![]() |
|
Log-Analyse und Auswertung: Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
|
![]() | #1 |
![]() | ![]() Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden Hallo zusammen, habe mich angemeldet, da ich zur Zeit nicht formatieren kann und bin über chip.de forum auf diese Seite gestossen. Beim Anmelden bei der Comdirect wurde ich aufgefordert meine TANs einzugeben. Hab darauf Avira Check gemacht und der hat Trojaner gefunden und ich habe auf <entferenen> gedrückt. Danach wurde erschien TAN Abfrage auch nicht mehr, aber ich habe natürlich dennoch bei Bank angerufen um meinen account zu sperren und neue Zugangsdaten zu erhalten. Ich bin hier im Forum schon auf ähnliche Einträge gestossen. Hoffe ihr könnt mir helfen sicherzustellen, dass mein Rechner sauber ist/wird. Kenne mich nicht gross aus mit solchen Sachen. Ich habe auch ebay und paypal account, wo Zahlungsvorgänge ja nicht mit TANs bestätigt werden müssen. Habe diese schon länger nicht genutzt und möchte nun nicht darauf zugreifen, da ich Angst habe das Trojaner noch auf dem Rechner ist. Also erstam nicht anmelden? Oder anmelden und Kennwörter ändern? |
![]() | #2 |
![]() | ![]() Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden hier die OTL text fileOTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 13.07.2011 11:08:50 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Philipp\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 65,65% Memory free 7,71 Gb Paging File | 5,99 Gb Available in Paging File | 77,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287,07 Gb Total Space | 44,41 Gb Free Space | 15,47% Space Free | Partition Type: NTFS Computer Name: PHILIPP-VAIO | User Name: Philipp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Philipp\Desktop\OTL(1).exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation) PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Philipp\Desktop\OTL(1).exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation) SRV:64bit: - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.26 11:56:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.02 00:39:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.07.08 14:09:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.09.04 01:34:28 | 000,000,000 | ---D | M] [2010.08.28 11:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions [2010.08.28 11:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.05 13:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\unyqh3go.default\extensions [2011.06.26 11:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.09.04 23:34:52 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files (x86)\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2010.09.02 12:12:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.05.02 00:38:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.19.16.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\Shell - "" = AutoRun O33 - MountPoints2\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\Shell\AutoRun\command - "" = D:\RunGame.exe O33 - MountPoints2\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\Shell - "" = AutoRun O33 - MountPoints2\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation) Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation) Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.13 11:04:46 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL(1).exe [2011.07.12 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Avira [2011.07.12 23:12:50 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.07.12 23:12:49 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.07.12 23:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.07.12 23:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.07.12 21:42:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2011.07.12 21:41:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2011.07.10 22:54:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Efusyc [2011.07.10 22:54:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Abfeaf [2011.07.06 18:46:40 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\SafeNet Sentinel [2011.06.26 19:11:55 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Yzcu [2011.06.26 19:11:55 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Qeux [2011.06.26 00:26:17 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.06.23 21:37:38 | 000,000,000 | R--D | C] -- C:\Users\Philipp\Dropbox [2011.06.23 21:34:41 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.06.23 21:34:22 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Dropbox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.13 11:04:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL(1).exe [2011.07.13 09:45:37 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.13 09:45:37 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.13 09:45:03 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.07.13 09:45:03 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.07.13 09:45:03 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.07.13 09:45:03 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.07.13 09:45:03 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.07.13 09:38:01 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2011.07.13 