| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BOO/TDss.M - Richtig entfernt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.08.2011, 20:21
| #1 |
| |  BOO/TDss.M - Richtig entfernt? Hallo Leute, ich hatte heute 3 Funde von einem BOO/TDss.M Trojaner.. und wollte wissen ob ich es so richtig gemacht habe bzw. somit auch alles erwischt habe? Habe Kasperky TDSSKiller.exe (ist erfolgreich durchgelaufen) benutzt, danach Malwarebytes Scan gemacht einen Scan mit OTL und meine Progamme per CCleaner lasse ich hier anzeigen. Hoffe das ist alles so richtig: Hier dann die Log-Files: TDSSKiller.exe Code:
ATTFilter 2011/08/29 20:47:14.0861 2976 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/29 20:47:14.0970 2976 ================================================================================
2011/08/29 20:47:14.0970 2976 SystemInfo:
2011/08/29 20:47:14.0970 2976
2011/08/29 20:47:14.0970 2976 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/29 20:47:14.0970 2976 Product type: Workstation
2011/08/29 20:47:14.0970 2976 ComputerName: xyz-PC
2011/08/29 20:47:14.0970 2976 UserName: xyz
2011/08/29 20:47:14.0970 2976 Windows directory: C:\Windows
2011/08/29 20:47:14.0970 2976 System windows directory: C:\Windows
2011/08/29 20:47:14.0970 2976 Processor architecture: Intel x86
2011/08/29 20:47:14.0970 2976 Number of processors: 4
2011/08/29 20:47:14.0970 2976 Page size: 0x1000
2011/08/29 20:47:14.0970 2976 Boot type: Normal boot
2011/08/29 20:47:14.0970 2976 ================================================================================
2011/08/29 20:47:15.0609 2976 Initialize success
2011/08/29 20:47:32.0988 0284 ================================================================================
2011/08/29 20:47:32.0988 0284 Scan started
2011/08/29 20:47:32.0988 0284 Mode: Manual;
2011/08/29 20:47:32.0988 0284 ================================================================================
2011/08/29 20:47:34.0673 0284 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/29 20:47:34.0719 0284 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/08/29 20:47:34.0766 0284 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/08/29 20:47:34.0782 0284 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/08/29 20:47:34.0813 0284 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/08/29 20:47:34.0891 0284 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/29 20:47:34.0953 0284 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/08/29 20:47:34.0985 0284 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/29 20:47:35.0016 0284 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/08/29 20:47:35.0031 0284 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/08/29 20:47:35.0063 0284 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/08/29 20:47:35.0078 0284 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/08/29 20:47:35.0109 0284 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/08/29 20:47:35.0156 0284 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/08/29 20:47:35.0187 0284 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/08/29 20:47:35.0234 0284 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/29 20:47:35.0281 0284 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/29 20:47:35.0375 0284 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/08/29 20:47:35.0406 0284 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/29 20:47:35.0437 0284 AVMCOWAN (d730aa8494ec4c8c6c976f5eb04d3ac2) C:\Windows\system32\DRIVERS\AVMCOWAN.sys
2011/08/29 20:47:35.0484 0284 AVMPORT (02568a764ef2c37cfa6f9c471e67d475) C:\Windows\System32\drivers\avmport.sys
2011/08/29 20:47:35.0515 0284 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/29 20:47:35.0609 0284 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/29 20:47:35.0640 0284 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/29 20:47:35.0655 0284 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/29 20:47:35.0687 0284 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/29 20:47:35.0702 0284 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/29 20:47:35.0733 0284 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/29 20:47:35.0749 0284 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/29 20:47:35.0796 0284 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/29 20:47:35.0843 0284 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/29 20:47:35.0874 0284 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/29 20:47:35.0905 0284 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/08/29 20:47:35.0983 0284 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/29 20:47:36.0030 0284 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/08/29 20:47:36.0061 0284 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/08/29 20:47:36.0077 0284 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/29 20:47:36.0108 0284 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/08/29 20:47:36.0201 0284 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/29 20:47:36.0264 0284 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/29 20:47:36.0311 0284 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/29 20:47:36.0357 0284 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/29 20:47:36.0389 0284 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/29 20:47:36.0435 0284 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/29 20:47:36.0529 0284 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/08/29 20:47:36.0607 0284 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/29 20:47:36.0638 0284 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/29 20:47:36.0701 0284 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/29 20:47:36.0779 0284 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/29 20:47:36.0810 0284 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/29 20:47:36.0825 0284 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/29 20:47:36.0857 0284 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/29 20:47:36.0903 0284 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/29 20:47:36.0966 0284 FXUSBASE (f15435abc8f7f36699085019425b7828) C:\Windows\system32\DRIVERS\fxusbase.sys
2011/08/29 20:47:36.0981 0284 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/29 20:47:37.0028 0284 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/29 20:47:37.0106 0284 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/29 20:47:37.0200 0284 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/29 20:47:37.0231 0284 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/29 20:47:37.0262 0284 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/29 20:47:37.0293 0284 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/29 20:47:37.0325 0284 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/08/29 20:47:37.0418 0284 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/29 20:47:37.0449 0284 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/08/29 20:47:37.0512 0284 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/29 20:47:37.0543 0284 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/08/29 20:47:37.0590 0284 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/29 20:47:37.0683 0284 IntcAzAudAddService (251e85a3bac210fff6bad3d1f33113e8) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/29 20:47:37.0761 0284 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/29 20:47:37.0793 0284 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/29 20:47:37.0855 0284 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/29 20:47:37.0902 0284 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/29 20:47:37.0933 0284 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/29 20:47:37.0949 0284 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/29 20:47:37.0980 0284 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/08/29 20:47:38.0042 0284 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/29 20:47:38.0105 0284 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/29 20:47:38.0120 0284 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/29 20:47:38.0167 0284 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/29 20:47:38.0198 0284 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/29 20:47:38.0261 0284 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/29 20:47:38.0323 0284 LachesisFltr (5e34cd48b7eb440bb77e93528cc9f0cc) C:\Windows\system32\drivers\Lachesis.sys
2011/08/29 20:47:38.0417 0284 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/29 20:47:38.0463 0284 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/29 20:47:38.0479 0284 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/29 20:47:38.0510 0284 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/29 20:47:38.0557 0284 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/29 20:47:38.0588 0284 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/08/29 20:47:38.0604 0284 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/29 20:47:38.0651 0284 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/29 20:47:38.0666 0284 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/29 20:47:38.0697 0284 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/29 20:47:38.0713 0284 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/29 20:47:38.0744 0284 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/08/29 20:47:38.0775 0284 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/29 20:47:38.0807 0284 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/29 20:47:38.0853 0284 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/29 20:47:38.0869 0284 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/29 20:47:38.0916 0284 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/29 20:47:38.0931 0284 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/29 20:47:38.0963 0284 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/08/29 20:47:38.0978 0284 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/08/29 20:47:39.0041 0284 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/29 20:47:39.0072 0284 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/29 20:47:39.0165 0284 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/29 20:47:39.0197 0284 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/29 20:47:39.0228 0284 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/29 20:47:39.0259 0284 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/29 20:47:39.0290 0284 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/29 20:47:39.0306 0284 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/29 20:47:39.0337 0284 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/29 20:47:39.0384 0284 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/29 20:47:39.0462 0284 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/29 20:47:39.0509 0284 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/29 20:47:39.0540 0284 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/29 20:47:39.0602 0284 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/29 20:47:39.0633 0284 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/29 20:47:39.0649 0284 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/29 20:47:39.0711 0284 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/29 20:47:39.0774 0284 NETFRITZ (0f3150fd005ec87421b68484011f3f85) C:\Windows\system32\DRIVERS\NETFRITZ.SYS
