . 2011-06-12 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-12 21:29 . 2011-06-12 21:29 -------- d-----w- C:\32788R22FWJFW
2011-06-10 20:51 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6C3762E-9594-4C01-B7CC-DC02669B6AAE}\mpengine.dll
2011-06-10 20:50 . 2011-06-10 20:50 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-29 00:36 . 2011-06-12 22:01 -------- d-----w- c:\users\Bulli\AppData\Roaming\go
2011-05-29 00:36 . 2011-06-12 22:01 -------- d-----w- c:\programdata\Easybits GO
2011-05-23 18:06 . 2011-06-12 20:51 -------- d-----w- c:\programdata\Skype Extras
2011-05-23 18:05 . 2011-05-23 18:05 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-12 17:55 . 2009-09-17 04:05 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-05-11 22:00 . 2011-05-11 22:07 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2011-05-02 23:33 . 2011-05-02 23:33 53248 ----a-r- c:\users\Bulli\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-05-02 23:32 . 2010-04-04 20:47 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2010-11-17 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2008-07-04 486856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 590056]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
"ADSMTray"="c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"Turbo Gear Help"="c:\program files\ASUS\Turbo Gear\GearHelp.exe" [2008-10-01 1025536]
"Turbo Gear"="c:\program files\ASUS\Turbo Gear\TurboGear.exe" [2008-10-14 2987008]
"PowerForPhone"="c:\program files (x86)\P4P\P4P.exe" [2008-01-26 778240]
"ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2008-10-01 1126400]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-09-17 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-09-17 47672]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-04-28 220552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 1026088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cpuz130;cpuz130;c:\users\Bulli\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-14 1436424]
R3 GPU-Z;GPU-Z;c:\users\Bulli\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-02-04 341296]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 16:42]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 16:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-04-28 7731232]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]
"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-10-09 8151040]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 397320]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 2049544]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 3837960]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Bulli\AppData\Roaming\Mozilla\Firefox\Profiles\voqaui9c.default\
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-UIWatcher - c:\program files (x86)\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Counter-Strike: Source - g:\games\CSS-lan\Counter-Strike Source\Uninst.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Bulli\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-5981235-4273543227-2212357858-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:23,d7,96,13,50,8a,98,db,99,85,6c,8c,6d,58,4e,30,57,6e,08,9c,48,8a,1b,
b8,99,47,b1,17,99,16,1d,03,5e,25,91,47,aa,21,5e,96,41,d4,9b,12,e3,d2,a7,71,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-06-13 00:14:08
ComboFix-quarantined-files.txt 2011-06-12 22:14
.
Vor Suchlauf: 7.087.280.128 Bytes frei
Nach Suchlauf: 9.498.513.408 Bytes frei
.
- - End Of File - - 72B235CBF56B49716E953BB349E1826C
|
|
12.06.2011, 21:23
| #14 |
| /// Malware-holic | Bka virus eingefangen... otl logfile mit otlpnet erstellt sieht gut aus. download malwarebytes: Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2011, 00:12
| #15 | |
| | Bka virus eingefangen... otl logfile mit otlpnet erstelltZitat:
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6842
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
13.06.2011 01:09:39
mbam-log-2011-06-13 (01-09-39).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Durchsuchte Objekte: 501258
Laufzeit: 1 Stunde(n), 8 Minute(n), 19 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\program files (x86)\Visions\updater.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\program files (x86)\Visions\Visions.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
|
|
| Themen zu Bka virus eingefangen... otl logfile mit otlpnet erstellt |
| akamai, alternate, antivir, avira, bho, bka virus, bonjour, c:\windows\system32\rundll32.exe, defender, desktop, error, firefox, format, gfnexsrv.exe, home, kaspersky, langs, launch, logfile, mozilla, neu aufsetzen, oldtimer, plug-in, realtek, reatogo, registry, rundll, scan, sched.exe, searchplugins, security, server, shark, shell32.dll, software, spielen, sptd.sys, start menu, system, syswow64, virus, vista, wallpapers |
Linear-Darstellung