09:37:52 | 000,437,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.07.13 09:37:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.13 09:36:59 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys [2011.06.26 16:27:32 | 000,111,485 | ---- | M] () -- C:\Users\Philipp\Desktop\NANTES_GARE-PARIS_MONTPARNASSE_1_ET_2_27-08-11_PHILIPP_UEFFING_TWURBH_eATXFuZnTX9GZ9fYKWrE.pdf [2011.06.26 16:16:42 | 000,232,743 | ---- | M] () -- C:\Users\Philipp\Desktop\20110824-SN236175053TURHZT36285-FhuaOqZD.pdf [2011.06.26 16:16:25 | 000,231,501 | ---- | M] () -- C:\Users\Philipp\Desktop\20110824-SN236175022TURHZT30384-KNlpEsSI.pdf [2011.06.25 12:30:21 | 000,296,676 | ---- | M] () -- C:\Users\Philipp\Desktop\pdfservice.pdf [2011.06.24 21:27:56 | 000,292,678 | ---- | M] () -- C:\Users\Philipp\Desktop\20110822-SN234171622TDWICT30384-zKHh9zHR.pdf [2011.06.23 21:37:38 | 000,001,045 | ---- | M] () -- C:\Users\Philipp\Desktop\Dropbox.lnk [2011.06.23 21:34:47 | 000,001,025 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.06.17 12:35:49 | 000,116,568 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.06.17 12:35:49 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.08 14:09:53 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2011.06.26 16:27:32 | 000,111,485 | ---- | C] () -- C:\Users\Philipp\Desktop\NANTES_GARE-PARIS_MONTPARNASSE_1_ET_2_27-08-11_PHILIPP_UEFFING_TWURBH_eATXFuZnTX9GZ9fYKWrE.pdf [2011.06.26 16:16:42 | 000,232,743 | ---- | C] () -- C:\Users\Philipp\Desktop\20110824-SN236175053TURHZT36285-FhuaOqZD.pdf [2011.06.26 16:16:25 | 000,231,501 | ---- | C] () -- C:\Users\Philipp\Desktop\20110824-SN236175022TURHZT30384-KNlpEsSI.pdf [2011.06.25 12:30:21 | 000,296,676 | ---- | C] () -- C:\Users\Philipp\Desktop\pdfservice.pdf [2011.06.24 21:27:56 | 000,292,678 | ---- | C] () -- C:\Users\Philipp\Desktop\20110822-SN234171622TDWICT30384-zKHh9zHR.pdf [2011.06.23 21:37:38 | 000,001,045 | ---- | C] () -- C:\Users\Philipp\Desktop\Dropbox.lnk [2011.06.23 21:34:47 | 000,001,025 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.03.13 13:10:18 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat [2010.12.01 20:59:58 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.08.26 18:08:12 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.08.25 12:30:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.13 13:36:10 | 000,002,119 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat [2010.05.20 00:08:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.05.19 23:45:17 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010.05.19 23:45:17 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.05.19 23:45:17 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.05.19 23:45:15 | 000,050,036 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.05.19 23:45:14 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010.05.19 23:45:08 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat [2010.05.19 23:45:08 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2010.08.25 09:37:11 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\AppData\Roaming\.# [2011.07.12 21:05:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Abfeaf [2010.09.04 23:36:58 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Academic Software Zurich [2011.03.13 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite [2011.07.13 09:40:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Dropbox [2011.07.12 21:53:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Efusyc [2011.05.12 12:59:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\gtk-2.0 [2010.09.30 18:54:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech [2011.03.29 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MAXQDA10 [2010.12.01 21:58:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Opera [2011.06.26 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Qeux [2010.08.27 19:09:09 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client [2010.08.28 11:48:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Thunderbird [2010.08.26 18:09:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP [2011.06.26 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Yzcu [2011.05.20 23:35:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2011.07.13 09:36:59 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007.11.07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007.11.07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007.11.07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007.11.07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007.11.07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007.11.07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007.11.07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2010.08.25 11:17:06 | 000,723,394 | ---- | M] () -- C:\lv.log [2006.12.01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll [2011.07.13 09:36:59 | 4141,977,600 | -HS- | M] () -- C:\pagefile.sys [2010.08.13 13:29:58 | 000,002,895 | ---- | M] () -- C:\RHDSetup.log [2010.08.25 11:16:44 | 000,000,073 | -H-- | M] () -- C:\splash.idx [2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007.11.07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007.11.07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI [2010.06.14 16:30:26 | 000,004,112 | -H-- | M] () -- C:\version < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2009.07.14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009.07.14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009.07.14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.07.14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009.06.10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2009.07.10 13:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\user32.dll /md5 > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\system32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\system32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\system32\ws2help.