2011/08/29 20:47:39.0836 0284 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/29 20:47:39.0899 0284 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/29 20:47:39.0945 0284 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/29 20:47:40.0023 0284 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/29 20:47:40.0070 0284 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/29 20:47:40.0086 0284 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/29 20:47:40.0694 0284 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/29 20:47:41.0006 0284 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/08/29 20:47:41.0037 0284 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/08/29 20:47:41.0069 0284 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/08/29 20:47:41.0178 0284 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/08/29 20:47:41.0256 0284 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/08/29 20:47:41.0303 0284 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/29 20:47:41.0349 0284 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/29 20:47:41.0396 0284 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/29 20:47:41.0427 0284 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/08/29 20:47:41.0459 0284 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/29 20:47:41.0521 0284 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/29 20:47:41.0583 0284 PinnacleStargate (0457a70415d68d2c4809ae37887d7c5b) C:\Windows\system32\DRIVERS\Stargate.sys
2011/08/29 20:47:41.0630 0284 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/29 20:47:41.0646 0284 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/08/29 20:47:41.0739 0284 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/29 20:47:41.0786 0284 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/08/29 20:47:41.0817 0284 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/29 20:47:41.0864 0284 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/29 20:47:41.0880 0284 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/29 20:47:41.0895 0284 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/29 20:47:41.0958 0284 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/29 20:47:41.0989 0284 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/29 20:47:42.0036 0284 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/29 20:47:42.0067 0284 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/29 20:47:42.0129 0284 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/08/29 20:47:42.0145 0284 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/29 20:47:42.0176 0284 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/29 20:47:42.0223 0284 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/08/29 20:47:42.0254 0284 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/29 20:47:42.0301 0284 RTL8169 (b7e1c523e2f7787d700766fc78e01f77) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/08/29 20:47:42.0332 0284 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/29 20:47:42.0379 0284 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/29 20:47:42.0410 0284 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/29 20:47:42.0473 0284 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/08/29 20:47:42.0535 0284 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/29 20:47:42.0582 0284 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/08/29 20:47:42.0613 0284 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/29 20:47:42.0629 0284 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/29 20:47:42.0644 0284 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/29 20:47:42.0675 0284 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/08/29 20:47:42.0691 0284 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/08/29 20:47:42.0722 0284 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/08/29 20:47:42.0769 0284 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/29 20:47:42.0816 0284 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/29 20:47:42.0863 0284 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/29 20:47:42.0925 0284 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/29 20:47:42.0956 0284 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/29 20:47:42.0987 0284 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/08/29 20:47:43.0034 0284 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
2011/08/29 20:47:43.0097 0284 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/29 20:47:43.0112 0284 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/29 20:47:43.0143 0284 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/29 20:47:43.0175 0284 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/29 20:47:43.0284 0284 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/08/29 20:47:43.0315 0284 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/29 20:47:43.0377 0284 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/29 20:47:43.0409 0284 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/29 20:47:43.0440 0284 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/29 20:47:43.0471 0284 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/29 20:47:43.0518 0284 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/29 20:47:43.0580 0284 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/29 20:47:43.0674 0284 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/29 20:47:43.0705 0284 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/29 20:47:43.0736 0284 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/08/29 20:47:43.0767 0284 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/29 20:47:43.0814 0284 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/29 20:47:43.0845 0284 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/08/29 20:47:43.0861 0284 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/29 20:47:43.0908 0284 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/29 20:47:43.0955 0284 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/29 20:47:44.0033 0284 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/29 20:47:44.0095 0284 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/08/29 20:47:44.0142 0284 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/29 20:47:44.0189 0284 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/29 20:47:44.0220 0284 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/29 20:47:44.0251 0284 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/29 20:47:44.0282 0284 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/08/29 20:47:44.0313 0284 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/29 20:47:44.0360 0284 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/29 20:47:44.0391 0284 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/29 20:47:44.0454 0284 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/29 20:47:44.0516 0284 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/29 20:47:44.0563 0284 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/29 20:47:44.0594 0284 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/08/29 20:47:44.0610 0284 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/08/29 20:47:44.0641 0284 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/08/29 20:47:44.0672 0284 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/29 20:47:44.0703 0284 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/29 20:47:44.0781 0284 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/29 20:47:44.0828 0284 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/08/29 20:47:44.0891 0284 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2011/08/29 20:47:44.0922 0284 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/08/29 20:47:44.0953 0284 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/29 20:47:44.0969 0284 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/08/29 20:47:45.0015 0284 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/29 20:47:45.0031 0284 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/29 20:47:45.0062 0284 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/08/29 20:47:45.0125 0284 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/29 20:47:45.0234 0284 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/29 20:47:45.0296 0284 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/29 20:47:45.0343 0284 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/29 20:47:45.0405 0284 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/08/29 20:47:45.0452 0284 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/29 20:47:45.0530 0284 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
2011/08/29 20:47:45.0577 0284 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
2011/08/29 20:47:45.0593 0284 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/08/29 20:47:45.0593 0284 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/29 20:47:45.0608 0284 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
2011/08/29 20:47:45.0624 0284 Boot (0x1200) (8e518e86d4c6892b147552d245558dc1) \Device\Harddisk2\DR2\Partition0
2011/08/29 20:47:45.0624 0284 Boot (0x1200) (b79ff65abb679da9ed9daed7d4405511) \Device\Harddisk0\DR0\Partition0
2011/08/29 20:47:45.0671 0284 Boot (0x1200) (dfbd99dc3846a0b88b4bd3e506e5ee29) \Device\Harddisk0\DR0\Partition1
2011/08/29 20:47:45.0702 0284 Boot (0x1200) (d980eeb82e20d32de6071a2245c434a8) \Device\Harddisk1\DR1\Partition0
2011/08/29 20:47:45.0717 0284 ================================================================================
2011/08/29 20:47:45.0717 0284 Scan finished
2011/08/29 20:47:45.0717 0284 ================================================================================
2011/08/29 20:47:45.0733 3088 Detected object count: 1
2011/08/29 20:47:45.0733 3088 Actual detected object count: 1
2011/08/29 20:47:57.0995 3088 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/29 20:47:57.0995 3088 \Device\Harddisk0\DR0 - ok
2011/08/29 20:47:57.0995 3088 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/29 20:48:04.0937 0880 Deinitialize success
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7606
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
29.08.2011 20:57:31
mbam-log-2011-08-29 (20-57-31).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 169943
Laufzeit: 4 Minute(n), 17 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
c:\Users\xyz\AppData\Local\KBtzSEx.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Users\xyz\AppData\Local\onahuboze.dll (Trojan.Agent.U) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ovure (Trojan.Hiloti) -> Value: Ovure -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Security Protection (Rogue.Spypro) -> Value: Security Protection -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Qvituzuzesesuzu (Trojan.Agent.U) -> Value: Qvituzuzesesuzu -> Delete on reboot.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\Users\xyz\AppData\Local\KBtzSEx.dll (Trojan.Hiloti) -> Delete on reboot.
