| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: OjL.exe Virus(SPYWARE)?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.06.2011, 16:38
| #1 |
| |  OjL.exe Virus(SPYWARE)? Hallo, Ich glaub ich hab mir heut einen Virus eingefangen (keine ahnung von wo). im TaskManager ist immer der Prozess z.B. OjL6146.exe offen. Die Buchstaben/Zahlen nach OjL ändern sich immer, da wenn ich ihn schließe ca 2 Minuten später der Prozess wieder da ist nur eben mit anderer Zahlenkombination. Bemerkbar macht er sich dadurch das z.B. Youtube Videos oder Streams die ich gucken mehr hängen und Probleme beim puffern haben und allgemein ist mein PC ein bisschen rucklig seitdem. der Dateipfad ist , dort liegt die exe und eine TMP-Datei Users\Mathias\AppData\Local\Temp hier noch ein Screen: hxxp://imageshack.us/photo/my-images/11/asdcwn.png/ Nun würd ich gern wissen wie ich diesen Virus beseitige. mfg  ich entschuldige mich schonmal dafür ,da ich mich grad erst angemeldet hab und mich hier erst einfinden muss denn ich glaub ich bin im falschen topic |
|
28.06.2011, 16:39
| #2 |
| /// Malware-holic   | OjL.exe Virus(SPYWARE)? hiho
__________________nein, hier ist ok Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
28.06.2011, 17:10
| #3 |
| | OjL.exe Virus(SPYWARE)? OTL.txt
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.06.2011 17:49:00 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Mathias\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,28% Memory free 7,99 Gb Paging File | 6,76 Gb Available in Paging File | 84,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,56 Gb Total Space | 247,29 Gb Free Space | 86,90% Space Free | Partition Type: NTFS Drive D: | 13,23 Gb Total Space | 2,20 Gb Free Space | 16,66% Space Free | Partition Type: NTFS Computer Name: MATHIAS-PC | User Name: Mathias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mathias\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Mathias\AppData\Local\Temp\NAK10B.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Mathias\AppData\Roaming\Cooq\adgif.exe (TODO: <Company name>) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) ========== Modules (SafeList) ========== MOD - C:\Users\Mathias\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Programme\AVAST Software\Avast\snxhk.dll (AVAST Software) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (ESLWireAC) -- C:\Windows\SysNative\drivers\ESLWireACD.sys (<Turtle Entertainment>) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard) DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (PStrip64) -- C:\Windows\SysNative\drivers\pstrip64.sys () DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys () DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Almico Software) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1572109169-418036727-2730823058-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE - HKU\S-1-5-21-1572109169-418036727-2730823058-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKU\S-1-5-21-1572109169-418036727-2730823058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.06.28 17:04:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.22 17:08:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.25 19:44:46 | 000,000,000 | ---D | M] [2011.06.13 21:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions [2011.06.23 15:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\wqju49zt.default\extensions [2011.06.13 21:12:56 | 000,002,497 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\wqju49zt.default\searchplugins\SearchResults.xml [2011.06.13 21:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.06.28 17:04:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2011.04.21 01:20:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.04.21 01:20:52 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2011.04.21 01:20:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.06.13 21:12:56 | 000,002,497 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml [2011.04.21 01:20:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.04.21 01:20:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.06.18 23:35:54 | 000,001,161 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 78.47.251.150 easyanticheat.se # misleading site O1 - Hosts: 78.47.251.150 Playstar ARENAN # misleading site O1 - Hosts: 78.47.251.150 easyanticheat.com # misleading site O1 - Hosts: 78.47.251.150 www.easyanticheat.com [8] # misleading site O1 - Hosts: 78.47.251.150 easyanticheat.org # misleading site O1 - Hosts: 78.47.251.150 Search Results for "easyanticheat.org" # misleading site O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1572109169-418036727-2730823058-1000..\Run: [{85D36F69-13DB-B228-1A89-2DAA43DD8FAA}] C:\Users\Mathias\AppData\Roaming\Cooq\adgif.exe (TODO: <Company name>) O4 - HKU\S-1-5-21-1572109169-418036727-2730823058-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKU\S-1-5-21-1572109169-418036727-2730823058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) MsConfig:64bit - StartUpFolder: C:^Users^Mathias^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk - C:\Program Files (x86)\PowerStrip\PStrip.exe - (EnTech Taiwan) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ESL Wire - hkey= - key= - C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: HPADVISOR - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: HPCam_Menu - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - File not found MsConfig:64bit - StartUpReg: QlbCtrl.exe - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SmartMenu - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) MsConfig:64bit - StartUpReg: SysTrayApp - hkey= - key= - C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) MsConfig:64bit - StartUpReg: UpdatePRCShortCut - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: WirelessAssistant - hkey= - key= - File not found MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.06.28 17:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2011.06.28 17:05:19 | 000,287,576 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2011.06.28 17:05:19 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2011.06.28 17:05:15 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2011.06.28 17:05:15 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2011.06.28 17:05:14 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2011.06.28 17:05:14 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011.06.28 17:05:14 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2011.06.28 17:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.06.28 17:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.06.28 17:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.06.28 17:04:51 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2011.06.28 17:04:51 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011.06.28 17:04:44 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2011.06.28 17:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011.06.28 