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > |
![]() | #3 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefundenZitat:
Normalerweise empfiehlt man bei sowas eine Neuinstallation von Windows. Zitat:
__________________ |
![]() | #4 |
![]() | ![]() Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden Danke für die schnelle Antwort. Formatieren kann/möchte ich nicht, da ich zur Zeit im Ausland bin und sich jegliche Installations CDs (vor allem Word und SPSS) zu Hause befinden. Da ich die beide Programme zum täglichen arbeiten unbedingt benötige, kann ich nich formatieren. Nach dem entfernen habe ich nochmal check mit Anira (Free Version) gemacht und es hat sich - bei mehreren Versuchen - bei 26% immer aufgehänt. Daraufhin hab ich es neu installiert und bekomme das gleiche Problem. Daher kann ich den Namen der Datei leider nicht mehr posten. Alles ein wenig Stümperhaft, ich weis.. |
![]() | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #6 |
![]() | ![]() Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefundenCode:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 7111 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 13.07.2011 12:27:40 mbam-log-2011-07-13 (12-27-40).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 166936 Laufzeit: 3 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
![]() | #7 | |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefundenZitat:
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #8 |
![]() | ![]() Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden Sorry, hat nen bischen gedauert. Heutige Windows Updates haben ewig gedauert zu installieren. Ausserdem ist der Rechner auf einmal extrem langsam geworden. Öffnen von Excel, Word oder selbst pdf's dauert ewig. Thunderbird wollte erst gar nicht mehr... hier das Ergebnis des Scans Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 7111 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 13.07.2011 16:37:41 mbam-log-2011-07-13 (16-37-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|) Durchsuchte Objekte: 358797 Laufzeit: 55 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Philipp\AppData\Roaming\Qeux\ogliu.exe (Trojan.Dropper) -> Quarantined and deleted successfully. |
![]() | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden Wieso installierst du jetzt Windows-Updates? ![]() Man sollte erstmal sich auf eine Sache konzentrieren => Bereinigung! und nicht zwischendruch mitten in der Analyse und Bereinigung irgendwelche Updates aufspielen!
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #10 |
![]() | ![]() Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden ...automatische Einstellung beim Runterfahren.. |
![]() | #11 |
![]() | ![]() Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefundenCode:
ATTFilter MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: Service Pack 1 (build 7601), 64-bit Base Board Manufacturer: Sony Corporation BIOS Manufacturer: American Megatrends Inc. System Manufacturer: Sony Corporation System Product Name: VPCEB2C5E Logical Drives Mask: 0x00000074 Kernel Drivers (total 192): 0x04055000 \SystemRoot\system32\ntoskrnl.exe 0x0400C000 \SystemRoot\system32\hal.dll 0x00BB7000 \SystemRoot\system32\kdcom.dll 0x00CCE000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00D1D000 \SystemRoot\system32\PSHED.dll 0x00D31000 \SystemRoot\system32\CLFS.SYS 0x00C00000 \SystemRoot\system32\CI.dll 0x00ED9000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F7D000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F8C000 \SystemRoot\system32\drivers\ACPI.sys 0x00FE3000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00FEC000 \SystemRoot\system32\drivers\msisadrv.sys 0x00E00000 \SystemRoot\system32\drivers\pci.sys 0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys 0x00E40000 \SystemRoot\System32\drivers\partmgr.sys 0x00E55000 \SystemRoot\system32\drivers\compbatt.sys 0x00E5E000 \SystemRoot\system32\drivers\BATTC.SYS 0x00E6A000 \SystemRoot\system32\drivers\volmgr.sys 0x00D8F000 \SystemRoot\System32\drivers\volmgrx.sys 0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys 0x010F9000 \SystemRoot\system32\drivers\iaStor.sys 0x01301000 \SystemRoot\system32\drivers\atapi.sys 0x0130A000 \SystemRoot\system32\drivers\ataport.SYS 0x01334000 \SystemRoot\system32\drivers\amdxata.sys 0x0133F000 \SystemRoot\system32\drivers\fltmgr.sys 0x0138B000 \SystemRoot\system32\drivers\fileinfo.sys 0x0139F000 \SystemRoot\System32\Drivers\PxHlpa64.sys 