c:\program files\pdfforge toolbar\IE\1.1.2\pdfforgetoolbarie.dll (PUP.Dealio.TB) -> Quarantined and deleted successfully.
c:\Users\xyz\AppData\Local\onahuboze.dll (Trojan.Agent.U) -> Delete on reboot.
Code:
ATTFilter OTL logfile created on: 29.08.2011 21:02:52 - Run 1 OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\xyz\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 39,06% Memory free 4,23 Gb Paging File | 2,83 Gb Available in Paging File | 66,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,31 Gb Total Space | 18,99 Gb Free Space | 9,72% Space Free | Partition Type: NTFS Drive D: | 149,03 Gb Total Space | 75,05 Gb Free Space | 50,36% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 211,06 Gb Free Space | 22,66% Space Free | Partition Type: NTFS Drive F: | 270,45 Gb Total Space | 27,97 Gb Free Space | 10,34% Space Free | Partition Type: NTFS Drive G: | 2,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: xyz-PC | User Name: xyz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xyz\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Razer\Lachesis\razerhid.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Razer\Lachesis\razerofa.exe (Razer Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Razer\Lachesis\razerhid.exe () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.) SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (DAUpdaterSvc) -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (de_serv) -- C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology) DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology) DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (LachesisFltr) -- C:\Windows\System32\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH) DRV - (PinnacleStargate) -- C:\Windows\System32\drivers\Stargate.sys (Pinnacle Systems GmbH) DRV - (FXUSBASE) -- C:\Windows\System32\drivers\fxusbase.sys (AVM Berlin) DRV - (NETFRITZ) -- C:\Windows\System32\drivers\Netfritz.sys (AVM Berlin) DRV - (AVMPORT) -- C:\Windows\System32\drivers\avmport.sys (AVM Berlin) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{486CC1D1-3F56-4879-8E5F-355A9925EA2C}: C:\Users\xyz\AppData\Local\{486CC1D1-3F56-4879-8E5F-355A9925EA2C} [2011.08.29 20:37:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.18 01:04:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.16 23:06:23 | 000,000,000 | ---D | M] [2010.04.09 04:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xyz\AppData\Roaming\mozilla\Extensions [2011.08.29 17:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xyz\AppData\Roaming\mozilla\Firefox\Profiles\mhka9t1q.default\extensions [2010.10.20 22:34:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xyz\AppData\Roaming\mozilla\Firefox\Profiles\mhka9t1q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.11 18:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.27 22:58:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.08.29 20:37:00 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\xyz\APPDATA\LOCAL\{486CC1D1-3F56-4879-8E5F-355A9925EA2C} [2011.08.18 01:04:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [1999.12.31 17:00:00 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011.06.12 11:51:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.06.12 11:51:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.06.12 11:51:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.06.12 11:51:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.06.12 11:51:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.06.12 11:51:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.16 23:58:36 | 000,435,771 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 14998 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Lachesis] C:\Programme\Razer\Lachesis\razerhid.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\xyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\xyz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\xyz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.03.06 02:24:42 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.11.02 22:00:00 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ UDF ] O33 - MountPoints2\{7e9f5347-4376-11df-a88f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7e9f5347-4376-11df-a88f-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe -- [2006.11.02 22:00:00 | 000,109,160 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.29 21:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.08.29 21:01:50 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\xyz\Desktop\OTL.exe [2011.08.29 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\xyz\AppData\Roaming\Malwarebytes [2011.08.29 20:51:54 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.08.29 20:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.29 20:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.29 20:51:49 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.08.29 20:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.08.29 20:46:13 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\xyz\Desktop\TDSSKiller.exe [2011.08.29 20:37:00 | 000,000,000 | ---D | C] -- C:\Users\xyz\AppData\Local\{486CC1D1-3F56-4879-8E5F-355A9925EA2C} [2011.08.24 21:13:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.08.10 13:21:55 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.08.10 13:21:47 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.08.10 13:21:45 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.08.10 13:21:45 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.08.10 13:21:45 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.08.10 13:21:45 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.08.10 13:21:45 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.08.10 13:21:45 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.08.10 13:21:38 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.08.10 13:21:38 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.08.01 15:08:14 | 000,679,936 | ---- | C] (ScreenTime Media) -- C:\Windows\System32\LA Noire.scr [2011.08.01 15:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Screentime [2011.08.01 15:08:10 | 000,000,000 | ---D | C] -- C:\Users\xyz\AppData\Local\Screentime [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.29 21:04:32 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.08.29 21:01:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\xyz\Desktop\OTL.exe [2011.08.29 20:59:24 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.29 20:59:24 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.29 20:59:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.29 20:59:18 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys [2011.08.29 20:56:26 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.29 20:56:26 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.29 20:56:26 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.29 20:56:26 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.29 20:51:54 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.29 20:37:02 | 000,000,120 | ---- | M] () -- C:\Users\xyz\AppData\Local\Uzudahubimu.dat [2011.08.29 20:37:02 | 000,000,000 | ---- | M] () -- C:\Users\xyz\AppData\Local\Jbetuyoyamuza.bin [2011.08.29 17:35:03 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{34FB10EA-E433-41CA-8A30-7706AB07BB36}.job [2011.08.26 00:36:34 | 000,061,775 | ---- | M] () -- C:\Users\xyz\.recently-used.xbel [2011.08.22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\xyz\Desktop\TDSSKiller.exe [2011.08.16 00:06:45 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.08.07 20:33:03 | 000,325,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.08.01 