16:52:43 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.06.28 16:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.06.28 16:48:46 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.06.28 16:46:38 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2011.06.28 16:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011.06.28 16:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2011.06.28 16:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2011.06.28 15:55:31 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2011.06.28 15:55:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2011.06.28 15:55:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2011.06.28 11:42:16 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Ezefoq [2011.06.28 11:42:16 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Cooq [2011.06.28 11:42:02 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Adobe [2011.06.25 02:21:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2011.06.24 18:03:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2011.06.18 13:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auxiliary Power [2011.06.17 21:33:08 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Documents\Webcam [2011.06.14 22:20:41 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Ventrilo [2011.06.13 21:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2011.06.12 20:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit [2011.06.12 20:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VTFEdit [2011.06.12 19:56:37 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\gtk-2.0 [2011.06.12 19:23:13 | 000,000,000 | ---D | C] -- C:\Users\Mathias\.thumbnails [2011.06.12 18:40:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Documents\gegl-0.0 [2011.06.12 18:40:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias\.gimp-2.6 [2011.06.12 18:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP [2011.06.12 18:39:57 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0 [2011.06.12 08:46:56 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\ESL Wire Game Client [2011.06.12 08:46:27 | 000,179,616 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys [2011.06.12 08:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire [2011.06.12 08:46:21 | 000,000,000 | ---D | C] -- C:\Programme\EslWire [2011.06.12 08:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ESL Wire [2011.06.12 02:54:07 | 000,000,000 | ---D | C] -- C:\Windows\ehome [2011.06.12 02:52:47 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011.06.11 21:10:49 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Mozilla [2011.06.11 21:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox [2011.06.11 21:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011.06.11 20:33:45 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Diagnostics [2011.06.11 19:23:44 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\AMD [2011.06.11 19:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.06.11 19:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2011.06.11 19:23:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies [2011.06.11 19:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2011.06.11 19:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Pro Control Center [2011.06.11 19:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2011.06.11 19:23:11 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys [2011.06.11 19:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2011.06.11 19:21:24 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies [2011.06.11 19:20:42 | 000,000,000 | ---D | C] -- C:\ATI [2011.06.11 19:14:20 | 000,000,000 | ---D | C] -- C:\AMD [2011.06.11 18:51:32 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.06.11 18:42:43 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\ElevatedDiagnostics [2011.06.11 18:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2011.06.11 18:32:02 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Opera [2011.06.11 18:32:02 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Opera [2011.06.11 18:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2011.06.11 18:31:49 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\WinRAR [2011.06.11 18:31:49 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.06.11 18:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.06.11 18:31:46 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR [2011.06.11 18:31:38 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerStrip [2011.06.11 18:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerStrip [2011.06.11 18:25:07 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2011.06.11 18:22:28 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\TS3Client [2011.06.11 18:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2011.06.11 18:21:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client [2011.06.11 18:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2011.06.11 18:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2011.06.11 18:10:56 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Mozilla [2011.06.11 18:07:25 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\Musik [2011.06.11 18:02:28 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2011.06.11 18:02:28 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll [2011.06.11 18:02:28 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll [2011.06.11 18:02:28 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2011.06.11 18:00:05 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Macromedia [2011.06.11 18:00:02 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Adobe [2011.06.11 17:55:26 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.06.11 17:54:18 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\ATI [2011.06.11 17:54:18 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\ATI [2011.06.11 17:54:17 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Hewlett-Packard [2011.06.11 17:53:54 | 000,000,000 | R--D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.06.11 17:53:54 | 000,000,000 | R--D | C] -- C:\Users\Mathias\Searches [2011.06.11 17:53:54 | 000,000,000 | R--D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.06.11 17:53:46 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Identities [2011.06.11 17:53:44 | 000,000,000 | R--D | C] -- C:\Users\Mathias\Contacts [2011.06.11 17:53:43 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\VirtualStore [2011.06.11 17:53:31 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Hewlett-Packard_Company [2011.06.11 17:53:28 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\hpqlog [2011.06.11 17:49:38 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\HP TCS [2011.06.11 17:47:55 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Hewlett-Packard [2011.06.11 17:47:13 | 000,000,000 | --SD | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft [2011.06.11 17:47:13 | 