0x0145A000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01000000 \SystemRoot\System32\Drivers\msrpc.sys 0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys 0x0105E000 \SystemRoot\System32\Drivers\cng.sys 0x0141B000 \SystemRoot\System32\drivers\pcw.sys 0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01695000 \SystemRoot\system32\drivers\ndis.sys 0x01788000 \SystemRoot\system32\drivers\NETIO.SYS 0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01858000 \SystemRoot\System32\drivers\tcpip.sys 0x01A5C000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01AA6000 \SystemRoot\system32\drivers\volsnap.sys 0x01AF2000 \SystemRoot\System32\Drivers\spldr.sys 0x01AFA000 \SystemRoot\System32\drivers\rdyboost.sys 0x01B34000 \SystemRoot\System32\Drivers\mup.sys 0x01B46000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01B4F000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01B89000 \SystemRoot\system32\drivers\disk.sys 0x01B9F000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x04648000 \SystemRoot\system32\drivers\cdrom.sys 0x04672000 \SystemRoot\System32\Drivers\Null.SYS 0x0467B000 \SystemRoot\System32\Drivers\Beep.SYS 0x04682000 \SystemRoot\System32\drivers\vga.sys 0x04690000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x046B5000 \SystemRoot\System32\drivers\watchdog.sys 0x046C5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x046CE000 \SystemRoot\system32\drivers\rdpencdd.sys 0x046D7000 \SystemRoot\system32\drivers\rdprefmp.sys 0x046E0000 \SystemRoot\System32\Drivers\Msfs.SYS 0x046EB000 \SystemRoot\System32\Drivers\Npfs.SYS 0x046FC000 \SystemRoot\system32\DRIVERS\tdx.sys 0x0471E000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x0472B000 \SystemRoot\system32\drivers\afd.sys 0x047B4000 \SystemRoot\System32\DRIVERS\netbt.sys 0x04400000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x01800000 \SystemRoot\system32\DRIVERS\pacer.sys 0x04409000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x01826000 \SystemRoot\system32\DRIVERS\netbios.sys 0x01835000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x01BDD000 \SystemRoot\system32\drivers\termdd.sys 0x0162B000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x0441F000 \SystemRoot\system32\drivers\nsiproxy.sys 0x01BF1000 \SystemRoot\system32\drivers\mssmbios.sys 0x0167C000 \SystemRoot\System32\drivers\discache.sys 0x01436000 \SystemRoot\System32\Drivers\dfsc.sys 0x017E8000 \SystemRoot\system32\drivers\blbdrive.sys 0x010D0000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x013AC000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x04AD2000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x050F7000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x04A00000 \SystemRoot\System32\drivers\dxgmms1.sys 0x04A46000 \SystemRoot\system32\drivers\HDAudBus.sys 0x04A6A000 \SystemRoot\system32\DRIVERS\HECIx64.sys 0x04A7B000 \SystemRoot\system32\drivers\usbehci.sys 0x03E3A000 \SystemRoot\system32\drivers\USBPORT.SYS 0x05238000 \SystemRoot\system32\DRIVERS\athrx.sys 0x053B5000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x053C2000 \SystemRoot\system32\drivers\sdbus.sys 0x05200000 \SystemRoot\system32\drivers\rimssne64.sys 0x05220000 \SystemRoot\system32\drivers\risdsne64.sys 0x03E90000 \SystemRoot\system32\DRIVERS\yk62x64.sys 0x053E2000 \SystemRoot\system32\drivers\i8042prt.sys 0x03EF5000 \SystemRoot\system32\drivers\kbdclass.sys 0x03F04000 \SystemRoot\system32\DRIVERS\Apfiltr.sys 0x03F48000 \SystemRoot\system32\drivers\mouclass.sys 0x03F57000 \SystemRoot\system32\drivers\SFEP.sys 0x03F5A000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x03F70000 \SystemRoot\system32\drivers\CmBatt.sys 0x03F75000 \SystemRoot\system32\drivers\CompositeBus.sys 0x03F85000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x03F9B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x03FBF000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x03FCB000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x03E00000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x04A8C000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x03E1B000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x03E35000 \SystemRoot\system32\drivers\swenum.sys 0x054B3000 \SystemRoot\system32\drivers\ks.sys 0x054F6000 \SystemRoot\system32\drivers\umbus.sys 0x05508000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x05562000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x05577000 \SystemRoot\system32\drivers\RtHDMIVX.sys 0x055AA000 \SystemRoot\system32\drivers\portcls.sys 0x05400000 \SystemRoot\system32\drivers\drmk.sys 0x05422000 \SystemRoot\system32\drivers\ksthunk.sys 0x05E8E000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x00040000 \SystemRoot\System32\win32k.sys 0x060A9000 \SystemRoot\System32\drivers\Dxapi.sys 0x060B5000 \SystemRoot\System32\Drivers\crashdmp.sys 0x0442B000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x060C3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x060D6000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x060F3000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x060F5000 \SystemRoot\System32\Drivers\usbvideo.sys 0x06123000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys 0x0612D000 \SystemRoot\system32\drivers\hidusb.sys 