20:14:35 | 136,149,320 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.08.01 15:08:14 | 000,679,936 | ---- | M] (ScreenTime Media) -- C:\Windows\System32\LA Noire.scr [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.29 21:04:32 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.08.29 20:51:54 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.29 20:37:02 | 000,000,120 | ---- | C] () -- C:\Users\xyz\AppData\Local\Uzudahubimu.dat [2011.08.29 20:37:02 | 000,000,000 | ---- | C] () -- C:\Users\xyz\AppData\Local\Jbetuyoyamuza.bin [2011.08.29 20:35:00 | 2146,754,560 | -HS- | C] () -- C:\hiberfil.sys [2011.08.26 00:36:34 | 000,061,775 | ---- | C] () -- C:\Users\xyz [2011.07.15 18:49:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.07.15 18:49:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.07.15 17:55:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.07.14 15:54:35 | 000,000,552 | ---- | C] () -- C:\Users\xyz\AppData\Local\d3d8caps.dat [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2010.08.11 02:36:47 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\EACC5DED12.sys [2010.08.11 02:36:46 | 000,001,056 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2010.07.11 18:21:09 | 000,036,334 | ---- | C] () -- C:\Windows\DIIUnin.dat [2010.07.09 20:24:41 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2010.06.24 12:44:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.06.14 17:17:10 | 006,863,597 | ---- | C] () -- C:\Program Files\Bildschi.scr [2010.06.14 17:17:10 | 000,233,319 | ---- | C] () -- C:\Program Files\deinstallation Bildschi.exe [2010.04.12 13:55:48 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.04.09 05:40:20 | 000,093,184 | ---- | C] () -- C:\Users\xyz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.09 04:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.04.09 04:05:30 | 000,000,115 | ---- | C] () -- C:\Windows\telephon.ini [2010.04.09 03:47:05 | 000,006,912 | ---- | C] () -- C:\Windows\System32\drivers\FlashSys.sys [2010.04.09 03:34:22 | 000,001,356 | ---- | C] () -- C:\Users\xyz\AppData\Local\d3d9caps.dat [2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 17:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,325,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.08.2011 21:02:52 - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\xyz\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 39,06% Memory free
4,23 Gb Paging File | 2,83 Gb Available in Paging File | 66,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 18,99 Gb Free Space | 9,72% Space Free | Partition Type: NTFS
Drive D: | 149,03 Gb Total Space | 75,05 Gb Free Space | 50,36% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 211,06 Gb Free Space | 22,66% Space Free | Partition Type: NTFS
Drive F: | 270,45 Gb Total Space | 27,97 Gb Free Space | 10,34% Space Free | Partition Type: NTFS
Drive G: | 2,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: xyz-PC | User Name: xyz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3784390759-3954865261-2086754977-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D5B3E92-8665-44FC-8373-84DE3CAFBBC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{100350CC-249B-4569-BCBA-6A467B102A9F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D30E94DA-939E-4D46-8A8A-0169D684DB75}" = lport=6881 | protocol=6 | dir=in | name=wow |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DF4E42-AF66-4132-A098-F5FB10F3DF9E}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{0724A2AF-D548-462E-9CE5-2C6715580A50}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{07E3E6E0-D221-456E-BD71-2EDE1324EACC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0953A5C7-035C-4490-9A95-52E9B0FB8723}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{12E2E86F-9754-4298-89D2-D54B349C60F7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{13BD4702-F925-4802-9CC4-C68FB7E79C76}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{15EAD0CB-A41A-4AA7-AE14-CFF2D8EAD2CF}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{1D1E5415-9011-4459-9A91-726EEE8E83F4}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{2F484F7D-704F-4D7D-ACCD-4B86D95BD38D}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow.exe |
"{3B2C22AC-E58B-4E67-A91D-037AB9CCD706}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{3DECA71D-449F-406A-9C0D-A44B5BA30613}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{4E3BB871-E11C-41B2-A9DE-B83E52F9B477}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{501ED65F-6CB1-4B42-BF7E-1DC6E601C160}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow.exe |
"{52ADD736-95CA-46CA-B479-70898172BDA3}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{581798FB-D282-4941-9E34-2A4B4A99ABAA}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{5C7028CC-1911-440E-A223-E4D79410CB49}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5F16B22D-98F0-4213-9987-3073E2B5707A}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{728FBF64-D96F-4A37-BB68-6C6CA5B60821}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"{87681B39-8F60-4BE5-B980-B83CAFF6631D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xyz\counter-strike source\hl2.exe |
"{8AB8473E-B904-41CF-8054-6BA6F30BA611}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{9E2882A4-5915-4196-82E0-79D02BF0CDEB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A8942F68-A9AF-414D-A090-094E98F0D532}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{AB853CCF-E724-45B3-B42D-EF2C22F709DB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B5B5B223-C722-48CF-8633-5FE03BD5296E}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{BABF248F-CB9B-4576-9308-4DF7EE65A909}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"{BC8EEC8F-BA5B-4A6B-A4A1-D4E889B00EFA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C137B168-2868-4BD5-B9D4-1A7711D6CF5F}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{D07CBEAC-D557-4C38-B830-8AE92DB7582A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xyz\counter-strike source\hl2.exe |
"{D271445B-BE19-43FE-A126-9DA6BEA9F934}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{DA120216-F152-4202-80C1-07DB0F5E629B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F07DE95A-4172-408A-B328-B089D7521A7D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{AD657F9B-AECD-453A-A66A-1ABFA3EDF800}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{AE0D0234-4F94-4F6B-9D8A-592EE7DD8815}C:\program files\steam\steamapps\xyz\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xyz\team fortress 2\hl2.exe |
"TCP Query User{D5C06307-5B5C-4D22-805D-9678AAC9C434}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{E9FB85EE-9FBF-4340-82C5-9FF2E3176BCA}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{6044E343-8E82-4035-8F31-947D37459AD2}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{62F6FD0D-0709-4D10-91DC-046F75D1700F}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{8980AD1B-7EA9-420E-990C-AB4B5A2813C0}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{C3F7BD6B-2AA9-4895-B21A-E0C6BD7EA2E7}C:\program files\steam\steamapps\xyz\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xyz\team fortress 2\hl2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = LuminanceHDR 2.0.2-pre1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69FD33C-8815-46BF-9134-A643DE68F3C0}" = WinFast(R) Display Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSW" = BrettspielWelt
"CCleaner" = CCleaner
"Diablo II" = Diablo II
"DVDFab 7_is1" = DVDFab 7.0.6.7 (30/05/2010)
"EADM" = EA Download Manager
"EWE TEL" = EWE TEL-Installationsdateien entfernen
"FRITZ! 2.0" = AVM FRITZ!