000,000,000 | R--D | C] -- C:\Users\Mathias\Videos [2011.06.11 17:47:13 | 000,000,000 | R--D | C] -- C:\Users\Mathias\Saved Games [2011.06.11 17:47:13 | 000,000,000 | R--D | C] -- C:\Users\Mathias\Pictures [2011.06.11 17:47:13 | 000,000,000 | R--D | C] -- C:\Users\Mathias\Music [2011.06.11 17:47:13 | 000,000,000 | R--D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.06.11 17:47:13 | 000,000,000 | R--D | C] -- C:\Users\Mathias\Links [2011.06.11 17:47:13 | 000,000,000 | R--D | C] -- C:\Users\Mathias\Favorites [2011.06.11 17:47:13 | 000,000,000 | R--D | C] -- C:\Users\Mathias\Downloads [2011.06.11 17:47:13 | 000,000,000 | R--D | C] -- C:\Users\Mathias\Documents [2011.06.11 17:47:13 | 000,000,000 | R--D | C] -- C:\Users\Mathias\Desktop [2011.06.11 17:47:13 | 000,000,000 | R--D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.06.11 17:47:13 | 000,000,000 | -HSD | C] -- C:\Users\Mathias\Vorlagen [2011.06.11 17:47:13 | 000,000,000 | -HSD | C] -- C:\Users\Mathias\AppData\Local\Verlauf [2011.06.11 17:47:13 | 000,000,000 | -HSD | C] -- C:\Users\Mathias\AppData\Local\Temporary Internet Files [2011.06.11 17:47:13 | 000,000,000 | -HSD | C] -- C:\Users\Mathias\Startmenü [2011.06.11 17:47:13 | 000,000,000 | -HSD | C] -- C:\Users\Mathias\SendTo [2011.06.11 17:47:13 | 000,000,000 | -HSD | C] -- C:\Users\Mathias\Recent [2011.06.11 17:47:13 | 000,000,000 | -HSD | C] -- C:\Users\Mathias\Netzwerkumgebung [2011.06.11 17:47:13 | 000,000,000 | -HSD | C] -- C:\Users\Mathias\Lokale Einstellungen [2011.06.11 17:47:13 | 000,000,000 | -HSD | C] -- C:\Users\Mathias\Documents\Eigene Videos [2011.06.11 17:47:13 | 000,000,000 | -HSD | C] -- C:\Users\Mathias\Documents\Eigene Musik [2011.06.11 17:47:13 | 000,000,000 | -HSD | C] -- C:\Users\Mathias\Eigene Dateien [2011.06.11 17:47:13 | 000,000,000 | -HSD | C] -- C:\Users\Mathias\Documents\Eigene Bilder [2011.06.11 17:47:13 | 000,000,000 | -HSD | C] -- C:\Users\Mathias\Druckumgebung [2011.06.11 17:47:13 | 000,000,000 | -HSD | C] -- C:\Users\Mathias\Cookies [2011.06.11 17:47:13 | 000,000,000 | -HSD | C] -- C:\Users\Mathias\AppData\Local\Anwendungsdaten [2011.06.11 17:47:13 | 000,000,000 | -HSD | C] -- C:\Users\Mathias\Anwendungsdaten [2011.06.11 17:47:13 | 000,000,000 | -H-D | C] -- C:\Users\Mathias\AppData [2011.06.11 17:47:13 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Temp [2011.06.11 17:47:13 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager [2011.06.11 17:47:13 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Microsoft [2011.06.11 17:47:13 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Media Center Programs [2011.06.11 17:47:13 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP [2011.06.11 17:47:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2011.06.11 17:47:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2011.06.11 17:47:01 | 000,000,000 | -HSD | C] -- C:\Programme [2011.06.11 17:47:01 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2011.06.11 17:47:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2011.06.11 17:47:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2011.06.11 17:47:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2011.06.11 17:47:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2011.06.11 17:47:01 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2011.06.11 17:47:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2011.06.11 17:47:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2011.06.11 17:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery [2011.06.11 17:23:31 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services [2011.06.11 17:10:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling [2011.06.11 17:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe [2011.06.11 17:07:00 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2011.06.11 17:06:19 | 000,436,224 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTEC64.dll [2011.06.11 17:06:19 | 000,068,608 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAR64.dll [2011.06.11 17:06:18 | 012,158,464 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idtcpl64.cpl [2011.06.11 17:06:18 | 000,564,224 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idt64mp1.exe [2011.06.11 17:06:18 | 000,160,768 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAC64.dll [2011.06.11 17:06:18 | 000,090,624 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTCo64.dll [2011.06.11 17:06:17 | 003,593,216 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll [2011.06.11 17:06:17 | 000,450,048 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe [2011.06.11 17:06:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs [2011.06.11 17:05:38 | 000,209,920 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll [2011.06.11 17:05:36 | 000,487,936 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys [2011.06.11 17:05:35 | 001,431,552 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll [2011.06.11 17:05:35 | 000,604,672 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll [2011.06.11 17:05:35 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll [2011.06.11 17:05:27 | 000,000,000 | ---D | C] -- C:\Programme\IDT [2011.06.11 17:05:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros [2011.06.11 17:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2011.06.11 17:04:50 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011.06.11 17:04:27 | 000,215,040 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2011.06.11 17:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2011.06.11 17:04:13 | 000,036,408 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys [2011.06.11 17:04:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2011.06.11 17:04:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD [2011.06.11 17:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JMicron [2011.06.11 17:03:38 | 000,000,000 | ---D | C] -- C:\Programme\DIFX [2011.06.11 17:03:21 | 000,000,000 | ---D | C] -- C:\Programme\Synaptics [2011.06.11 17:01:16 | 000,000,000 | ---D | C] -- C:\Programme\ATI [2011.06.11 16:56:59 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch ========== Files - Modified Within 30 Days ========== [2011.06.28 17:48:32 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.28 17:48:32 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.28 17:47:35 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.06.28 17:47:35 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.06.28 17:47:35 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.06.28 17:47:35 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.06.28 17:47:35 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.06.28 17:41:36 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.06.28 17:41:04 | 000,349,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.06.28 17:41:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.28 17:40:49 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys [2011.06.28 17:34:32 | 