0x0613B000 \SystemRoot\system32\drivers\HIDCLASS.SYS 0x06154000 \SystemRoot\system32\drivers\HIDPARSE.SYS 0x0615D000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x0616A000 \SystemRoot\system32\DRIVERS\monitor.sys 0x005C0000 \SystemRoot\System32\TSDDD.dll 0x00640000 \SystemRoot\System32\cdd.dll 0x06178000 \SystemRoot\system32\drivers\luafv.sys 0x0619B000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x061BA000 \SystemRoot\system32\drivers\WudfPf.sys 0x061DB000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x05E00000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x05E53000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x05E66000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x0409C000 \SystemRoot\system32\drivers\HTTP.sys 0x04165000 \SystemRoot\system32\DRIVERS\bowser.sys 0x04183000 \SystemRoot\System32\drivers\mpsdrv.sys 0x0419B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x04000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0404E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x066CF000 \SystemRoot\system32\drivers\peauth.sys 0x06775000 \SystemRoot\System32\Drivers\secdrv.SYS 0x06780000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x067B1000 \SystemRoot\System32\drivers\tcpipreg.sys 0x06600000 \SystemRoot\System32\DRIVERS\srv2.sys 0x070C6000 \SystemRoot\System32\DRIVERS\srv.sys 0x0715E000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x0701B000 \SystemRoot\System32\Drivers\fastfat.SYS 0x07071000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x0709C000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x77280000 \Windows\System32\ntdll.dll 0x47E10000 \Windows\System32\smss.exe 0xFF5A0000 \Windows\System32\apisetschema.dll 0xFFF70000 \Windows\System32\autochk.exe 0x77180000 \Windows\System32\user32.dll 0xFF410000 \Windows\System32\urlmon.dll 0xFF390000 \Windows\System32\shlwapi.dll 0xFF1B0000 \Windows\System32\setupapi.dll 0xFF080000 \Windows\System32\rpcrt4.dll 0xFEE20000 \Windows\System32\iertutil.dll 0xFED50000 \Windows\System32\usp10.dll 0xFED20000 \Windows\System32\imm32.dll 0xFECB0000 \Windows\System32\gdi32.dll 0xFEC90000 \Windows\System32\imagehlp.dll 0x77450000 \Windows\System32\normaliz.dll 0xFDF00000 \Windows\System32\shell32.dll 0x77060000 \Windows\System32\kernel32.dll 0xFDDF0000 \Windows\System32\msctf.dll 0xFDBE0000 \Windows\System32\ole32.dll 0xFDB90000 \Windows\System32\ws2_32.dll 0xFDAF0000 \Windows\System32\comdlg32.dll 0xFDA10000 \Windows\System32\oleaut32.dll 0x77440000 \Windows\System32\psapi.dll 0xFD8E0000 \Windows\System32\wininet.dll 0xFD8C0000 \Windows\System32\sechost.dll 0xFD8B0000 \Windows\System32\lpk.dll 0xFD850000 \Windows\System32\Wldap32.dll 0xFD7D0000 \Windows\System32\difxapi.dll 0xFD730000 \Windows\System32\clbcatq.dll 0xFD690000 \Windows\System32\msvcrt.dll 0xFD680000 \Windows\System32\nsi.dll 0xFD5A0000 \Windows\System32\advapi32.dll 0xFD430000 \Windows\System32\crypt32.dll 0xFD3F0000 \Windows\System32\wintrust.dll 0xFD3B0000 \Windows\System32\cfgmgr32.dll 0xFD340000 \Windows\System32\KernelBase.dll 0xFD2A0000 \Windows\System32\comctl32.dll 0xFD280000 \Windows\System32\devobj.dll 0xFD270000 \Windows\System32\msasn1.dll 0x75BB0000 \Windows\SysWOW64\normaliz.dll Processes (total 76): 0 System Idle Process 4 System 312 C:\Windows\System32\smss.exe 480 csrss.exe 536 C:\Windows\System32\wininit.exe 560 csrss.exe 592 C:\Windows\System32\services.exe 628 C:\Windows\System32\lsass.exe 644 C:\Windows\System32\lsm.exe 652 C:\Windows\System32\winlogon.exe 772 C:\Windows\System32\svchost.exe 860 C:\Windows\System32\svchost.exe 948 C:\Windows\System32\atiesrxx.exe 992 C:\Windows\System32\svchost.exe 124 C:\Windows\System32\svchost.exe 324 C:\Windows\System32\svchost.exe 460 C:\Windows\System32\svchost.exe 1120 C:\Windows\System32\svchost.exe 1248 C:\Windows\System32\spoolsv.exe 1276 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1336 C:\Windows\System32\svchost.exe 1448 C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe 1584 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 1620 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 1672 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 1772 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 1780 C:\Windows\System32\conhost.exe 1804 C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe 1852 C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe 1940 C:\Windows\System32\atieclxx.exe 1996 C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe 1720 C:\Windows\System32\taskhost.exe 1836 C:\Windows\System32\taskeng.exe 2036 C:\Windows\System32\dwm.exe 1304 C:\Windows\explorer.exe 2132 C:\Program Files\Sony\VAIO Smart Network\VSNService.exe 2148 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe 2216 C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe 2380 WmiPrvSE.exe 2504 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 2772 C:\Program Files\Apoint\Apoint.exe 2832 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 2896 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 2928 C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe 2964 C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe 2972 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 3008 