| |
| |||||||
Mülltonne: Opera / WMP machen sich selbstständigWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
22.06.2011, 06:09
| #1 |
 |  Opera / WMP machen sich selbstständig Hallo, ich wollte gestern etwas in einem Forum posten und mir fiel dabei auf, dass meine Tastatur spinnt. Worte wurden abgebrochen, der Cursor sprang an eine andere Stelle und copy und paste wurde ausgeführt. Ich dachte erst es liegt etwas auf dem Keyboard oder eine Taste klemmt. Dem war aber nicht so. Ein Trojaner kam mir in den Sinn und ich habe dann in den Netzwerkeinstellungen die WLAN-Karte deaktivert, das Problem blieb aber bestehen. Plötzlich sprang der Cursor dann aus dem Anwortfeld weiter nach Unter und hat sowas wie "Tanja X"  getippt . Der Windows Media Player hat sich dann plötzlich geöffnet. Erst als ich die Fritz!Box stromlos machte war endgültig Ruhe.Das ganze ist in Opera passiert und für mich kommt nun entweder nur ein Trojaner oder eine Art Makro oder Script in Frage die dieses Verhalten verursacht hat. Mein PC läuft sonst mit Avira Pro, meine AdAware Lizenz war leider abgelaufen, aktuell habe ich Malwarebytes Anti-Malware drauf. Hier mein Log aus HijackThis mit der Bitte um Analyse: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:49:06, on 22.06.2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\TrafficMonitor\TrafficMonitor.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Program Files (x86)\DU Meter\DUMeter.exe C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe C:\Program Files (x86)\Eazy-Ware\ezSched.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe C:\Users\Hody\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\FlashGet\flashget.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\pdf24\pdf24.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\WinTV\Ir.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hody.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll O2 - BHO: InstantGet IECatcher - {569E7719-1A11-415E-9206-AC1860FB8BFF} - C:\Program Files (x86)\InstantGet\IEBar\IGCatcher.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll O3 - Toolbar: InstantGet Bar - {98C92840-EB1C-40bd-B6A5-395EC9CD6510} - C:\Program Files (x86)\InstantGet\IEBar\IGIEBar.dll O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Flashget] "C:\Program Files (x86)\FlashGet\FlashGet.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [TrafficMonitor] C:\PROGRA~2\TRAFFI~1\TRAFFICMONITOR.EXE O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe O4 - HKCU\..\Run: [EazyScheduler] C:\Program Files (X86)\Eazy-Ware\ezSched.exe O4 - HKCU\..\Run: [hddled.exe] C:\Program Files (x86)\HddLed\hddled.exe s O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [PPAP] "C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe" -background O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADownloadManager\Core.exe" -silent O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files (x86)\Trend Micro\HiJackThis\HijackThis.exe /startupscan O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1753460692-1045079221-1087798426-1011\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1753460692-1045079221-1087798426-1011\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: android-notifier-desktop.lnk = ? O4 - Startup: Dropbox.lnk = Hody\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: FRITZ!DSL Internet.lnk = C:\Program Files\FRITZ!DSL\FritzDsl.exe O4 - Startup: FRITZ!DSL Startcenter.lnk = ? O4 - Global Startup: FRITZ!DSL Protect.lnk = C:\Program Files\FRITZ!DSL\FwebProt.exe O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm O8 - Extra context menu item: &Alles mit InstantGet runterladen - res://C:\Program Files (x86)\InstantGet\IEBar\IGCatcher.dll/IGAll.htm O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm O8 - Extra context menu item: Acoo Search(&A) - res://C:\Program Files (x86)\InstantGet\IEBar\IGIEBar.dll/SEARCH.HTM O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Mit InstantGet runterla&den - res://C:\Program Files (x86)\InstantGet\IEBar\IGCatcher.dll/IGLink.htm O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: InstantGet starten - {6DDFE91C-A45C-4812-8F57-098932C9D88D} - C:\Program Files (x86)\InstantGet\InstantGet.exe O9 - Extra 'Tools' menuitem: &InstantGet - {6DDFE91C-A45C-4812-8F57-098932C9D88D} - C:\Program Files (x86)\InstantGet\InstantGet.exe O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Broken Internet access because of LSP provider '%programfiles%\fritz!dsl\\sarah.dll' missing O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {299385F1-1977-426F-8CE3-07A2407E4498} (IPCamPluginDPT Control) - hxxp://hody.selfip.net:6969/IPCamPluginMJPEG.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\..\{4BE3C22E-DD3B-4ED6-99DE-3B14815F4953}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = me.corp.ids-scheer.com,fritz.box O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = me.corp.ids-scheer.com,fritz.box O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = me.corp.ids-scheer.com,fritz.box O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - E:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files (x86)\DU Meter\DUMeterSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: O&O DriveLED S.M.A.R.T. Agent (O&O DriveLED) - O&O Software GmbH - C:\Program Files\OO Software\DriveLED\oodlag.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TrafficMonitor Packettreiber Initialisierung (TMPService) - Mirko Böer - C:\Program Files (x86)\TrafficMonitor\TMPacketServiceInit.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing) -- End of file - 18017 bytes Der Adsspy fand noch das: C:\ProgramData\TEMP : 711B5EDE (142 bytes) C:\ProgramData\TEMP : 711B5EDE (142 bytes) C:\Users\All Users\TEMP : 711B5EDE (142 bytes) C:\Users\All Users\TEMP : 711B5EDE (142 bytes) C:\Users\Gast\Favorites\Links\Vorgeschlagene Sites.url : favicon (25214 bytes) Vielen Dank  |
|
22.06.2011, 15:35
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Opera / WMP machen sich selbstständig Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html
__________________ |
|
22.06.2011, 21:27
| #3 |
| | Opera / WMP machen sich selbstständig Hallo,
__________________die Extra.txt habe ich wohl vergessen, aber den Rest habe ich gemacht. Über den Mittag habe ich übrigens mit diversen Tools wie Sypbot Seek & Destroy, Hitman oder dem Trojan Remover aufgeräumt. Mir sind dabei ein Java.Stutter (mit Avira) und am Ende auch dieser Trojan:  By hodyshoran Ich konnte ihn dann im abgesicherten Modus mit Spybot killen und am Ende hat Dein kein Scanner mehr einen Befund gezeigt:  By hodyshoran Hier dennoch das gewünschte Txt File aus dem abgesicherten Modus: OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.06.2011 20:46:32 - Run 3 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Hody\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 10,00 Gb Total Physical Memory | 8,57 Gb Available Physical Memory | 85,70% Memory free 16,84 Gb Paging File | 15,42 Gb Available in Paging File | 91,54% Paging File free Paging file location(s): k:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 41,93 Gb Free Space | 42,94% Space Free | Partition Type: NTFS Drive D: | 115,04 Gb Total Space | 70,11 Gb Free Space | 60,95% Space Free | Partition Type: NTFS Drive E: | 100,10 Gb Total Space | 19,20 Gb Free Space | 19,18% Space Free | Partition Type: NTFS Drive F: | 100,33 Gb Total Space | 1,33 Gb Free Space | 1,32% Space Free | Partition Type: NTFS Drive G: | 7,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 95,37 Gb Total Space | 91,29 Gb Free Space | 95,72% Space Free | Partition Type: NTFS Drive K: | 100,10 Gb Total Space | 1,00 Gb Free Space | 1,00% Space Free | Partition Type: NTFS Drive L: | 102,62 Gb Total Space | 73,06 Gb Free Space | 71,20% Space Free | Partition Type: NTFS Drive M: | 232,88 Gb Total Space | 42,23 Gb Free Space | 18,13% Space Free | Partition Type: NTFS Drive N: | 7,55 Gb Total Space | 0,51 Gb Free Space | 6,79% Space Free | Partition Type: FAT32 Drive Y: | 3,87 Mb Total Space | 3,42 Mb Free Space | 88,32% Space Free | Partition Type: NTFS Computer Name: FRANKENSTEIN2 | User Name: Hody | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hody\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) ========== Modules (SafeList) ========== MOD - C:\Users\Hody\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV:64bit: - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV:64bit: - (vfsFPService) -- C:\Windows\SysNative\vfsFPService.exe (Validity Sensors, Inc.) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.) SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.) SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (HauppaugeTVServer) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (DAUpdaterSvc) -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (DpHost) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (TMPService) -- C:\Program Files (x86)\TrafficMonitor\TMPacketServiceInit.exe (Mirko Böer) SRV - (vfsFPService) -- C:\Windows\SysWOW64\vfsFPService.exe (Validity Sensors, Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (hitmanpro35) -- C:\Windows\SysNative\drivers\hitmanpro35.sys () DRV:64bit: - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin) DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation) DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREDrv.sys (Sunbelt Software) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (hcw88vid) -- C:\Windows\SysNative\drivers\hcw88vid.sys (Hauppauge Computer Works, Inc) DRV:64bit: - (HCW88TSE) -- C:\Windows\SysNative\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc) DRV:64bit: - (hcw88rc5) -- C:\Windows\SysNative\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hcw88bda) -- C:\Windows\SysNative\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (VNA) -- C:\Windows\SysNative\drivers\vna.sys (Check Point Software Technologies) DRV:64bit: - (SKYNET) -- C:\Windows\SysNative\drivers\SkyNET_AMD64.sys (TechniSat Digital, S.A.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (USBPNPA) -- C:\Windows\SysNative\drivers\CM10864.sys (C-Media Electronics Inc) DRV:64bit: - (usbdpfp) -- C:\Windows\SysNative\drivers\usbdpfp.sys (DigitalPersona, Inc.) DRV:64bit: - (dpK00701) -- C:\Windows\SysNative\drivers\dpK00701.sys (DigitalPersona, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV:64bit: - (radpms) -- C:\Windows\SysNative\drivers\radpms.sys (LogMeIn, Inc.) DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.) DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys () DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (EverestDriver) -- C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 () DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.) DRV - (hotcore3) -- C:\Windows\SysWOW64\drivers\hotcore3.sys (Paragon Software Group) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hody.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 D5 A2 CA 9D 56 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010.01.12 10:13:53 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found. O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SpybotSnD] C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [HijackThis startup scan] C:\Program Files (x86)\Trend Micro\HiJackThis\HijackThis.exe (Trend Micro Inc.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [TrafficMonitor] C:\Program Files (x86)\TrafficMonitor\TrafficMonitor.exe (Mirko Böer) O4 - Startup: C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\android-notifier-desktop.lnk = C:\Programme\Android Notifier Desktop\android-notifier-desktop.exe () O4 - Startup: C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hody\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk = File not found O4 - Startup: C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\Hody\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\FRITZ!DSL\\sarah.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} https://saarbruecken.vpn.ids-scheer.com/CSHELL/extender.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} hxxp://download.pplive.com/config/pplite/pluginsetup.cab (Reg Error: Key error.) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/x64/RACtrl.cab (Performance Viewer Activex Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.03.15 18:58:20 | 000,000,037 | -H-- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009.07.17 00:13:07 | 001,246,440 | R--- | M] (BioWare) - G:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2009.04.14 05:17:18 | 000,000,058 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2010.01.27 15:05:13 | 000,000,040 | -H-- | M] () - M:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008.05.08 15:04:58 | 000,000,044 | ---- | M] () - N:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{aa9cd049-d7c8-11de-9230-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{aa9cd049-d7c8-11de-9230-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2009.07.17 00:13:07 | 001,246,440 | R--- | M] (BioWare) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux4 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux5 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux6 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux7 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi5 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi6 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi7 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi8 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi9 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation) Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer5 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer6 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer7 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer8 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer9 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave5 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave6 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave7 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave8 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave9 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation) Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux6 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux7 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi6 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi7 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi8 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi9 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer6 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer7 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer8 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer9 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm () Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm () Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll () Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave6 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave7 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave8 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave9 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.06.22 20:34:14 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Hody\Desktop\OTL.exe [2011.06.22 14:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Hagel Technologies [2011.06.22 14:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2011.06.22 14:21:34 | 000,000,000 | ---D | C] -- F:\Hodys\Simply Super Software [2011.06.22 14:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2011.06.22 14:21:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll [2011.06.22 14:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2011.06.22 14:21:22 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Simply Super Software [2011.06.22 14:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011.06.22 12:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.06.22 12:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.06.22 12:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.06.22 12:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.06.22 12:13:40 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.06.22 00:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2011.06.22 00:30:36 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.06.19 23:04:31 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Local\ALK_Technologies [2011.06.19 23:03:58 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\ALK Technologies [2011.06.19 22:34:31 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals [2011.06.19 19:30:19 | 000,000,000 | ---D | C] -- C:\Users\Hody\.android [2011.06.19 19:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Notifier Desktop [2011.06.19 19:30:14 | 000,000,000 | ---D | C] -- C:\Programme\Android Notifier Desktop [2011.06.16 02:41:39 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.06.16 02:41:39 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.06.16 02:41:38 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.06.16 02:41:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.06.16 02:41:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.06.16 02:41:37 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll [2011.06.16 02:41:37 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.06.16 02:41:37 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.06.15 20:41:39 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.06.15 19:23:39 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.06.15 19:23:03 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Dropbox [2011.06.14 20:41:40 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2011.06.14 20:41:32 | 000,093,496 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2011.06.10 20:37:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Useful Apps [2011.06.10 20:37:32 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Barcode Receiver [2011.06.10 20:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Barcode Receiver [2011.06.08 22:01:15 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Malwarebytes [2011.06.08 22:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.06.08 22:01:00 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.06.08 21:28:33 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Local\PackageAware [2011.06.02 21:13:05 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Mp3tag [2011.06.02 21:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag [2011.06.02 21:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag [2011.06.02 14:07:59 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\CompanionLink [2011.06.02 13:49:45 | 000,000,000 | ---D | C] -- C:\Temp [2011.06.02 13:16:47 | 000,000,000 | -HSD | C] -- C:\Users\Hody\Phone Browser [2011.06.02 12:27:22 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Local\Samsung [2011.06.02 11:53:39 | 000,000,000 | ---D | C] -- F:\Hodys\samsung [2011.06.02 02:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2011.06.02 02:01:05 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll [2011.06.02 02:00:58 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2011.06.02 02:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny [2011.06.02 02:00:40 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Samsung [2011.06.02 02:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2011.06.02 02:00:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2011.06.02 01:59:55 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Local\Downloaded Installations [2011.06.01 22:19:25 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile [2011.05.27 23:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Tastatur [2011.05.27 23:05:09 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft IntelliType Pro [2011.05.27 00:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus [2011.05.27 00:14:07 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft IntelliPoint [2011.05.24 19:58:07 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.22 20:46:25 | 000,025,806 | ---- | M] () -- C:\Windows\SysWow64\notepad2.ini [2011.06.22 20:45:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.22 20:45:37 | 3756,904,447 | -HS- | M] () -- C:\hiberfil.sys [2011.06.22 20:43:51 | 000,025,616 | ---- | M] () -- C:\Windows\notepad2.ini [2011.06.22 20:34:14 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Hody\Desktop\OTL.exe [2011.06.22 20:28:39 | 000,001,014 | ---- | M] () -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk [2011.06.22 20:17:56 | 001,507,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.06.22 20:17:56 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.06.22 20:17:56 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.06.22 20:17:56 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.06.22 20:17:56 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.06.22 20:15:32 | 000,000,276 | ---- | M] () -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\android-notifier-desktop.lnk [2011.06.22 20:15:15 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.22 20:15:15 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.22 20:14:52 | 000,000,069 | ---- | M] () -- C:\Windows\SysWow64\everest_cpl.ini [2011.06.22 20:01:46 | 000,415,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.06.22 19:51:59 | 000,025,616 | ---- | M] () -- C:\Windows\SysNative\notepad2.ini [2011.06.22 19:37:07 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2011.06.22 18:39:56 | 000,265,577 | ---- | M] () -- C:\Users\Hody\Desktop\virus.JPG [2011.06.22 14:47:33 | 000,001,920 | ---- | M] () -- C:\Windows\SysNative\.crusader [2011.06.22 14:33:21 | 000,002,144 | ---- | M] () -- F:\Hodys\DU Meter Report.html [2011.06.22 14:21:00 | 000,052,573 | ---- | M] () -- C:\Users\Hody\Desktop\Unbenannt.JPG [2011.06.22 12:51:57 | 000,001,292 | ---- | M] () -- C:\Users\Hody\Desktop\Spybot - Search & Destroy.lnk [2011.06.22 00:30:36 | 000,002,971 | ---- | M] () -- C:\Users\Hody\Desktop\HiJackThis.lnk [2011.06.20 00:04:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf [2011.06.19 17:15:26 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2011.06.19 17:15:26 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\statistics.dat [2011.06.19 17:15:26 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2011.06.15 19:25:50 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.06.15 19:25:25 | 000,001,043 | ---- | M] () -- C:\Users\Hody\Desktop\Dropbox.lnk [2011.06.15 19:23:49 | 000,001,023 | ---- | M] () -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.06.14 20:41:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2011.06.14 20:41:32 | 000,093,496 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2011.06.08 21:41:20 | 000,000,036 | ---- | M] () -- C:\Users\Hody\AppData\Local\housecall.guid.cache [2011.06.05 01:44:53 | 000,000,078 | ---- | M] () -- C:\Users\Hody\AppData\Local\CrystalDiskMark30.ini [2011.06.02 21:12:47 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2011.06.02 02:04:32 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.22 20:28:39 | 000,001,014 | ---- | C] () -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk [2011.06.22 18:39:56 | 000,265,577 | ---- | C] () -- C:\Users\Hody\Desktop\virus.JPG [2011.06.22 14:47:33 | 000,001,920 | ---- | C] () -- C:\Windows\SysNative\.crusader [2011.06.22 14:30:54 | 000,023,112 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2011.06.22 14:21:24 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll [2011.06.22 14:21:24 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2011.06.22 14:21:24 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll [2011.06.22 14:21:24 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2011.06.22 14:21:00 | 000,052,573 | ---- | C] () -- C:\Users\Hody\Desktop\Unbenannt.JPG [2011.06.22 12:50:32 | 000,001,292 | ---- | C] () -- C:\Users\Hody\Desktop\Spybot - Search & Destroy.lnk [2011.06.22 00:30:36 | 000,002,971 | ---- | C] () -- C:\Users\Hody\Desktop\HiJackThis.lnk [2011.06.20 00:04:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf [2011.06.19 19:30:36 | 000,000,276 | ---- | C] () -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\android-notifier-desktop.lnk [2011.06.15 19:25:25 | 000,001,043 | ---- | C] () -- C:\Users\Hody\Desktop\Dropbox.lnk [2011.06.15 19:23:49 | 000,001,023 | ---- | C] () -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.06.08 21:41:20 | 000,000,036 | ---- | C] () -- C:\Users\Hody\AppData\Local\housecall.guid.cache [2011.06.05 01:44:28 | 000,000,078 | ---- | C] () -- C:\Users\Hody\AppData\Local\CrystalDiskMark30.ini [2011.06.02 21:12:47 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2011.06.02 02:04:32 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2011.05.14 10:28:44 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.05.14 10:28:44 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.05.14 10:28:43 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\statistics.dat [2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.04.19 09:22:57 | 000,001,832 | ---- | C] () -- C:\Users\Hody\AppData\Local\SLC_Hody.prx [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.11.16 21:14:55 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll [2010.11.16 21:14:25 | 000,000,128 | ---- | C] () -- C:\Windows\Cm108.ini.imi [2010.09.19 21:48:49 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2010.09.19 21:48:48 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.09.19 21:48:34 | 000,037,574 | ---- | C] () -- C:\Windows\Irremote.ini [2010.09.19 21:48:05 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe [2010.09.19 21:41:33 | 000,002,302 | ---- | C] () -- C:\Windows\HCWPNP.INI [2010.04.11 23:03:40 | 000,139,816 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.03.20 11:44:03 | 000,000,218 | ---- | C] () -- C:\Windows\iepreview.ini [2010.02.17 00:56:53 | 000,000,297 | ---- | C] () -- C:\Windows\Cm108.ini.cfl [2010.02.17 00:56:35 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg [2010.02.17 00:56:35 | 000,001,151 | ---- | C] () -- C:\Windows\cm108.ini [2010.01.18 01:04:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.13 01:29:37 | 001,538,568 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.01.09 22:44:48 | 000,011,264 | ---- | C] () -- C:\Users\Hody\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.24 02:57:48 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.12.12 03:31:40 | 000,000,017 | ---- | C] () -- C:\Users\Hody\AppData\Local\resmon.resmoncfg [2009.12.03 23:33:48 | 004,244,744 | ---- | C] () -- C:\Windows\SysWow64\qtp-mt334.dll [2009.12.03 23:33:48 | 000,247,560 | ---- | C] () -- C:\Windows\SysWow64\prgiso.dll [2009.12.03 23:33:48 | 000,013,576 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll [2009.11.26 00:39:03 | 000,025,616 | ---- | C] () -- C:\Windows\notepad2.ini [2009.11.24 03:03:19 | 000,000,069 | ---- | C] () -- C:\Windows\SysWow64\everest_cpl.ini [2009.11.23 05:44:32 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009.11.23 05:44:32 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.08.16 12:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009.08.03 03:16:32 | 001,012,736 | ---- | C] () -- C:\Windows\SysWow64\Notepad2.exe [2009.07.28 02:00:00 | 000,025,806 | ---- | C] () -- C:\Windows\SysWow64\notepad2.ini [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:56:36 | 001,012,736 | ---- | C] () -- C:\Windows\notepad.exe [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.14 01:41:04 | 001,012,736 | ---- | C] () -- C:\Windows\SysWow64\notepad.exe [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.05.29 17:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.05.29 17:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.05.14 16:29:30 | 000,008,520 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll [2007.11.14 18:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CogentBioSDK.dll [2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009.11.24 09:13:03 | 000,001,024 | ---- | M] () -- C:\.rnd [2011.06.22 20:45:36 | 000,166,611 | ---- | M] () -- C:\aaw7boot.log [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2010.11.20 05:40:08 | 000,383,786 | RHS- | M] () -- C:\bootmgr [2009.11.23 02:38:36 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010.09.20 22:06:59 | 000,087,832 | ---- | M] () -- C:\hcwDriverInstall.txt [2011.06.22 20:45:37 | 3756,904,447 | -HS- | M] () -- C:\hiberfil.sys [2009.10.01 23:26:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009.10.01 23:26:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009.11.25 12:19:34 | 000,000,698 | ---- | M] () -- C:\RemoveCodec.iss < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2009.07.14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009.07.14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009.07.14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.07.14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009.06.10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\user32.dll /md5 > [2010.11.20 05:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2010.11.20 05:21:40 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 05:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 06:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:711B5EDE @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > |
|
23.06.2011, 08:57
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Opera / WMP machen sich selbstständig Eine Bitte: Wenn du Screenshots postest, dann bitte so, dass man auch ohne Mikrosokop etwas erkennen kann  und Logfiles bitte grundsätzlich via Copy&Paste - es macht keinen Sinn, Daten die schon als Text vorliegen, "abzufotografieren" um diese als Bild zu transportieren. Genau wo wenig Sinn macht es, reine Textdaten oder gar Bilder in Worddokumente zu gießen! (hast du zwar nicht gemacht, aber das nur als Hinweis)Was sagt der Schreenshot von AntiVir aus? Meine Lupe vermutet Null Funde, liegt sie da richtig?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.06.2011, 09:28
| #5 |
| | Opera / WMP machen sich selbstständig Sorry dachte ich hätte bei Imageshack die Thumbnail Variante gewählt, ja auf dem Bild sind Avira, Sypbot und ein weiterer Trojaner Scanner und sehen und alle zeigen null funde an. |
|
23.06.2011, 10:12
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Opera / WMP machen sich selbstständig Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.03.15 18:58:20 | 000,000,037 | -H-- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.07.17 00:13:07 | 001,246,440 | R--- | M] (BioWare) - G:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009.04.14 05:17:18 | 000,000,058 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010.01.27 15:05:13 | 000,000,040 | -H-- | M] () - M:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008.05.08 15:04:58 | 000,000,044 | ---- | M] () - N:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{aa9cd049-d7c8-11de-9230-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aa9cd049-d7c8-11de-9230-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2009.07.17 00:13:07 | 001,246,440 | R--- | M] (BioWare)
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:711B5EDE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CB0AACC9
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Opera / WMP machen sich selbstständig |
|
23.06.2011, 11:49
| #7 |
| | Opera / WMP machen sich selbstständig Ok habe den Fix gemacht, hier der erneute Scan: OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.06.2011 12:05:54 - Run 4 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Hody\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 10,00 Gb Total Physical Memory | 9,01 Gb Available Physical Memory | 90,09% Memory free 16,84 Gb Paging File | 15,89 Gb Available in Paging File | 94,33% Paging File free Paging file location(s): k:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 41,18 Gb Free Space | 42,17% Space Free | Partition Type: NTFS Drive D: | 115,04 Gb Total Space | 65,76 Gb Free Space | 57,17% Space Free | Partition Type: NTFS Drive E: | 100,10 Gb Total Space | 19,20 Gb Free Space | 19,18% Space Free | Partition Type: NTFS Drive F: | 100,33 Gb Total Space | 1,33 Gb Free Space | 1,32% Space Free | Partition Type: NTFS Drive G: | 7,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 95,37 Gb Total Space | 91,29 Gb Free Space | 95,72% Space Free | Partition Type: NTFS Drive K: | 100,10 Gb Total Space | 1,00 Gb Free Space | 1,00% Space Free | Partition Type: NTFS Drive L: | 102,62 Gb Total Space | 73,06 Gb Free Space | 71,20% Space Free | Partition Type: NTFS Drive M: | 232,88 Gb Total Space | 42,23 Gb Free Space | 18,13% Space Free | Partition Type: NTFS Drive Y: | 3,87 Mb Total Space | 3,42 Mb Free Space | 88,32% Space Free | Partition Type: NTFS Computer Name: FRANKENSTEIN2 | User Name: Hody | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hody\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) ========== Modules (SafeList) ========== MOD - C:\Users\Hody\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV:64bit: - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV:64bit: - (vfsFPService) -- C:\Windows\SysNative\vfsFPService.exe (Validity Sensors, Inc.) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.) SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.) SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (HauppaugeTVServer) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (DAUpdaterSvc) -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (DpHost) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (TMPService) -- C:\Program Files (x86)\TrafficMonitor\TMPacketServiceInit.exe (Mirko Böer) SRV - (vfsFPService) -- C:\Windows\SysWOW64\vfsFPService.exe (Validity Sensors, Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (hitmanpro35) -- C:\Windows\SysNative\drivers\hitmanpro35.sys () DRV:64bit: - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin) DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation) DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREDrv.sys (Sunbelt Software) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (hcw88vid) -- C:\Windows\SysNative\drivers\hcw88vid.sys (Hauppauge Computer Works, Inc) DRV:64bit: - (HCW88TSE) -- C:\Windows\SysNative\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc) DRV:64bit: - (hcw88rc5) -- C:\Windows\SysNative\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hcw88bda) -- C:\Windows\SysNative\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (VNA) -- C:\Windows\SysNative\drivers\vna.sys (Check Point Software Technologies) DRV:64bit: - (SKYNET) -- C:\Windows\SysNative\drivers\SkyNET_AMD64.sys (TechniSat Digital, S.A.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (USBPNPA) -- C:\Windows\SysNative\drivers\CM10864.sys (C-Media Electronics Inc) DRV:64bit: - (usbdpfp) -- C:\Windows\SysNative\drivers\usbdpfp.sys (DigitalPersona, Inc.) DRV:64bit: - (dpK00701) -- C:\Windows\SysNative\drivers\dpK00701.sys (DigitalPersona, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV:64bit: - (radpms) -- C:\Windows\SysNative\drivers\radpms.sys (LogMeIn, Inc.) DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.) DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys () DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (EverestDriver) -- C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 () DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.) DRV - (hotcore3) -- C:\Windows\SysWOW64\drivers\hotcore3.sys (Paragon Software Group) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hody.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 D5 A2 CA 9D 56 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010.01.12 10:13:53 | 000,000,000 | ---D | M] O1 HOSTS File: ([2011.06.23 11:59:22 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found. O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SpybotSnD] C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [HijackThis startup scan] C:\Program Files (x86)\Trend Micro\HiJackThis\HijackThis.exe (Trend Micro Inc.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [TrafficMonitor] C:\Program Files (x86)\TrafficMonitor\TrafficMonitor.exe (Mirko Böer) O4 - Startup: C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\android-notifier-desktop.lnk = C:\Programme\Android Notifier Desktop\android-notifier-desktop.exe () O4 - Startup: C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hody\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\Hody\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\FRITZ!DSL\\sarah.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} https://saarbruecken.vpn.ids-scheer.com/CSHELL/extender.