000,326,975 | ---- | M] () -- C:\Users\Mathias\Desktop\asd.jpg [2011.06.28 17:05:20 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011.06.28 17:05:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2011.06.28 17:04:57 | 000,001,218 | ---- | M] () -- C:\Users\Mathias\Desktop\Spybot - Search & Destroy.lnk [2011.06.28 16:52:42 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.06.28 16:48:47 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.06.28 16:46:38 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.06.28 15:55:31 | 000,000,967 | ---- | M] () -- C:\Users\Mathias\Desktop\SpeedFan.lnk [2011.06.28 15:55:30 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2011.06.27 21:15:46 | 006,459,648 | ---- | M] () -- C:\Users\Mathias\Desktop\84131781.mp3 [2011.06.27 12:59:44 | 000,030,746 | ---- | M] () -- C:\Users\Mathias\.recently-used.xbel [2011.06.26 13:14:31 | 000,008,982 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\PStrip.ini [2011.06.25 18:34:56 | 000,003,532 | ---- | M] () -- C:\Users\Mathias\Desktop\09607d885f001bdce3ae8cb84258b2fb64e5e2f6_full.jpg [2011.06.25 18:02:35 | 000,029,636 | ---- | M] () -- C:\Users\Mathias\Desktop\cfg.rar [2011.06.24 22:42:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.06.24 13:52:09 | 000,008,982 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\PStrip.bak [2011.06.19 07:31:58 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.06.19 07:31:45 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.06.13 23:34:17 | 000,151,440 | ---- | M] () -- C:\Users\Mathias\Desktop\desasterrrrrr2.jpg [2011.06.13 13:02:49 | 000,008,982 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\PStrip.bko [2011.06.12 20:39:01 | 000,000,907 | ---- | M] () -- C:\Users\Mathias\Desktop\VTFEdit.lnk [2011.06.12 18:40:08 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2011.06.12 08:46:26 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2011.06.11 21:10:47 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.06.11 20:15:49 | 000,001,241 | ---- | M] () -- C:\Users\Mathias\Desktop\notepad - Verknüpfung.lnk [2011.06.11 19:12:26 | 000,000,881 | ---- | M] () -- C:\Users\Mathias\Desktop\Services.lnk [2011.06.11 18:32:01 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2011.06.11 18:31:49 | 000,000,997 | ---- | M] () -- C:\Users\Mathias\Desktop\WinRAR.lnk [2011.06.11 18:25:07 | 000,001,790 | ---- | M] () -- C:\Users\Mathias\Desktop\Counter-Strike Source.lnk [2011.06.11 18:21:38 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2011.06.11 18:18:38 | 000,000,694 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2011.06.11 18:00:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.06.11 17:58:26 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWow64\ezsvc7x.dll [2011.06.11 17:47:55 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion dv6 Notebook PC_Y5335KV_0U_QCNF94742MT_E572195-041_4A_I3637_SQuanta_V33.22_F.08_T091015_WU3-0_L407_M4093_J320_7AMD_8F62_92.00_#110611_N10EC8168;168C002B_(VV880EA#ABD)_XMOBILE_CN10_Z.MRK [2011.06.11 17:47:55 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion dv6 Notebook PC_Y5335KV_0U_QCNF94742MT_E572195-041_4A_I3637_SQuanta_V33.22_F.08_T091015_WU3-0_L407_M4093_J320_7AMD_8F62_92.00_#110611_N10EC8168;168C002B_(VV880EA#ABD)_XMOBILE_CN10_Z.MRK [2011.06.11 17:46:31 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2011.06.11 17:46:31 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2011.06.11 17:03:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01007.Wdf ========== Files Created - No Company Name ========== [2011.06.28 17:41:36 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.06.28 17:34:32 | 000,326,975 | ---- | C] () -- C:\Users\Mathias\Desktop\asd.jpg [2011.06.28 17:05:20 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011.06.28 17:05:14 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2011.06.28 17:04:57 | 000,001,218 | ---- | C] () -- C:\Users\Mathias\Desktop\Spybot - Search & Destroy.lnk [2011.06.28 16:48:47 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.06.28 16:46:38 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.06.28 15:55:31 | 000,000,967 | ---- | C] () -- C:\Users\Mathias\Desktop\SpeedFan.lnk [2011.06.28 15:55:30 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2011.06.27 21:15:46 | 006,459,648 | ---- | C] () -- C:\Users\Mathias\Desktop\84131781.mp3 [2011.06.27 12:59:44 | 000,030,746 | ---- | C] () -- C:\Users\Mathias\.recently-used.xbel [2011.06.25 18:34:55 | 000,003,532 | ---- | C] () -- C:\Users\Mathias\Desktop\09607d885f001bdce3ae8cb84258b2fb64e5e2f6_full.jpg [2011.06.25 18:02:35 | 000,029,636 | ---- | C] () -- C:\Users\Mathias\Desktop\cfg.rar [2011.06.24 22:42:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.06.19 07:31:58 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.06.13 23:34:16 | 000,151,440 | ---- | C] () -- C:\Users\Mathias\Desktop\desasterrrrrr2.jpg [2011.06.12 20:39:01 | 000,000,907 | ---- | C] () -- C:\Users\Mathias\Desktop\VTFEdit.lnk [2011.06.12 18:40:08 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2011.06.12 08:46:26 | 000,000,779 | ---- | C] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2011.06.12 02:54:50 | 000,048,265 | ---- | C] () -- C:\Windows\HomePremium.xml [2011.06.11 21:10:47 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.06.11 20:15:49 | 000,001,241 | ---- | C] () -- C:\Users\Mathias\Desktop\notepad - Verknüpfung.lnk [2011.06.11 19:31:24 | 000,008,982 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\PStrip.bko [2011.06.11 19:29:35 | 000,008,982 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\PStrip.bak [2011.06.11 19:12:55 | 000,008,982 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\PStrip.ini [2011.06.11 19:12:26 | 000,000,881 | ---- | C] () -- C:\Users\Mathias\Desktop\Services.lnk [2011.06.11 18:32:01 | 000,001,801 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2011.06.11 18:32:01 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2011.06.11 18:31:49 | 000,000,997 | ---- | C] () -- C:\Users\Mathias\Desktop\WinRAR.lnk [2011.06.11 18:31:30 | 000,013,008 | ---- | C] () -- C:\Windows\SysNative\drivers\pstrip64.sys [2011.06.11 18:25:07 | 000,001,790 | ---- | C] () -- C:\Users\Mathias\Desktop\Counter-Strike Source.lnk [2011.06.11 18:21:38 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2011.06.11 18:18:38 | 000,000,694 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2011.06.11 18:00:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.06.11 17:54:04 | 000,001,405 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011.06.11 17:53:55 | 000,001,439 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.06.11 17:49:32 | 000,002,202 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk [2011.06.11 17:47:55 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion dv6 Notebook PC_Y5335KV_0U_QCNF94742MT_E572195-041_4A_I3637_SQuanta_V33.22_F.08_T091015_WU3-0_L407_M4093_J320_7AMD_8F62_92.00_#110611_N10EC8168;168C002B_(VV880EA#ABD)_XMOBILE_CN10_Z.MRK [2011.06.11 17:47:55 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion dv6 Notebook PC_Y5335KV_0U_QCNF94742MT_E572195-041_4A_I3637_SQuanta_V33.22_F.08_T091015_WU3-0_L407_M4093_J320_7AMD_8F62_92.00_#110611_N10EC8168;168C002B_(VV880EA#ABD)_XMOBILE_CN10_Z.MRK [2011.06.11 17:04:27 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2011.06.11 17:03:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01007.Wdf [2011.06.11 16:58:09 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011.06.11 16:58:02 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011.06.11 16:56:11 | 3218,235,392 | -HS- | C] () -- C:\hiberfil.sys [2011.04.19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.10.01 20:57:46 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2009.10.01 18:46:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.15 17:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.06.28 11:42:16 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Cooq [2011.06.28 11:43:30 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Ezefoq [2011.06.27 12:59:44 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\gtk-2.0 [2011.06.11 18:32:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Opera [2011.06.28 16:49:17 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\TS3Client [2011.06.28 17:41:36 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2009.07.14 07:08:49 | 000,008,946 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.06.28 11:42:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Adobe [2011.06.11 17:54:18 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ATI [2011.06.28 11:42:16 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Cooq [2011.06.28 11:43:30 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Ezefoq [2011.06.27 12:59:44 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\gtk-2.0 [2011.06.11 17:54:17 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Hewlett-Packard [2011.06.11 17:49:38 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\HP TCS [2011.06.11 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\hpqlog [2011.06.11 17:53:46 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Identities [2011.06.11 18:00:05 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Macromedia [2011.06.12 02:54:07 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Media Center Programs [2011.06.28 17:08:07 | 000,000,000 | --SD | M] -- C:\Users\Mathias\AppData\Roaming\Microsoft [2011.06.11 21:10:55 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Mozilla [2011.06.11 18:32:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Opera [2011.06.28 16:49:17 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\TS3Client [2011.06.14 22:22:00 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Ventrilo [2011.06.11 19:08:47 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.06.15 21:54:53 | 000,137,216 | ---- | M] (TODO: <Company name>) -- C:\Users\Mathias\AppData\Roaming\Cooq\adgif.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe < MD5 for: IASTORV.SYS > [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.06.2011 17:49:00 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Mathias\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,28% Memory free
7,99 Gb Paging File | 6,76 Gb Available in Paging File | 84,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,56 Gb Total Space | 247,29 Gb Free Space | 86,90% Space Free | Partition Type: NTFS
Drive D: | 13,23 Gb Total Space | 2,20 Gb Free Space | 16,66% Space Free | Partition Type: NTFS
Computer Name: MATHIAS-PC | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-1572109169-418036727-2730823058-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F870E-BCF6-F19F-A154-B3488407F467}" = ccc-utility64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6C30F9EF-5032-925C-1905-D87E8472EB85}" = ATI Catalyst Install Manager
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{A97CD0A7-2DF5-EDA0-4FF7-A3BF6CAE771B}" = AMD Fuel
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E34038BB-5358-3890-B5C8-37C5FE817806}" = WMV9/VC-1 Video Playback
"CCleaner" = CCleaner
"ESL Wire_is1" = ESL Wire 1.9.7
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{5AFBC2F3-D3F5-660A-A2AD-CAD3E8EDA1D7}" = CCC Help English
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{63953BA4-7F92-98F7-B99D-FEB4B7BF6905}" = Catalyst Control Center Localization All
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7753A3B2-E858-F0B3-3DD9-C027B16CBB81}" = Catalyst Control Center InstallProxy
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{E2616F7B-9E5B-7B21-EDB0-5659A5A4DDA1}" = Catalyst Control Center Graphics Previews Common
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F027C8E3-6DBD-492A-9959-7B36B1DE0D65}" = Ad-Aware
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{FEF90494-3911-A844-2622-545BD4008231}" = Catalyst Pro Control Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Opera 11.11.2109" = Opera 11.11
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"SpeedFan" = SpeedFan (remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VTFEdit_is1" = VTFEdit 1.2.5
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.06.2011 13:05:43 | Computer Name = Mathias-PC | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst
kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten
verbunden. . Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Generatorname: COM+ REGDB Writer Generatorinstanz-ID: {17e691cc-8ac2-4426-ace5-9401e912ab91}
Error - 12.06.2011 13:05:43 | Computer Name = Mathias-PC | Source = VSS | ID = 12346
Description = Volumeschattenkopie-Fehler: Beim Initialisieren des Registrierungs-Generators
ist ein Fehler "0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere
Informationen finden Sie im Anwendungsereignisprotokoll. " aufgetreten. Dies kann
dazu führen, dass keine Schattenkopien mehr erstellt werden können.
Error - 12.06.2011 13:05:43 | Computer Name = Mathias-PC | Source = VSS | ID = 13
Description = Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID
{4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht
gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden.
Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. ] Vorgang: Generator
wird abonniert Kontext: Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer Generatorinstanz-ID: {26f3943d-6714-442b-9dd0-7c3df9d4de2d}
Error - 12.06.2011 13:05:43 | Computer Name = Mathias-PC | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst
kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten
verbunden. . Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer Generatorinstanz-ID: {26f3943d-6714-442b-9dd0-7c3df9d4de2d}
Error - 12.06.2011 13:05:43 | Computer Name = Mathias-PC | Source = VSS | ID = 13
Description = Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID
{4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht
gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden.
Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. ] Vorgang: Generator
wird abonniert Kontext: Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {2422c2e1-b0a9-4cc7-947e-cee014c54719}
Error - 12.06.2011 13:05:43 | Computer Name = Mathias-PC | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst
kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten
verbunden. . Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {2422c2e1-b0a9-4cc7-947e-cee014c54719}
Error - 12.06.2011 16:49:51 | Computer Name = Mathias-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4dcc2d22 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4defe148 Ausnahmecode: 0xc0000005 Fehleroffset: 0x753ace49
ID
des fehlerhaften Prozesses: 0x12d0 Startzeit der fehlerhaften Anwendung: 0x01cc293856879ff8
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\terrormatze196\counter-strike
source\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung:
844475e9-9535-11e0-8b81-00269ea15460
Error - 12.06.2011 18:34:03 | Computer Name = Mathias-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4dcc2d22 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4defe148 Ausnahmecode: 0xc0000005 Fehleroffset: 0x72b3ce49
ID
des fehlerhaften Prozesses: 0xbbc Startzeit der fehlerhaften Anwendung: 0x01cc294aed26f797
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\terrormatze196\counter-strike
source\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung:
12cc8e6c-9544-11e0-8b81-00269ea15460
Error - 12.06.2011 18:55:55 | Computer Name = Mathias-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4dcc2d22 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4defe148 Ausnahmecode: 0xc0000005 Fehleroffset: 0x753ace49
ID
des fehlerhaften Prozesses: 0x1050 Startzeit der fehlerhaften Anwendung: 0x01cc2950f0af68f2
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\terrormatze196\counter-strike
source\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung:
20c9c57a-9547-11e0-8b81-00269ea15460
Error - 12.06.2011 19:58:22 | Computer Name = Mathias-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4dcc2d22 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4defe148 Ausnahmecode: 0xc0000005 Fehleroffset: 0x7244ce49
ID
des fehlerhaften Prozesses: 0x11f4 Startzeit der fehlerhaften Anwendung: 0x01cc295933eb5edb
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\terrormatze196\counter-strike
source\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung:
da246ddf-954f-11e0-8b81-00269ea15460
[ System Events ]
Error - 24.06.2011 16:43:13 | Computer Name = Mathias-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
"COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058
Error - 24.06.2011 16:43:25 | Computer Name = Mathias-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
"COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058
Error - 24.06.2011 16:43:25 | Computer Name = Mathias-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
"COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058
Error - 24.06.2011 16:43:25 | Computer Name = Mathias-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
"COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058
Error - 24.06.2011 16:43:25 | Computer Name = Mathias-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
"COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058
Error - 24.06.2011 20:49:10 | Computer Name = Mathias-PC | Source = DCOM | ID = 10010
Description =
Error - 25.06.2011 04:12:17 | Computer Name = Mathias-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" ist vom
Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058
Error - 25.06.2011 10:47:18 | Computer Name = Mathias-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.1.3 registriert werden. Der Computer mit IP-Adresse 192.168.1.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 25.06.2011 20:04:18 | Computer Name = Mathias-PC | Source = DCOM | ID = 10010
Description =
Error - 26.06.2011 01:45:16 | Computer Name = Mathias-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" ist vom
Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058
< End of report >
|
|
28.06.2011, 17:14
| #4 |
| | OjL.exe Virus(SPYWARE)? doppelpost sry Geändert von desi :) (28.06.2011 um 17:21 Uhr) Grund: doppelpost |
|
28.06.2011, 17:33
| #5 |
| /// Malware-holic | OjL.exe Virus(SPYWARE)? achtung! dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\Users\Mathias\AppData\Local\Temp\NAK10B.exe (Microsoft Corporation) PRC - C:\Users\Mathias\AppData\Roaming\Cooq\adgif.exe (TODO: <Company name>) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found O4 - HKLM..\Run: [] File not found :Files ipconfig /flushdns /c C:\Users\Mathias\AppData\Local\Temp\NAK10B.exe C:\Users\Mathias\AppData\Roaming\Cooq :Commands [purity] [EMPTYFLASH] [resethosts] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer , öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.06.2011, 17:46
| #6 |
| | OjL.exe Virus(SPYWARE)? All processes killed ========== OTL ========== No active process named NAK10B.exe was found! No active process named adgif.exe was found! 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Mathias\Downloads\cmd.bat deleted successfully. C:\Users\Mathias\Downloads\cmd.txt deleted successfully. C:\Users\Mathias\AppData\Local\Temp\NAK10B.exe moved successfully. C:\Users\Mathias\AppData\Roaming\Cooq folder moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Mathias ->Flash cache emptied: 983 bytes User: Public Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mathias ->Temp folder emptied: 61034466 bytes ->Temporary Internet Files folder emptied: 115492 bytes ->Java cache emptied: 24918701 bytes ->FireFox cache emptied: 70012334 bytes ->Opera cache emptied: 131486 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50233 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 149,00 mb OTL by OldTimer - Version 3.2.24.1 log created on 06282011_183753 Files\Folders moved on Reboot... C:\Users\Mathias\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
28.06.2011, 17:59
| #7 |
| /// Malware-holic | OjL.exe Virus(SPYWARE)?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.06.2011, 18:17
| #8 |
| | OjL.exe Virus(SPYWARE)? Combofix Logfile: Code:
ATTFilter ComboFix 11-06-27.04 - Mathias 28.06.2011 19:04:46.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4092.2770 [GMT 2:00]
ausgeführt von:: c:\users\Mathias\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mathias\AppData\Roaming\Cooq\adgif.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-28 bis 2011-06-28 ))))))))))))))))))))))))))))))
.
.