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"LA Noire" = LA Noire Bildschirmschoner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSI Live Update 3" = MSI Live Update 3
"My Screen Saver" = My Screen Saver
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pen Tablet Driver" = Bamboo
"ProgDVB" = ProgDVB
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01.06.2011 16:27:58 | Computer Name = xyz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.06.2011 16:45:16 | Computer Name = xyz-PC | Source = RasClient | ID = 20227
Description =
Error - 01.06.2011 16:45:16 | Computer Name = xyz-PC | Source = RasClient | ID = 20227
Description =
Error - 01.06.2011 16:45:20 | Computer Name = xyz-PC | Source = RasClient | ID = 20227
Description =
Error - 01.06.2011 16:45:20 | Computer Name = xyz-PC | Source = RasClient | ID = 20227
Description =
Error - 01.06.2011 16:45:23 | Computer Name = xyz-PC | Source = RasClient | ID = 20227
Description =
Error - 02.06.2011 09:36:01 | Computer Name = xyz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.06.2011 09:36:01 | Computer Name = xyz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.06.2011 15:04:23 | Computer Name = xyz-PC | Source = RasClient | ID = 20227
Description =
Error - 02.06.2011 15:04:28 | Computer Name = xyz-PC | Source = RasClient | ID = 20227
Description =
[ System Events ]
Error - 29.08.2011 13:37:22 | Computer Name = xyz-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29.08.2011 13:37:22 | Computer Name = xyz-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 29.08.2011 13:37:22 | Computer Name = xyz-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29.08.2011 13:37:22 | Computer Name = xyz-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29.08.2011 13:37:22 | Computer Name = xyz-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29.08.2011 13:37:22 | Computer Name = xyz-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29.08.2011 13:38:03 | Computer Name = xyz-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29.08.2011 14:36:20 | Computer Name = xyz-PC | Source = DCOM | ID = 10016
Description =
Error - 29.08.2011 14:50:12 | Computer Name = xyz-PC | Source = DCOM | ID = 10016
Description =
Error - 29.08.2011 15:00:28 | Computer Name = xyz-PC | Source = DCOM | ID = 10016
Description =
< End of report >
Code:
ATTFilter Adobe Flash Player 10 Plugin Adobe Systems Incorporated 15.08.2011 10.3.183.5
Adobe Flash Player ActiveX Adobe Systems Incorporated 08.06.2010 9.0.124.0
Adobe Reader 9.2 - Deutsch Adobe Systems Incorporated 08.04.2010 239MB 9.2.0
Amazon MP3-Downloader 1.0.9 19.07.2011 2,56MB
Apple Application Support Apple Inc. 15.07.2011 51,0MB 1.5.2
Apple Mobile Device Support Apple Inc. 15.07.2011 22,1MB 3.4.1.2
Apple Software Update Apple Inc. 15.07.2011 2,38MB 2.1.3.127
Avira AntiVir Personal - Free Antivirus Avira GmbH 09.08.2011 96,2MB 10.2.0.700
AVM FRITZ! 08.04.2010 19,3MB
Bamboo Wacom Technology Corp. 16.01.2011 29,7MB 5.2.4-5
Bonjour Apple Inc. 15.07.2011 0,77MB 2.0.5.0
BrettspielWelt 26.09.2010 0,68MB
Call of Duty(R) 4 - Modern Warfare(TM) Activision 08.07.2010 6.386MB 1.00.0000
Canon MP Navigator 3.0 08.04.2010 17,7MB
Canon MP510 08.04.2010
CCleaner Piriform 28.08.2011 4,02MB 3.10
CDBurnerXP CDBurnerXP 11.04.2010 12,0MB 4.3.0.2054
Corel Painter X Corel Corporation 22.01.2011 303MB
Counter-Strike: Source Valve 07.11.2010 3.844MB 1.0.0.0
Diablo II 10.07.2010 1.798MB
Die Sims™ 3 Electronic Arts 09.06.2010 5.618MB 1.12.70
Dragon Age: Origins Electronic Arts, Inc. 30.09.2010 18.618MB 1.00
DVDFab 7.0.6.7 (30/05/2010) Fengtao Software Inc. 30.05.2010 37,6MB
EA Download Manager Electronic Arts, Inc. 08.06.2010 7,96MB 5.0.0.255
EWE TEL-Installationsdateien entfernen 08.04.2010
GIMP 2.6.8 11.04.2010 98,6MB
IrfanView (remove only) 08.04.2010 1,85MB
iTunes Apple Inc. 15.07.2011 144,0MB 10.3.1.55
Java(TM) 6 Update 21 Sun Microsystems, Inc. 26.09.2010 95,0MB 6.0.210
LA Noire Bildschirmschoner 31.07.2011
LEGO® Star Wars™: Die Komplette Saga LucasArts 06.01.2011 4.445MB 1.00.0000
LuminanceHDR 2.0.2-pre1 LuminanceHDR Dev Team 26.01.2011 64,5MB
Malwarebytes' Anti-Malware Version 1.51.1.1800 Malwarebytes Corporation 28.08.2011 6,71MB 1.51.1.1800
Mass Effect 2 Electronic Arts, Inc. 30.09.2010 14.111MB 1.00
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 14.07.2011 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 19.04.2010 27,8MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 14.07.2011 120,3MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 14.07.2011 24,5MB 4.0.30319
Microsoft Office Home and Student 2007 Microsoft Corporation 14.07.2011 297MB 12.0.6425.1000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 14.07.2011 0,29MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 30.07.2010 0,23MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11.04.2010 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 14.07.2011 0,58MB 9.0.30729.6161
Microsoft WSE 3.0 Runtime Microsoft Corp. 08.06.2010 0,92MB 3.0.5305.0
Mozilla Firefox 6.0 (x86 de) Mozilla 17.08.2011 34,5MB 6.0
MSI Live Update 3 08.04.2010 7,10MB
My Screen Saver 13.06.2010
NVIDIA 3D Vision Controller-Treiber 275.33 NVIDIA Corporation 13.07.2011 0,41MB 275.33
NVIDIA 3D Vision Treiber 275.33 NVIDIA Corporation 13.07.2011 21,8MB 275.33
NVIDIA Grafiktreiber 275.33 NVIDIA Corporation 13.07.2011 40,9MB 275.33
NVIDIA PhysX-Systemsoftware 9.10.0514 NVIDIA Corporation 13.07.2011 73,3MB 9.10.0514
NVIDIA Update 1.3.5 NVIDIA Corporation 13.07.2011 6,37MB 1.3.5
PDF-Viewer Tracker Software Products Ltd 08.04.2010 27,7MB 2.0.49.0
PDFCreator Frank Heindörfer, Philip Chinery 23.06.2010 25,6MB 1.0.1
pdfforge Toolbar v1.1.2 Spigot, Inc. 23.06.2010 4,99MB 1.1.2
ProgDVB 22.06.2010 42,9MB
QuickTime Apple Inc. 15.07.2011 73,7MB 7.69.80.9
Razer Lachesis Razer USA Ltd. 11.07.2011 14,7MB 1.00.0000
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista Realtek 08.04.2010 0,70MB 1.00.0000
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 08.04.2010 15,4MB 6.0.1.5473
Spybot - Search & Destroy Safer Networking Limited 05.05.2011 59,0MB 1.6.2
Star Wars Battlefront II LucasArts 06.01.2011 4.405MB 1.0
StarCraft II Blizzard Entertainment 23.04.2011 9.482MB 1.3.2.18317
Steam(TM) Valve 07.11.2010 16,6MB 1.0.0.0
System Requirements Lab 13.07.2011 1,07MB
Team Fortress 2 Valve 13.07.2011 802MB
TeamSpeak 2 RC2 Dominating Bytes Design 30.05.2010 2.0.32.60
TeamSpeak 3 Client TeamSpeak Systems GmbH 30.07.2010 27,7MB
VLC media player 1.0.5 VideoLAN Team 08.04.2010 76,1MB 1.0.5
WebTablet IE Plugin Wacom Technology Corp. 16.01.2011 1.1.0.7
WebTablet Netscape Plugin Wacom Technology Corp. 16.01.2011 0,82MB 1.1.0.5
Windows Live Essentials Microsoft Corporation 09.09.2010 43,7MB 14.0.8117.0416
Windows Live Sign-in Assistant Microsoft Corporation 09.09.2010 1,93MB 5.000.818.5
Windows Live Upload Tool Microsoft Corporation 09.09.2010 0,22MB 14.0.8014.1029
WinFast(R) Display Driver Your Company Name 08.04.2010 4,88MB 1.00.000
WinRAR 11.04.2010 3,79MB
World of Warcraft Blizzard Entertainment 16.07.2011 25.762MB 4.2.0.14333
 gruß hoshy |
|
30.08.2011, 07:08
| #2 | |||||
| /// Helfer-Team    | BOO/TDss.M - Richtig entfernt? Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Deinstalliere unter `Start→ Systemsteuereung...` Code:
ATTFilter pdfforge Toolbar - Adware -Toolbar Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Bei Installation die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen, weil damit stimmt man nämlich zu, dass Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. in diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren 2. Zitat:
3. ** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
4. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 5. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java Version 6 Update 26 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 7. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 8. reinige dein System mit Ccleaner:
9. erneut einen Scan mit OTL:
Zitat:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
30.08.2011, 15:28
| #3 |
| | BOO/TDss.M - Richtig entfernt? 1. Erledigt - Keine Ahnung wo die herkam..
__________________2. Erledigt. 3. Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7609
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
30.08.2011 13:18:52
mbam-log-2011-08-30 (13-18-52).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 393169
Laufzeit: 1 Stunde(n), 20 Minute(n), 56 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
5. Funktionierte so nicht: Code:
ATTFilter mbr.exe -t > C:\mbr.log & C:\mbr.log
Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: SAMSUNG_HD501LJ rev.CR100-12 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
1 nt!IofCallDriver[0x82C6411B] -> \Device\Harddisk0\DR0[0x85620AC8]
3 CLASSPNP[0x891A88B3] -> nt!IofCallDriver[0x82C6411B] -> [0x852CA918]
5 acpi[0x88A506BC] -> nt!IofCallDriver[0x82C6411B] -> \Device\Ide\IdeDeviceP3T0L0-3[0x852CB398]
kernel: MBR read successfully
user & kernel MBR OK
Java deinstalliert. Keine Neue Version installiert. Nutze ich eh nicht. Falls doch noch benötigt, werde ich eine aktuelle Version beziehen. 7. Ist wieder aktuell. Nutze den Adobe Reader aber eigentlich auch nicht sondern, PDF-X Change Viewer. Habe den auch geupdatet. 8. Erledigt. Kam einiges zusammen.. Code:
ATTFilter REINIGUNG komplett - (34.587 Sek)
------------------------------------------------------------------------------------------
716MB entfernt.
9. OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.08.2011 13:55:12 - Run 2 OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Schoormann\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,30% Memory free 4,23 Gb Paging File | 3,03 Gb Available in Paging File | 71,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,31 Gb Total Space | 19,78 Gb Free Space | 10,13% Space Free | Partition Type: NTFS Drive D: | 149,03 Gb Total Space | 74,76 Gb Free Space | 50,16% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 211,06 Gb Free Space | 22,66% Space Free | Partition Type: NTFS Drive F: | 270,45 Gb Total Space | 27,97 Gb Free Space | 10,34% Space Free | Partition Type: NTFS Computer Name: SCHOORMANN-PC | User Name: Schoormann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.29 21:01:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Schoormann\Desktop\OTL.exe PRC - [2011.08.18 01:04:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.07.06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.29 01:31:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.25 09:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.05.25 09:24:56 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.04.28 16:54:18 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.03 02:23:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.14 11:46:14 | 000,172,032 | ---- | M] () -- C:\Programme\Razer\Lachesis\razerhid.exe PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.18 23:33:14 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2007.08.27 07:10:20 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.06.05 10:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Programme\Razer\Lachesis\razerofa.exe ========== Modules (No Company Name) ========== MOD - [2011.08.18 01:04:08 | 001,846,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.08.16 00:06:45 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011.05.20 22:35:00 | 000,247,400 | ---- | M] () -- C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2010.03.15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.10.14 11:46:14 | 000,172,032 | ---- | M] () -- C:\Programme\Razer\Lachesis\razerhid.exe ========== Win32 Services (SafeList) ========== SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.29 01:31:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.04.28 16:54:18 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.10.13 12:41:00 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2010.10.13 12:40:54 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2003.02.24 10:27:26 | 000,196,669 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv) ========== Driver Services (SafeList) ========== DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.06.29 01:31:34 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.29 01:31:34 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.25 09:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.10.05 14:26:10 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2010.10.05 14:26:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2010.10.05 14:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.01.18 22:15:00 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007.08.08 11:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lachesis.sys -- (LachesisFltr) DRV - [2007.06.25 07:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 09:30:57 | 000,064,000 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2006.04.03 09:39:54 | 000,129,920 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Stargate.sys -- (PinnacleStargate) DRV - [2003.11.19 01:00:00 | 000,547,840 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fxusbase.sys -- (FXUSBASE) DRV - [2003.02.24 10:27:26 | 000,297,984 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Netfritz.sys -- (NETFRITZ) DRV - [2001.10.23 01:00:00 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avmport.sys -- (AVMPORT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{486CC1D1-3F56-4879-8E5F-355A9925EA2C}: C:\Users\Schoormann\AppData\Local\{486CC1D1-3F56-4879-8E5F-355A9925EA2C} [2011.08.29 20:37:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.18 01:04:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.30 13:44:59 | 000,000,000 | ---D | M] [2010.04.09 04:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schoormann\AppData\Roaming\mozilla\Extensions [2011.08.29 17:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schoormann\AppData\Roaming\mozilla\Firefox\Profiles\mhka9t1q.default\extensions [2010.10.20 22:34:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Schoormann\AppData\Roaming\mozilla\Firefox\Profiles\mhka9t1q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.08.30 13:41:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.08.29 20:37:00 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\SCHOORMANN\APPDATA\LOCAL\{486CC1D1-3F56-4879-8E5F-355A9925EA2C} [2011.08.18 01:04:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [1999.12.31 17:00:00 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011.06.12 11:51:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.06.12 11:51:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.06.12 11:51:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.06.12 11:51:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.06.12 11:51:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.06.12 11:51:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.08.29 21:18:13 | 000,435,677 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14995 more lines... O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Lachesis] C:\Programme\Razer\Lachesis\razerhid.