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} hxxp://download.pplive.com/config/pplite/pluginsetup.cab (Reg Error: Key error.) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/x64/RACtrl.cab (Performance Viewer Activex Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.17 00:13:07 | 001,246,440 | R--- | M] (BioWare) - G:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2009.04.14 05:17:18 | 000,000,058 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux4 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux5 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux6 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux7 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi5 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi6 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi7 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi8 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi9 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation) Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer5 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer6 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer7 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer8 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer9 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave5 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave6 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave7 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave8 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave9 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation) Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux6 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux7 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi6 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi7 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi8 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi9 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer6 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer7 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer8 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer9 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm () Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm () Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll () Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave6 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave7 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave8 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave9 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.06.23 11:59:20 | 000,000,000 | ---D | C] -- C:\_OTL [2011.06.22 20:34:14 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Hody\Desktop\OTL.exe [2011.06.22 14:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Hagel Technologies [2011.06.22 14:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2011.06.22 14:21:34 | 000,000,000 | ---D | C] -- F:\Hodys\Simply Super Software [2011.06.22 14:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2011.06.22 14:21:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll [2011.06.22 14:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2011.06.22 14:21:22 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Simply Super Software [2011.06.22 14:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011.06.22 12:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.06.22 12:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.06.22 12:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.06.22 12:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.06.22 12:13:40 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.06.22 00:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2011.06.22 00:30:36 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.06.19 23:04:31 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Local\ALK_Technologies [2011.06.19 23:03:58 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\ALK Technologies [2011.06.19 22:34:31 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals [2011.06.19 19:30:19 | 000,000,000 | ---D | C] -- C:\Users\Hody\.android [2011.06.19 19:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Notifier Desktop [2011.06.19 19:30:14 | 000,000,000 | ---D | C] -- C:\Programme\Android Notifier Desktop [2011.06.16 02:41:39 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.06.16 02:41:39 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.06.16 02:41:38 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.06.16 02:41:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.06.16 02:41:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.06.16 02:41:37 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll [2011.06.16 02:41:37 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.06.16 02:41:37 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.06.15 20:41:39 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.06.15 19:23:39 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.06.15 19:23:03 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Dropbox [2011.06.14 20:41:40 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2011.06.14 20:41:32 | 000,093,496 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2011.06.10 20:37:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Useful Apps [2011.06.10 20:37:32 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Barcode Receiver [2011.06.10 20:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Barcode Receiver [2011.06.08 22:01:15 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Malwarebytes [2011.06.08 22:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.06.08 22:01:00 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.06.08 21:28:33 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Local\PackageAware [2011.06.02 21:13:05 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Mp3tag [2011.06.02 21:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag [2011.06.02 21:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag [2011.06.02 14:07:59 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\CompanionLink [2011.06.02 13:49:45 | 000,000,000 | ---D | C] -- C:\Temp [2011.06.02 13:16:47 | 000,000,000 | -HSD | C] -- C:\Users\Hody\Phone Browser [2011.06.02 12:27:22 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Local\Samsung [2011.06.02 11:53:39 | 000,000,000 | ---D | C] -- F:\Hodys\samsung [2011.06.02 02:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2011.06.02 02:01:05 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll [2011.06.02 02:00:58 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2011.06.02 02:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny [2011.06.02 02:00:40 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Roaming\Samsung [2011.06.02 02:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2011.06.02 02:00:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2011.06.02 01:59:55 | 000,000,000 | ---D | C] -- C:\Users\Hody\AppData\Local\Downloaded Installations [2011.06.01 22:19:25 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile [2011.05.27 23:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Tastatur [2011.05.27 23:05:09 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft IntelliType Pro [2011.05.27 00:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus [2011.05.27 00:14:07 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft IntelliPoint [2011.05.24 19:58:07 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.23 12:04:04 | 000,025,806 | ---- | M] () -- C:\Windows\SysWow64\notepad2.ini [2011.06.23 12:02:51 | 000,025,614 | ---- | M] () -- C:\Windows\notepad2.ini [2011.06.23 12:00:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.23 12:00:42 | 3756,904,447 | -HS- | M] () -- C:\hiberfil.sys [2011.06.23 11:59:22 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2011.06.23 10:26:10 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.23 10:26:10 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.23 10:20:57 | 000,001,314 | ---- | M] () -- C:\Users\Hody\Desktop\Spybot - Search & Destroy.lnk [2011.06.23 10:19:39 | 000,000,276 | ---- | M] () -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\android-notifier-desktop.lnk [2011.06.23 10:19:10 | 000,000,069 | ---- | M] () -- C:\Windows\SysWow64\everest_cpl.ini [2011.06.23 00:05:43 | 001,507,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.06.23 00:05:43 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.06.23 00:05:43 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.06.23 00:05:43 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.06.23 00:05:43 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.06.22 22:21:10 | 000,025,616 | ---- | M] () -- C:\Windows\SysNative\notepad2.ini [2011.06.22 21:26:21 | 000,435,366 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110623-102033.backup [2011.06.22 20:34:14 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Hody\Desktop\OTL.exe [2011.06.22 20:01:46 | 000,415,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.06.22 19:37:07 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2011.06.22 18:39:56 | 000,265,577 | ---- | M] () -- C:\Users\Hody\Desktop\virus.JPG [2011.06.22 14:47:33 | 000,001,920 | ---- | M] () -- C:\Windows\SysNative\.crusader [2011.06.22 14:33:21 | 000,002,144 | ---- | M] () -- F:\Hodys\DU Meter Report.html [2011.06.22 14:21:00 | 000,052,573 | ---- | M] () -- C:\Users\Hody\Desktop\Unbenannt.JPG [2011.06.22 00:30:36 | 000,002,971 | ---- | M] () -- C:\Users\Hody\Desktop\HiJackThis.lnk [2011.06.20 00:04:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf [2011.06.19 17:15:26 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2011.06.19 17:15:26 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\statistics.dat [2011.06.19 17:15:26 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2011.06.15 19:25:50 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.06.15 19:25:25 | 000,001,043 | ---- | M] () -- C:\Users\Hody\Desktop\Dropbox.lnk [2011.06.15 19:23:49 | 000,001,023 | ---- | M] () -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.06.14 20:41:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2011.06.14 20:41:32 | 000,093,496 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2011.06.08 21:41:20 | 000,000,036 | ---- | M] () -- C:\Users\Hody\AppData\Local\housecall.guid.cache [2011.06.05 01:44:53 | 000,000,078 | ---- | M] () -- C:\Users\Hody\AppData\Local\CrystalDiskMark30.ini [2011.06.02 21:12:47 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2011.06.02 02:04:32 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.22 18:39:56 | 000,265,577 | ---- | C] () -- C:\Users\Hody\Desktop\virus.JPG [2011.06.22 14:47:33 | 000,001,920 | ---- | C] () -- C:\Windows\SysNative\.crusader [2011.06.22 14:30:54 | 000,023,112 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2011.06.22 14:21:24 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll [2011.06.22 14:21:24 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2011.06.22 14:21:24 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll [2011.06.22 14:21:24 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2011.06.22 14:21:00 | 000,052,573 | ---- | C] () -- C:\Users\Hody\Desktop\Unbenannt.JPG [2011.06.22 12:50:32 | 000,001,314 | ---- | C] () -- C:\Users\Hody\Desktop\Spybot - Search & Destroy.lnk [2011.06.22 00:30:36 | 000,002,971 | ---- | C] () -- C:\Users\Hody\Desktop\HiJackThis.lnk [2011.06.20 00:04:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf [2011.06.19 19:30:36 | 000,000,276 | ---- | C] () -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\android-notifier-desktop.lnk [2011.06.15 19:25:25 | 000,001,043 | ---- | C] () -- C:\Users\Hody\Desktop\Dropbox.lnk [2011.06.15 19:23:49 | 000,001,023 | ---- | C] () -- C:\Users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.06.08 21:41:20 | 000,000,036 | ---- | C] () -- C:\Users\Hody\AppData\Local\housecall.guid.cache [2011.06.05 01:44:28 | 000,000,078 | ---- | C] () -- C:\Users\Hody\AppData\Local\CrystalDiskMark30.ini [2011.06.02 21:12:47 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2011.06.02 02:04:32 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2011.05.14 10:28:44 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.05.14 10:28:44 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.05.14 10:28:43 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\statistics.dat [2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.04.19 09:22:57 | 000,001,832 | ---- | C] () -- C:\Users\Hody\AppData\Local\SLC_Hody.prx [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.11.16 21:14:55 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll [2010.11.16 21:14:25 | 000,000,128 | ---- | C] () -- C:\Windows\Cm108.ini.imi [2010.09.19 21:48:49 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2010.09.19 21:48:48 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.09.19 21:48:34 | 000,037,574 | ---- | C] () -- C:\Windows\Irremote.ini [2010.09.19 21:48:05 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe [2010.09.19 21:41:33 | 000,002,302 | ---- | C] () -- C:\Windows\HCWPNP.INI [2010.04.11 23:03:40 | 000,139,816 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.03.20 11:44:03 | 000,000,218 | ---- | C] () -- C:\Windows\iepreview.ini [2010.02.17 00:56:53 | 000,000,297 | ---- | C] () -- C:\Windows\Cm108.ini.cfl [2010.02.17 00:56:35 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg [2010.02.17 00:56:35 | 000,001,151 | ---- | C] () -- C:\Windows\cm108.ini [2010.01.18 01:04:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.13 01:29:37 | 001,538,568 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.01.09 22:44:48 | 000,011,264 | ---- | C] () -- C:\Users\Hody\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.24 02:57:48 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.12.12 03:31:40 | 000,000,017 | ---- | C] () -- C:\Users\Hody\AppData\Local\resmon.resmoncfg [2009.12.03 23:33:48 | 004,244,744 | ---- | C] () -- C:\Windows\SysWow64\qtp-mt334.dll [2009.12.03 23:33:48 | 000,247,560 | ---- | C] () -- C:\Windows\SysWow64\prgiso.dll [2009.12.03 23:33:48 | 000,013,576 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll [2009.11.26 00:39:03 | 000,025,614 | ---- | C] () -- C:\Windows\notepad2.ini [2009.11.24 03:03:19 | 000,000,069 | ---- | C] () -- C:\Windows\SysWow64\everest_cpl.ini [2009.11.23 05:44:32 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009.11.23 05:44:32 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.08.16 12:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009.08.03 03:16:32 | 001,012,736 | ---- | C] () -- C:\Windows\SysWow64\Notepad2.exe [2009.07.28 02:00:00 | 000,025,806 | ---- | C] () -- C:\Windows\SysWow64\notepad2.ini [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:56:36 | 001,012,736 | ---- | C] () -- C:\Windows\notepad.exe [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.14 01:41:04 | 001,012,736 | ---- | C] () -- C:\Windows\SysWow64\notepad.exe [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.05.29 17:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.05.29 17:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.05.14 16:29:30 | 000,008,520 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll [2007.11.14 18:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CogentBioSDK.dll [2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009.11.24 09:13:03 | 000,001,024 | ---- | M] () -- C:\.rnd [2011.06.23 12:00:41 | 000,167,731 | ---- | M] () -- C:\aaw7boot.log [2010.11.20 05:40:08 | 000,383,786 | RHS- | M] () -- C:\bootmgr [2009.11.23 02:38:36 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010.09.20 22:06:59 | 000,087,832 | ---- | M] () -- C:\hcwDriverInstall.txt [2011.06.23 12:00:42 | 3756,904,447 | -HS- | M] () -- C:\hiberfil.sys [2009.10.01 23:26:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009.10.01 23:26:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009.11.25 12:19:34 | 000,000,698 | ---- | M] () -- C:\RemoveCodec.iss < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2009.07.14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009.07.14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009.07.14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.07.14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009.06.10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\user32.dll /md5 > [2010.11.20 05:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2010.11.20 05:21:40 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 05:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 06:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > |
|
23.06.2011, 12:20
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Opera / WMP machen sich selbstständig Ich wollte aber das Fixlog sehen...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.06.2011, 13:35
| #9 |
| | Opera / WMP machen sich selbstständig Hat mir nichts zum abspeichern angeboten, jetzt ist es wohl zu spät  |
|
23.06.2011, 14:48
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Opera / WMP machen sich selbstständig Schau nach in C:\_OTL !
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.06.2011, 20:28
| #11 | |
| | Opera / WMP machen sich selbstständig Oh ja, habs gefunden: Zitat:
|
|
23.06.2011, 20:55
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Opera / WMP machen sich selbstständig Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.06.2011, 21:30
| #13 |
| | Opera / WMP machen sich selbstständig SPTD is locked, davon abgesehen, keine Infection gefunden... |
|
23.06.2011, 21:33
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Opera / WMP machen sich selbstständig Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.06.2011, 22:25
| #15 |
| | Opera / WMP machen sich selbstständig Combofix Logfile: Code:
ATTFilter ComboFix 11-06-23.01 - Hody 23.06.2011 23:03:43.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.10238.8482 [GMT 2:00]
ausgeführt von:: c:\users\Hody\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hody\AppData\Roaming\AD ON Multimedia
c:\users\Hody\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\config.ini
c:\windows\Downloaded Program Files\Install.inf
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-23 bis 2011-06-23 ))))))))))))))))))))))))))))))
.
.