2011-06-28 17:09 . 2011-06-28 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-28 16:37 . 2011-06-28 16:43 -------- d-----w- C:\_OTL
2011-06-28 15:05 . 2011-05-10 12:04 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-28 15:05 . 2011-05-10 11:59 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-28 15:05 . 2011-05-10 12:02 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-28 15:05 . 2011-05-10 11:59 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-28 15:05 . 2011-05-10 12:10 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-28 15:05 . 2011-05-10 12:04 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-28 15:05 . 2011-05-10 11:59 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-28 15:04 . 2011-06-28 16:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-06-28 15:04 . 2011-06-28 16:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-28 15:04 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-28 15:04 . 2011-05-10 12:10 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-06-28 15:04 . 2011-06-28 15:04 -------- d-----w- c:\programdata\AVAST Software
2011-06-28 15:04 . 2011-06-28 15:04 -------- d-----w- c:\program files\AVAST Software
2011-06-28 14:52 . 2011-06-28 14:52 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-28 14:48 . 2011-06-28 14:48 -------- d-----w- c:\program files\CCleaner
2011-06-28 14:46 . 2011-04-29 10:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-06-28 14:46 . 2011-06-28 14:46 -------- d-----w- c:\program files (x86)\Lavasoft
2011-06-28 14:46 . 2011-06-28 14:46 -------- d-----w- c:\programdata\Lavasoft
2011-06-28 13:55 . 2011-06-28 13:55 -------- d-----w- c:\program files (x86)\SpeedFan
2011-06-25 00:21 . 2011-06-25 00:21 -------- d-----w- c:\windows\SysWow64\Adobe
2011-06-24 16:03 . 2011-06-24 16:03 -------- d-----w- c:\program files (x86)\Pando Networks
2011-06-18 11:40 . 2011-06-18 11:45 -------- d-----w- c:\program files (x86)\Auxiliary Power
2011-06-13 19:12 . 2011-06-14 06:15 -------- d-----w- c:\programdata\boost_interprocess
2011-06-12 18:39 . 2011-06-12 18:39 -------- d-----w- c:\program files (x86)\VTFEdit
2011-06-12 16:39 . 2011-06-12 16:40 -------- d-----w- c:\program files\GIMP-2.0
2011-06-12 06:46 . 2011-04-18 10:11 179616 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2011-06-12 06:46 . 2011-06-12 06:46 -------- d-----w- c:\program files\EslWire
2011-06-12 06:46 . 2011-06-12 06:46 -------- d-----w- c:\programdata\ESL Wire
2011-06-12 00:54 . 2011-06-12 00:54 -------- d-----w- c:\windows\ehome
2011-06-12 00:54 . 2011-06-12 00:54 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2011-06-12 00:54 . 2011-06-11 19:38 -------- d-----r- c:\users\Public\Recorded TV
2011-06-11 17:23 . 2011-06-11 17:23 -------- d-----w- c:\programdata\ATI
2011-06-11 17:23 . 2011-06-11 17:23 -------- d-----w- c:\program files (x86)\AMD APP
2011-06-11 17:23 . 2011-06-11 17:23 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-06-11 17:23 . 2011-06-11 17:23 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-06-11 17:23 . 2011-06-11 17:23 -------- d-----w- c:\programdata\AMD
2011-06-11 17:23 . 2010-02-18 07:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2011-06-11 17:23 . 2011-06-11 17:23 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-06-11 17:21 . 2011-06-11 17:23 -------- d-----w- c:\program files\ATI Technologies
2011-06-11 17:20 . 2011-06-11 17:20 -------- d-----w- C:\ATI
2011-06-11 17:14 . 2011-06-11 17:14 -------- d-----w- C:\AMD
2011-06-11 16:51 . 2011-06-19 05:31 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 16:37 . 2011-06-11 16:37 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-06-11 16:32 . 2011-06-11 16:32 -------- d-----w- c:\program files (x86)\Opera
2011-06-11 16:31 . 2006-09-30 09:36 13008 ----a-w- c:\windows\system32\drivers\pstrip64.sys
2011-06-11 16:31 . 2011-06-11 16:31 -------- d-----w- c:\program files (x86)\PowerStrip
2011-06-11 16:21 . 2011-06-11 16:21 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
2011-06-11 16:18 . 2011-06-28 17:02 -------- d-----w- c:\program files (x86)\Steam
2011-06-11 16:16 . 2011-05-24 17:12 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85B9002F-5EA1-4802-B6B5-1D4D3F65D8FA}\mpengine.dll
2011-06-11 16:16 . 2011-05-24 17:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-06-11 16:02 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-06-11 16:02 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-06-11 16:02 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-06-11 16:02 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-06-11 15:43 . 2011-06-11 15:43 -------- d-----w- c:\programdata\Recovery
2011-06-11 15:10 . 2011-06-11 15:10 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
2011-06-11 15:07 . 2011-06-11 15:07 -------- d-----w- c:\windows\Hewlett-Packard
2011-06-11 15:06 . 2009-05-21 21:57 436224 ----a-w- c:\windows\system32\AESTEC64.dll
2011-06-11 15:06 . 2009-03-02 20:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2011-06-11 15:05 . 2011-06-11 15:05 -------- d-----w- c:\program files (x86)\Atheros
2011-06-11 15:04 . 2011-06-11 15:05 -------- d-----w- c:\programdata\Atheros
2011-06-11 15:04 . 2009-05-23 06:52 215040 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-06-11 15:04 . 2009-03-05 22:54 67584 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-06-11 15:04 . 2011-06-11 15:04 -------- d-----w- c:\program files (x86)\Realtek
2011-06-11 15:04 . 2011-06-28 14:46 -------- dc----w- c:\windows\system32\DRVSTORE
2011-06-11 15:04 . 2011-06-11 15:04 -------- d-----w- c:\program files (x86)\AMD
2011-06-11 15:04 . 2009-03-09 04:49 36408 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2011-06-11 15:03 . 2011-06-11 15:03 -------- d-----w- c:\program files (x86)\JMicron
2011-06-11 15:03 . 2011-06-11 15:04 -------- d-----w- c:\program files\DIFX
2011-06-11 15:03 . 2011-06-11 15:03 -------- d-----w- c:\program files\Synaptics
2011-06-11 15:01 . 2011-06-11 15:01 -------- d-----w- c:\program files\ATI
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 15:58 . 2009-10-01 18:57 588472 ----a-w- c:\windows\SysWow64\ezsvc7x.dll
2011-04-20 02:44 . 2011-04-20 02:44 9319936 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-20 02:30 . 2011-04-20 02:30 22900736 ----a-w- c:\windows\system32\atio6axx.dll
2011-04-20 02:09 . 2011-04-20 02:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 02:09 . 2011-04-20 02:09 676864 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-04-20 02:07 . 2011-04-20 02:07 795648 ----a-w- c:\windows\system32\aticfx64.dll