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Schoormann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Schoormann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.03.06 02:24:42 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.30 13:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2011.08.30 13:43:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.08.29 21:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.08.29 21:01:50 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Schoormann\Desktop\OTL.exe [2011.08.29 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Roaming\Malwarebytes [2011.08.29 20:51:54 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.08.29 20:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.29 20:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.29 20:51:49 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.08.29 20:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.08.29 20:46:13 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Schoormann\Desktop\TDSSKiller.exe [2011.08.29 20:37:00 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Local\{486CC1D1-3F56-4879-8E5F-355A9925EA2C} [2011.08.24 21:13:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.08.10 13:21:55 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.08.10 13:21:47 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.08.10 13:21:45 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.08.10 13:21:45 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.08.10 13:21:45 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.08.10 13:21:45 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.08.10 13:21:45 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.08.10 13:21:45 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.08.10 13:21:38 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.08.10 13:21:38 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.08.01 15:08:14 | 000,679,936 | ---- | C] (ScreenTime Media) -- C:\Windows\System32\LA Noire.scr [2011.08.01 15:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Screentime [2011.08.01 15:08:10 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Local\Screentime [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.30 13:53:56 | 000,000,416 | ---- | M] () -- C:\cc_20110830_135354.reg [2011.08.30 13:53:45 | 000,000,550 | ---- | M] () -- C:\cc_20110830_135343.reg [2011.08.30 13:53:34 | 000,000,990 | ---- | M] () -- C:\cc_20110830_135331.reg [2011.08.30 13:53:19 | 000,041,464 | ---- | M] () -- C:\cc_20110830_135303.reg [2011.08.30 13:41:51 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.30 13:41:51 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.30 13:41:51 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.30 13:41:51 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.30 13:37:48 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe [2011.08.30 13:36:55 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.30 13:36:54 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.30 13:36:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.30 13:36:48 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys [2011.08.30 13:24:33 | 000,302,592 | ---- | M] () -- C:\Users\Schoormann\Desktop\ygjpkoqd.exe [2011.08.29 21:04:32 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.08.29 21:01:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Schoormann\Desktop\OTL.exe [2011.08.29 20:51:54 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.29 20:37:02 | 000,000,120 | ---- | M] () -- C:\Users\Schoormann\AppData\Local\Uzudahubimu.dat [2011.08.29 20:37:02 | 000,000,000 | ---- | M] () -- C:\Users\Schoormann\AppData\Local\Jbetuyoyamuza.bin [2011.08.29 17:35:03 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{34FB10EA-E433-41CA-8A30-7706AB07BB36}.job [2011.08.26 00:36:34 | 000,061,775 | ---- | M] () -- C:\Users\Schoormann\.recently-used.xbel [2011.08.22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Schoormann\Desktop\TDSSKiller.exe [2011.08.16 00:06:45 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.08.07 20:33:03 | 000,325,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.08.01 15:08:14 | 000,679,936 | ---- | M] (ScreenTime Media) -- C:\Windows\System32\LA Noire.scr [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.30 13:53:55 | 000,000,416 | ---- | C] () -- C:\cc_20110830_135354.reg [2011.08.30 13:53:44 | 000,000,550 | ---- | C] () -- C:\cc_20110830_135343.reg [2011.08.30 13:53:33 | 000,000,990 | ---- | C] () -- C:\cc_20110830_135331.reg [2011.08.30 13:53:09 | 000,041,464 | ---- | C] () -- C:\cc_20110830_135303.reg [2011.08.30 13:44:12 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011.08.30 13:38:22 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe [2011.08.30 13:25:10 | 000,302,592 | ---- | C] () -- C:\Users\Schoormann\Desktop\ygjpkoqd.exe [2011.08.29 21:04:32 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.08.29 20:51:54 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.29 20:37:02 | 000,000,120 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\Uzudahubimu.dat [2011.08.29 20:37:02 | 000,000,000 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\Jbetuyoyamuza.bin [2011.08.29 20:35:00 | 2146,754,560 | -HS- | C] () -- C:\hiberfil.sys [2011.08.26 00:36:34 | 000,061,775 | ---- | C] () -- C:\Users\Schoormann\.recently-used.xbel [2011.07.15 18:49:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.07.15 18:49:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.07.15 17:55:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.07.14 15:54:35 | 000,000,552 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\d3d8caps.dat [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2010.08.11 02:36:47 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\EACC5DED12.sys [2010.08.11 02:36:46 | 000,001,056 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2010.07.11 18:21:09 | 000,036,334 | ---- | C] () -- C:\Windows\DIIUnin.dat [2010.07.09 20:24:41 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2010.06.24 12:44:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.04.12 13:55:48 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.04.09 05:40:20 | 000,093,184 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.09 04:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.04.09 04:05:30 | 000,000,115 | ---- | C] () -- C:\Windows\telephon.ini [2010.04.09 03:47:05 | 000,006,912 | ---- | C] () -- C:\Windows\System32\drivers\FlashSys.sys [2010.04.09 03:34:22 | 000,001,356 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\d3d9caps.dat [2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 17:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,325,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.07.20 22:34:26 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Amazon [2010.09.27 02:16:13 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\BSW [2010.04.12 13:55:54 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Canneverbe Limited [2010.08.27 15:25:32 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Canon [2010.04.09 04:37:20 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\FRITZ! [2011.08.26 00:36:34 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\gtk-2.0 [2011.06.17 03:17:24 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\IrfanView [2011.08.30 13:51:55 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\TS3Client [2011.08.30 13:36:03 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.08.29 17:35:03 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{34FB10EA-E433-41CA-8A30-7706AB07BB36}.job ========== Purity Check ========== < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.08.2011 13:55:12 - Run 2