2011-06-23 21:09 . 2011-06-23 21:09 -------- d-----w- c:\users\Yohis\AppData\Local\temp
2011-06-23 21:09 . 2011-06-23 21:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-06-23 21:09 . 2011-06-23 21:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-23 21:09 . 2011-06-23 21:09 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-06-23 16:15 . 2011-06-23 16:15 -------- d-----w- c:\program files (x86)\Common Files\PCSuite
2011-06-23 16:15 . 2011-06-23 16:15 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2011-06-23 09:59 . 2011-06-23 09:59 -------- d-----w- C:\_OTL
2011-06-22 12:33 . 2011-06-22 12:33 -------- d-----w- c:\programdata\Hagel Technologies
2011-06-22 12:30 . 2011-06-22 17:37 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-22 12:30 . 2011-06-22 12:47 -------- d-----w- c:\programdata\Hitman Pro
2011-06-22 12:21 . 2006-06-19 10:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2011-06-22 12:21 . 2006-05-25 12:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2011-06-22 12:21 . 2005-08-25 22:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2011-06-22 12:21 . 2003-02-02 17:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2011-06-22 12:21 . 2002-03-05 22:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2011-06-22 12:21 . 2011-06-22 12:21 -------- d-----w- c:\program files (x86)\Trojan Remover
2011-06-22 12:21 . 2011-06-22 12:21 -------- d-----w- c:\users\Hody\AppData\Roaming\Simply Super Software
2011-06-22 12:21 . 2011-06-22 12:21 -------- d-----w- c:\programdata\Simply Super Software
2011-06-22 10:50 . 2011-06-22 10:59 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-06-22 10:50 . 2011-06-22 10:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-22 10:13 . 2011-06-22 10:13 -------- d-----w- c:\program files\CCleaner
2011-06-21 22:30 . 2011-06-21 22:30 388096 ----a-r- c:\users\Hody\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-21 22:30 . 2011-06-21 22:30 -------- d-----w- c:\program files (x86)\Trend Micro
2011-06-21 18:02 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D62BE89A-7AAF-4B99-824D-70D6B518FE9E}\mpengine.dll
2011-06-19 21:04 . 2011-06-19 21:04 -------- d-----w- c:\users\Hody\AppData\Local\ALK_Technologies
2011-06-19 21:03 . 2011-06-19 21:03 -------- d-----w- c:\users\Hody\AppData\Roaming\ALK Technologies
2011-06-19 17:30 . 2011-06-19 17:30 -------- d-----w- c:\users\Hody\.android
2011-06-19 17:30 . 2011-06-19 17:30 -------- d-----w- c:\program files\Android Notifier Desktop
2011-06-15 19:12 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 19:12 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 19:11 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 19:11 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 19:11 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 19:01 . 2011-05-28 03:06 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-06-15 18:56 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 18:56 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 18:56 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 18:41 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 18:41 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-15 18:32 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 18:32 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-15 17:23 . 2011-06-23 10:15 -------- d-----w- c:\users\Hody\AppData\Roaming\Dropbox
2011-06-14 18:41 . 2011-06-14 18:41 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2011-06-14 18:41 . 2011-06-14 18:41 93496 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2011-06-10 18:37 . 2011-06-10 18:37 -------- d-----w- c:\program files (x86)\Useful Apps
2011-06-08 20:01 . 2011-06-08 20:01 -------- d-----w- c:\users\Hody\AppData\Roaming\Malwarebytes
2011-06-08 20:01 . 2011-06-08 20:01 -------- d-----w- c:\programdata\Malwarebytes
2011-06-08 20:01 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-08 19:28 . 2011-06-08 19:28 -------- d-----w- c:\users\Hody\AppData\Local\PackageAware
2011-06-02 19:13 . 2011-06-02 23:51 -------- d-----w- c:\users\Hody\AppData\Roaming\Mp3tag
2011-06-02 19:12 . 2011-06-02 19:12 -------- d-----w- c:\program files (x86)\Mp3tag
2011-06-02 12:07 . 2011-06-02 12:07 -------- d-----w- c:\users\Hody\AppData\Roaming\CompanionLink
2011-06-02 11:49 . 2011-06-02 11:49 -------- d-----w- C:\Temp
2011-06-02 11:16 . 2011-06-02 11:36 -------- d-sh--w- c:\users\Hody\Phone Browser
2011-06-02 10:27 . 2011-06-02 10:27 -------- d-----w- c:\users\Hody\AppData\Local\Samsung
2011-06-02 00:01 . 2011-04-27 12:20 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2011-06-02 00:00 . 2011-06-02 00:00 -------- d-----w- c:\program files (x86)\MarkAny
2011-06-02 00:00 . 2011-04-27 12:19 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2011-06-02 00:00 . 2011-06-02 00:00 -------- d-----w- c:\users\Hody\AppData\Roaming\Samsung
2011-06-02 00:00 . 2011-06-02 00:01 -------- d-----w- c:\program files (x86)\Samsung
2011-06-02 00:00 . 2011-06-02 00:01 -------- d-----w- c:\programdata\Samsung
2011-06-01 23:59 . 2011-06-19 20:58 -------- d-----w- c:\users\Hody\AppData\Local\Downloaded Installations
2011-06-01 20:19 . 2011-06-22 17:46 -------- d-----w- c:\windows\WindowsMobile
2011-05-27 21:05 . 2011-05-27 21:05 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-05-26 22:14 . 2011-05-26 22:14 -------- d-----w- c:\program files\Microsoft IntelliPoint
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 17:25 . 2011-05-16 05:57 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-24 17:14 . 2009-11-23 03:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-20 18:26 . 2010-08-02 22:16 1166144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-05-08 21:16 . 2009-12-02 23:08 1152832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-27 12:19 . 2011-04-27 12:19 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-04-27 12:19 . 2011-04-27 12:19 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-04-27 12:19 . 2011-04-27 12:19 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-04-27 12:19 . 2011-04-27 12:19 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2011-04-27 12:19 . 2011-04-27 12:19 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2011-04-27 12:19 . 2011-04-27 12:19 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2011-04-27 12:19 . 2011-04-27 12:19 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2011-04-27 12:19 . 2011-04-27 12:19 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2011-04-27 12:19 . 2011-04-27 12:19 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2011-04-27 12:19 . 2011-04-27 12:19 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2011-04-27 12:19 . 2011-04-27 12:19 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2011-04-27 12:19 . 2011-04-27 12:19 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2011-04-27 12:19 . 2011-04-27 12:19 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2011-04-27 12:19 . 2011-04-27 12:19 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2011-04-27 12:19 . 2011-04-27 12:19 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2011-04-27 12:19 . 2011-04-27 12:19 40960 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2011-04-27 12:19 . 2011-04-27 12:19 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2011-04-27 12:19 . 2011-04-27 12:19 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2011-04-27 12:19 . 2011-04-27 12:19 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2011-04-27 12:19 . 2011-04-27 12:19 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2011-04-27 12:19 . 2011-04-27 12:19 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2011-04-27 12:19 . 2011-04-27 12:19 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2011-04-27 12:19 . 2011-04-27 12:19 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2011-04-27 12:19 . 2011-04-27 12:19 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2011-04-27 12:19 . 2011-04-27 12:19 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2011-04-27 12:19 . 2011-04-27 12:19 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2011-04-27 12:19 . 2011-04-27 12:19 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2011-04-27 12:19 . 2011-04-27 12:19 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2011-04-22 22:15 . 2011-05-24 17:58 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-19 17:26 . 2011-04-19 17:26 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2011-04-19 17:26 . 2011-04-19 17:26 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-04-13 13:04 . 2011-04-13 13:04 45432 ----a-w- c:\windows\system32\drivers\point64.sys