2011-04-20 02:07 . 2011-04-20 02:07 17693184 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-04-20 02:05 . 2011-04-20 02:05 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:04 . 2011-04-20 02:04 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-20 02:04 . 2011-04-20 02:04 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-20 02:03 . 2011-04-20 02:03 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-04-20 02:02 . 2011-04-20 02:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-04-20 02:02 . 2011-04-20 02:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-04-20 02:02 . 2011-04-20 02:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-04-20 02:02 . 2011-04-20 02:02 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-20 02:02 . 2011-04-20 02:02 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-04-20 02:02 . 2011-04-20 02:02 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-04-20 01:59 . 2011-04-20 01:59 4161536 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-04-20 01:49 . 2011-04-20 01:49 4951552 ----a-w- c:\windows\system32\atidxx64.dll
2011-04-20 01:46 . 2011-04-20 01:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-04-20 01:46 . 2011-04-20 01:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-04-20 01:46 . 2011-04-20 01:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-04-20 01:46 . 2011-04-20 01:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-04-20 01:45 . 2011-04-20 01:45 7768064 ----a-w- c:\windows\system32\aticaldd64.dll
2011-04-20 01:42 . 2011-04-20 01:42 6389760 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-04-20 01:40 . 2011-04-20 01:40 1222656 ----a-w- c:\windows\system32\atiumd6v.dll
2011-04-20 01:40 . 2011-04-20 01:40 1923584 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-04-20 01:40 . 2011-04-20 01:40 3868672 ----a-w- c:\windows\system32\atiumd6a.dll
2011-04-20 01:38 . 2011-04-20 01:38 4286464 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-04-20 01:31 . 2011-04-20 01:31 5440000 ----a-w- c:\windows\system32\atiumd64.dll
2011-04-20 01:30 . 2011-04-20 01:30 4056576 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-04-20 01:27 . 2011-04-20 01:27 58880 ----a-w- c:\windows\system32\coinst.dll
2011-04-20 01:23 . 2011-04-20 01:23 366080 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:23 . 2011-04-20 01:23 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-04-20 01:22 . 2011-04-20 01:22 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-04-20 01:22 . 2011-04-20 01:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 306176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-20 01:21 . 2011-04-20 01:21 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-04-20 01:21 . 2011-04-20 01:21 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-04-20 01:21 . 2011-04-20 01:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-04-20 01:21 . 2011-04-20 01:21 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-04-20 01:20 . 2011-04-20 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-04-19 20:10 . 2011-04-19 20:10 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-04-19 20:10 . 2011-04-19 20:10 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-04-19 20:10 . 2011-04-19 20:10 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-19 20:10 . 2011-04-19 20:10 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-04-19 20:10 . 2011-04-19 20:10 16116224 ----a-w- c:\windows\system32\amdocl64.dll
2011-04-19 20:10 . 2011-04-19 20:10 12385280 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 PStrip64;PStrip64;c:\windows\system32\drivers\pstrip64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-19 365568]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-06-28 17152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 11:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.jzip.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\wqju49zt.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-{85D36F69-13DB-B228-1A89-2DAA43DD8FAA} - c:\users\Mathias\AppData\Roaming\Cooq\adgif.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-28 19:14:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-06-28 17:14
.
Vor Suchlauf: 10 Verzeichnis(se), 265.162.575.872 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 265.047.482.368 Bytes frei
.
- - End Of File - - 26D3865500143F7E2707B5DCFF199CB8
|
|
28.06.2011, 18:27
| #9 |
| /// Malware-holic | OjL.exe Virus(SPYWARE)? download malwarebytes: Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.06.2011, 18:51
| #10 |
| | OjL.exe Virus(SPYWARE)? Malwarebytes' Anti-Malware 1.51.0.1200 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6969 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 28.06.2011 19:51:07 mbam-log-2011-06-28 (19-51-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 293513 Laufzeit: 15 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\svest\3ed979f3b58.exe (Trojan.Downloader) -> Quarantined and deleted successfully. |
|
28.06.2011, 19:06
| #11 |
| /// Malware-holic | OjL.exe Virus(SPYWARE)? hi, machst du onlinebanking, einkäufe oder sonst was wichtiges mit dem pc? privat oder beruflich)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.06.2011, 19:10
| #12 |
| | OjL.exe Virus(SPYWARE)? nein wieso? hab ich da den virus her von sowas? |
|
28.06.2011, 19:12
| #13 |
| /// Malware-holic | OjL.exe Virus(SPYWARE)? nein. aber du hast einen, der so was ausspioniert. ich persönlich würde, da das entfernen solcher malware nicht 100 %ig sicher ist, ne datensicherung vorziehen, und dann das system neu aufsetzen, heißt formatiern und windows neu instalieren. ich erkläre dir, falls nötig wie das geht. danach sichern wir das system richtig ab, auch hier zeige ich dir wies geht, dann passwörter endern.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.06.2011, 19:14
| #14 |
| | OjL.exe Virus(SPYWARE)? also angenommen ich hätte Onlinebankind oder sowas würde der Virus mir dann was machen? rein Interesse |
|
28.06.2011, 19:15
| #15 |
| /// Malware-holic | OjL.exe Virus(SPYWARE)? ja, ausspionieren, wie gesagt aber der kann auch noch mehr. websites angreifen zb (DDoS angriffe)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu OjL.exe Virus(SPYWARE)? |
| ahnung, allgemein, anderer, angemeldet, appdata, eingefangen, falsche, gefangen, gen, gucken, hänge, hängen, minute, minuten, probleme, prozess, puffern, schließe, schonmal, screen, spyware, taskmanager, videos, virus, wissen, youtube, ändern |
Linear-Darstellung