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 3252 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 3508 C:\Windows\System32\SearchIndexer.exe 3740 C:\Program Files\Sony\VAIO Power Management\SPMService.exe 3520 WUDFHost.exe 2828 C:\Windows\System32\svchost.exe 2748 C:\Windows\System32\taskeng.exe 2416 C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe 2156 C:\Program Files\Apoint\ApMsgFwd.exe 2360 C:\Program Files\Apoint\Apvfb.exe 4364 C:\Program Files\Sony\VAIO Care\VCPerfService.exe 4756 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 4824 C:\Program Files\Windows Media Player\wmpnetwk.exe 1064 C:\Program Files\Sony\VAIO Care\VCsystray.exe 4352 C:\Program Files\Sony\VAIO Care\VCService.exe 1500 C:\Program Files\Sony\VAIO Care\VCAgent.exe 4904 C:\Windows\System32\vds.exe 184 C:\Program Files\Sony\VAIO Care\Admload.exe 4572 C:\Program Files (x86)\Internet Explorer\ielowutil.exe 1928 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 4260 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 4600 C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe 4608 C:\Program Files\Sony\VAIO Care\listener.exe 1384 C:\Windows\System32\audiodg.exe 1352 C:\Windows\System32\SearchProtocolHost.exe 1648 C:\Windows\System32\SearchFilterHost.exe 3888 dllhost.exe 356 dllhost.exe 3096 C:\Users\Philipp\Desktop\MBRCheck.exe 5008 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`c1800000 (NTFS) PhysicalDrive0 Model Number: SAMSUNGHM321HI, Rev: 2AJ10001 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! |
![]() | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden Argh...naja, was will man machen... Mach bitte ein neues Custom-Log: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #13 |
![]() | ![]() Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.07.2011 17:53:32 - Run 4 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Philipp\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 59,11% Memory free 7,71 Gb Paging File | 5,86 Gb Available in Paging File | 76,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287,07 Gb Total Space | 132,65 Gb Free Space | 46,21% Space Free | Partition Type: NTFS Computer Name: PHILIPP-VAIO | User Name: Philipp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Users\Philipp\Desktop\OTL(1).exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation) PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Philipp\Desktop\OTL(1).exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation) SRV:64bit: - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.26 11:56:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.02 00:39:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.07.08 14:09:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.09.04 01:34:28 | 000,000,000 | ---D | M] [2010.08.28 11:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions [2010.08.28 11:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.05 13:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\unyqh3go.default\extensions [2011.06.26 11:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.09.04 23:34:52 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files (x86)\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2010.09.02 12:12:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.05.02 00:38:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.19.16.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\Shell - "" = AutoRun O33 - MountPoints2\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\Shell\AutoRun\command - "" = D:\RunGame.exe O33 - MountPoints2\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\Shell - "" = AutoRun O33 - MountPoints2\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.13 12:22:47 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes [2011.07.13 12:22:41 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.07.13 12:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.13 12:22:37 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.07.13 12:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.07.13 11:04:46 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL(1).exe [2011.07.12 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Avira [2011.07.12 23:12:50 | 000,123,784 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.07.12 23:12:49 | 000,088,288 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.07.12 23:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.07.12 23:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.07.12 21:42:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2011.07.12 21:41:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2011.07.10 22:54:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Efusyc [2011.07.10 22:54:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Abfeaf [2011.07.06 18:46:40 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\SafeNet Sentinel [2011.06.26 19:11:55 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Yzcu [2011.06.26 19:11:55 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Qeux [2011.06.26 00:26:17 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.06.23 21:37:38 | 000,000,000 | R--D | C] -- C:\Users\Philipp\Dropbox [2011.06.23 21:34:41 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.06.23 