2011-04-12 11:01 . 2011-04-12 11:01 52632 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-09 07:02 . 2011-05-10 19:07 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-19 16:17 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-10 19:07 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-10 19:07 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 16:17 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-04-08 21:00 . 2011-04-08 21:00 465920 ----a-w- c:\windows\system32\itpcoin815.dll
2011-04-08 21:00 . 2011-04-08 21:00 464896 ----a-w- c:\windows\system32\ipcoin815.dll
2011-04-08 05:14 . 2011-04-19 11:04 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2011-04-19 11:04 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-04-08 05:14 . 2011-04-19 11:04 6974056 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2011-04-19 11:04 5183080 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-04-08 05:14 . 2011-04-19 11:04 2893416 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2011-04-19 11:04 2765928 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-04-08 05:14 . 2011-04-19 11:04 2204264 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2011-04-19 11:04 2074216 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-04-08 05:14 . 2011-04-19 11:04 20700264 ----a-w- c:\windows\system32\nvoglv64.dll
2011-04-08 05:14 . 2011-04-19 11:04 18578536 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2011-04-19 11:04 15227496 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-04-08 05:14 . 2011-04-19 11:04 13262184 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-04-08 05:14 . 2011-04-19 11:04 13007464 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-04-08 05:14 . 2011-04-19 11:04 12934248 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-04-08 05:14 . 2011-04-19 11:04 10071656 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-04-08 05:14 . 2011-03-31 22:33 6299752 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-04-08 05:14 . 2011-03-31 22:33 1619048 ----a-w- c:\windows\system32\nvdispco6420140.dll
2011-04-08 05:14 . 2011-03-31 22:33 1404008 ----a-w- c:\windows\system32\nvgenco642060.dll
2011-04-08 05:14 . 2010-04-03 21:55 8411752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-04-08 05:14 . 2009-09-27 16:12 2273896 ----a-w- c:\windows\system32\nvapi64.dll
2011-04-08 05:14 . 2009-09-27 16:12 2034280 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-04-07 21:19 . 2011-04-07 21:19 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-07 21:19 . 2011-04-07 21:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 21:19 . 2011-04-07 21:19 1012328 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 21:19 . 2011-04-07 21:19 797288 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-07 21:19 . 2011-04-07 21:19 6338152 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 21:18 . 2011-04-07 21:18 3041384 ----a-w- c:\windows\system32\nvsvc64.dll
2011-04-03 05:12 . 2010-08-02 22:17 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-03 05:02 . 2010-08-02 22:17 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-31 18:23 . 2009-12-02 23:08 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-03-31 18:23 . 2010-10-25 07:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hody\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hody\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hody\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrafficMonitor"="c:\progra~2\TRAFFI~1\TRAFFICMONITOR.EXE" [2009-01-22 4684288]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-04-28 934800]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-04-28 3373968]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-04-28 19856]
"HijackThis startup scan"="c:\program files (x86)\Trend Micro\HiJackThis\HijackThis.exe" [2010-03-25 388096]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"Ad-Watch"="c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe" [2011-05-13 1191216]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-11-30 842816]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"PDFPrint"="c:\program files (x86)\pdf24\pdf24.exe" [2011-04-28 220552]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]
"SpybotSnD"="c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
.
c:\users\Hody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
android-notifier-desktop.lnk - c:\program files\Android Notifier Desktop\android-notifier-desktop.exe [2010-10-6 608524]
Dropbox.lnk - c:\users\Hody\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
FRITZ!DSL Startcenter.lnk - c:\users\Hody\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe [2010-9-12 80896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Protect.lnk - c:\program files\FRITZ!DSL\FwebProt.exe [2009-4-17 1105208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz130;cpuz130;c:\users\Hody\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-02-04 17152]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET_AMD64.SYS [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [x]
S0 hotcore3;hotcore3;c:\windows\SysWOW64\drivers\hotcore3.sys [2008-01-21 36368]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-08 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 88888]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-08 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2008-08-11 15928]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S2 TMPService;TrafficMonitor Packettreiber Initialisierung;c:\program files (x86)\TrafficMonitor\TMPacketServiceInit.exe [2009-01-22 692808]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-09-25 720688]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 dpK00701;U.are.U® FingerabdruckcLeserUppercTreiber;c:\windows\system32\DRIVERS\dpK00701.sys [x]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2009-10-02 26240]
S3 hcw88bda;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [x]
S3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\Drivers\hcw88rc5.sys [x]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [x]
S3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [x]
S3 netr28x;Ralink 802.11n-Drahtlostreiber für Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 usbdpfp;U.are.U® FingerabdruckcLeserUppercTreiber Class Driver;c:\windows\system32\DRIVERS\usbdpfp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - EVERESTDRIVER
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Hody\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Hody\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Hody\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Hody\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF2540.cfxxe" [X]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-08-11 57928]
"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2009-05-11 8126464]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.hody.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Alles mit FlashGet laden
IE: &Alles mit InstantGet runterladen
IE: &Mit FlashGet laden
IE: Acoo Search(&A)
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Mit InstantGet runterla&den
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4BE3C22E-DD3B-4ED6-99DE-3B14815F4953}: NameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1753460692-1045079221-1087798426-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E49AF09-5E03-B304-6A9F-C85BF2D83A5B}*]
"hammakhikaiicllf"=hex:6a,61,62,69,6f,63,6d,6a,66,69,68,63,6b,66,66,6c,69,65,
67,65,00,00
"iacocmajabaohilmib"=hex:63,61,65,69,65,65,00,00
"iagnklhchcploenfdj"=hex:69,61,64,69,61,6b,6e,61,62,66,6e,70,70,6d,69,62,6a,65,
00,77
.
[HKEY_USERS\S-1-5-21-1753460692-1045079221-1087798426-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{95B9FF67-AAED-97D9-1AB0-C85F757B9524}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\progra~2\WinTV\TVServer\HAUPPA~1.EXE
c:\progra~2\WinTV\TVServer\CAPTUR~3.EXE
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-23 23:18:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-06-23 21:18
.
Vor Suchlauf: 17 Verzeichnis(se), 43.346.432.000 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 43.307.134.976 Bytes frei
.
- - End Of File - - 2A168CEB09CD7F82EFC33E00A0746152
|
| Themen zu Opera / WMP machen sich selbstständig |
| ad-aware, antivir, antivir guard, avira, bho, browser, checkpoint, computer, cursor, desktop, dsl, frage, hijack, hijackthis, internet, internet explorer, makro, mein log, nvidia update, object, performance, plug-in, problem, rundll, s.m.a.r.t., senden, software, starten, syswow64, tastatur, trojaner, windows |
Linear-Darstellung