21:34:22 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Dropbox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.13 16:49:20 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.13 16:49:20 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.13 16:47:36 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.07.13 16:47:36 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.07.13 16:47:36 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.07.13 16:47:36 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.07.13 16:47:36 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.07.13 16:40:47 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2011.07.13 16:40:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.13 16:40:35 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys [2011.07.13 15:31:43 | 000,437,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.07.13 13:08:21 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.07.13 13:08:21 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.07.13 12:22:41 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.13 11:04:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL(1).exe [2011.06.26 16:27:32 | 000,111,485 | ---- | M] () -- C:\Users\Philipp\Desktop\NANTES_GARE-PARIS_MONTPARNASSE_1_ET_2_27-08-11_PHILIPP_UEFFING_TWURBH_eATXFuZnTX9GZ9fYKWrE.pdf [2011.06.26 16:16:42 | 000,232,743 | ---- | M] () -- C:\Users\Philipp\Desktop\20110824-SN236175053TURHZT36285-FhuaOqZD.pdf [2011.06.26 16:16:25 | 000,231,501 | ---- | M] () -- C:\Users\Philipp\Desktop\20110824-SN236175022TURHZT30384-KNlpEsSI.pdf [2011.06.25 12:30:21 | 000,296,676 | ---- | M] () -- C:\Users\Philipp\Desktop\pdfservice.pdf [2011.06.24 21:27:56 | 000,292,678 | ---- | M] () -- C:\Users\Philipp\Desktop\20110822-SN234171622TDWICT30384-zKHh9zHR.pdf [2011.06.23 21:37:38 | 000,001,045 | ---- | M] () -- C:\Users\Philipp\Desktop\Dropbox.lnk [2011.06.23 21:34:47 | 000,001,025 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.13 12:22:41 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.08 14:09:53 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2011.06.26 16:27:32 | 000,111,485 | ---- | C] () -- C:\Users\Philipp\Desktop\NANTES_GARE-PARIS_MONTPARNASSE_1_ET_2_27-08-11_PHILIPP_UEFFING_TWURBH_eATXFuZnTX9GZ9fYKWrE.pdf [2011.06.26 16:16:42 | 000,232,743 | ---- | C] () -- C:\Users\Philipp\Desktop\20110824-SN236175053TURHZT36285-FhuaOqZD.pdf [2011.06.26 16:16:25 | 000,231,501 | ---- | C] () -- C:\Users\Philipp\Desktop\20110824-SN236175022TURHZT30384-KNlpEsSI.pdf [2011.06.25 12:30:21 | 000,296,676 | ---- | C] () -- C:\Users\Philipp\Desktop\pdfservice.pdf [2011.06.24 21:27:56 | 000,292,678 | ---- | C] () -- C:\Users\Philipp\Desktop\20110822-SN234171622TDWICT30384-zKHh9zHR.pdf [2011.06.23 21:37:38 | 000,001,045 | ---- | C] () -- C:\Users\Philipp\Desktop\Dropbox.lnk [2011.06.23 21:34:47 | 000,001,025 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.03.13 13:10:18 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat [2010.12.01 20:59:58 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.08.26 18:08:12 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.08.25 12:30:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.13 13:36:10 | 000,002,119 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat [2010.05.20 00:08:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.05.19 23:45:17 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010.05.19 23:45:17 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.05.19 23:45:17 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.05.19 23:45:15 | 000,050,036 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.05.19 23:45:14 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010.05.19 23:45:08 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat [2010.05.19 23:45:08 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2010.08.25 09:37:11 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\AppData\Roaming\.# [2011.07.12 21:05:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Abfeaf [2010.09.04 23:36:58 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Academic Software Zurich [2011.03.13 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite [2011.07.13 16:43:27 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Dropbox [2011.07.12 21:53:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Efusyc [2011.05.12 12:59:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\gtk-2.0 [2010.09.30 18:54:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech [2011.03.29 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MAXQDA10 [2010.12.01 21:58:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Opera [2011.07.13 16:37:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Qeux [2010.08.27 19:09:09 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client [2010.08.28 11:48:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Thunderbird [2010.08.26 18:09:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP [2011.06.26 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Yzcu [2011.05.20 23:35:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.08.25 09:37:11 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\AppData\Roaming\.# [2011.07.12 21:05:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Abfeaf [2010.09.04 23:36:58 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Academic Software Zurich [2011.06.24 16:59:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Adobe [2010.08.25 12:30:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ArcSoft [2010.08.25 09:33:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ATI [2011.07.12 23:15:47 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Avira [2011.03.13 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite [2010.09.05 13:03:54 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DivX [2011.07.13 16:43:27 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Dropbox [2011.03.24 23:20:17 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\dvdcss [2011.07.12 21:53:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Efusyc [2010.08.25 09:37:12 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Google [2011.05.12 12:59:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\gtk-2.0 [2010.08.25 09:33:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Identities [2010.08.25 11:22:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\InstallShield [2010.08.25 09:33:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Intel Corporation [2010.09.30 18:54:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech [2010.08.25 09:36:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Macromedia [2011.07.13 12:22:47 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes [2011.03.29 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MAXQDA10 [2010.05.20 04:02:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Media Center Programs [2011.01.30 20:11:44 | 000,000,000 | --SD | M] -- C:\Users\Philipp\AppData\Roaming\Microsoft [2010.08.25 21:57:17 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mozilla [2010.12.01 21:58:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Opera [2011.07.13 16:37:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Qeux [2011.03.13 12:59:17 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Roxio [2011.07.12 17:05:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Skype [2011.04.03 13:56:43 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\skypePM [2010.08.27 19:09:09 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client [2010.08.25 09:30:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Sony Corporation [2010.08.28 11:48:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Thunderbird [2010.08.26 18:09:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP [2010.08.29 01:27:40 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\vlc [2010.11.16 23:24:22 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinRAR [2011.06.26 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Yzcu < %APPDATA%\*.exe /s > [2011.05.25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011.05.25 22:07:18 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Uninstall.exe [2010.10.04 02:31:16 | 000,000,000 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Yzcu\tiva.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_53f33454d751d4bd\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll < > < End of report > [/CODE] |
![]() | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\Shell - "" = AutoRun O33 - MountPoints2\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\Shell\AutoRun\command - "" = D:\RunGame.exe O33 - MountPoints2\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\Shell - "" = AutoRun O33 - MountPoints2\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true [2011.07.10 22:54:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Efusyc [2011.07.10 22:54:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Abfeaf [2011.06.26 19:11:55 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Yzcu [2011.06.26 19:11:55 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Qeux [2010.08.25 09:37:11 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\AppData\Roaming\.# :Commands [purity] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #15 |
![]() | ![]() Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefundenCode:
ATTFilter ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05bcd8e4-4d55-11e0-94bf-f5b2880f7800}\ not found. File D:\RunGame.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29cff944-b2e3-11df-8ad6-f07bcbe7c36b}\ not found. File "H:\WD SmartWare.exe" autoplay=true not found. C:\Users\Philipp\AppData\Roaming\Efusyc folder moved successfully. C:\Users\Philipp\AppData\Roaming\Abfeaf folder moved successfully. C:\Users\Philipp\AppData\Roaming\Yzcu folder moved successfully. C:\Users\Philipp\AppData\Roaming\Qeux folder moved successfully. C:\Users\Philipp\AppData\Roaming\.# folder moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.26.1 log created on 07132011_223726 |
![]() |
Themen zu Comdirect 100 tan Abfrage, Trojaner mit Avira Personal gefunden |
100 tan, account, angemeldet, anmelden, avira, check, chip.de, ebay, einträge, erhalte, formatieren, forum, hallo zusammen, kennwörter, länger, melden, neue, nicht mehr, paypal, personal, rechner, rojaner gefunden, seite, sperren, tan, tans, trojaner, trojaner gefunden, wörter, zusammen, ändern |