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Schoormann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,30% Memory free
4,23 Gb Paging File | 3,03 Gb Available in Paging File | 71,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 19,78 Gb Free Space | 10,13% Space Free | Partition Type: NTFS
Drive D: | 149,03 Gb Total Space | 74,76 Gb Free Space | 50,16% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 211,06 Gb Free Space | 22,66% Space Free | Partition Type: NTFS
Drive F: | 270,45 Gb Total Space | 27,97 Gb Free Space | 10,34% Space Free | Partition Type: NTFS
Computer Name: SCHOORMANN-PC | User Name: Schoormann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3784390759-3954865261-2086754977-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D5B3E92-8665-44FC-8373-84DE3CAFBBC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{100350CC-249B-4569-BCBA-6A467B102A9F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D30E94DA-939E-4D46-8A8A-0169D684DB75}" = lport=6881 | protocol=6 | dir=in | name=wow |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DF4E42-AF66-4132-A098-F5FB10F3DF9E}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{0724A2AF-D548-462E-9CE5-2C6715580A50}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{07E3E6E0-D221-456E-BD71-2EDE1324EACC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0953A5C7-035C-4490-9A95-52E9B0FB8723}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{12E2E86F-9754-4298-89D2-D54B349C60F7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{15EAD0CB-A41A-4AA7-AE14-CFF2D8EAD2CF}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{1D1E5415-9011-4459-9A91-726EEE8E83F4}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{2F484F7D-704F-4D7D-ACCD-4B86D95BD38D}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow.exe |
"{3B2C22AC-E58B-4E67-A91D-037AB9CCD706}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{4E3BB871-E11C-41B2-A9DE-B83E52F9B477}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{501ED65F-6CB1-4B42-BF7E-1DC6E601C160}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow.exe |
"{52ADD736-95CA-46CA-B479-70898172BDA3}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{581798FB-D282-4941-9E34-2A4B4A99ABAA}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{5F16B22D-98F0-4213-9987-3073E2B5707A}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{728FBF64-D96F-4A37-BB68-6C6CA5B60821}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"{87681B39-8F60-4BE5-B980-B83CAFF6631D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\schoormann\counter-strike source\hl2.exe |
"{8AB8473E-B904-41CF-8054-6BA6F30BA611}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{9E2882A4-5915-4196-82E0-79D02BF0CDEB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A8942F68-A9AF-414D-A090-094E98F0D532}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{AB853CCF-E724-45B3-B42D-EF2C22F709DB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B5B5B223-C722-48CF-8633-5FE03BD5296E}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{BABF248F-CB9B-4576-9308-4DF7EE65A909}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"{BC8EEC8F-BA5B-4A6B-A4A1-D4E889B00EFA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C137B168-2868-4BD5-B9D4-1A7711D6CF5F}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{D07CBEAC-D557-4C38-B830-8AE92DB7582A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\schoormann\counter-strike source\hl2.exe |
"{DA120216-F152-4202-80C1-07DB0F5E629B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F07DE95A-4172-408A-B328-B089D7521A7D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{AD657F9B-AECD-453A-A66A-1ABFA3EDF800}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{AE0D0234-4F94-4F6B-9D8A-592EE7DD8815}C:\program files\steam\steamapps\schoormann\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\schoormann\team fortress 2\hl2.exe |
"TCP Query User{D5C06307-5B5C-4D22-805D-9678AAC9C434}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{E9FB85EE-9FBF-4340-82C5-9FF2E3176BCA}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{6044E343-8E82-4035-8F31-947D37459AD2}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{62F6FD0D-0709-4D10-91DC-046F75D1700F}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{8980AD1B-7EA9-420E-990C-AB4B5A2813C0}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{C3F7BD6B-2AA9-4895-B21A-E0C6BD7EA2E7}C:\program files\steam\steamapps\schoormann\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\schoormann\team fortress 2\hl2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = LuminanceHDR 2.0.2-pre1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69FD33C-8815-46BF-9134-A643DE68F3C0}" = WinFast(R) Display Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSW" = BrettspielWelt
"CCleaner" = CCleaner
"Diablo II" = Diablo II
"DVDFab 7_is1" = DVDFab 7.0.6.7 (30/05/2010)
"EADM" = EA Download Manager
"EWE TEL" = EWE TEL-Installationsdateien entfernen
"FRITZ! 2.0" = AVM FRITZ!
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"LA Noire" = LA Noire Bildschirmschoner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSI Live Update 3" = MSI Live Update 3
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pen Tablet Driver" = Bamboo
"ProgDVB" = ProgDVB
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.0.5
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01.06.2011 16:27:58 | Computer Name = Schoormann-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.06.2011 16:45:16 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
Error - 01.06.2011 16:45:16 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
Error - 01.06.2011 16:45:20 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
Error - 01.06.2011 16:45:20 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
Error - 01.06.2011 16:45:23 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
Error - 02.06.2011 09:36:01 | Computer Name = Schoormann-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.06.2011 09:36:01 | Computer Name = Schoormann-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.06.2011 15:04:23 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
Error - 02.06.2011 15:04:28 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
[ System Events ]
Error - 30.08.2011 05:24:51 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
Error - 30.08.2011 05:40:31 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
Error - 30.08.2011 07:22:31 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
Error - 30.08.2011 07:31:09 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
Error - 30.08.2011 07:34:23 | Computer Name = Schoormann-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 30.08.2011 um 13:33:01 unerwartet heruntergefahren.
Error - 30.08.2011 07:35:34 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
Error - 30.08.2011 07:37:58 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
Error - 30.08.2011 07:43:49 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10005
Description =
Error - 30.08.2011 07:43:49 | Computer Name = Schoormann-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 30.08.2011 07:43:49 | Computer Name = Schoormann-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
- Wie geht's weiter? Und wie kann ich mich in Zukunft besser schützen? Sollte ich lieber zu einer Vollpreis Suite wie z.b. Kaspersky wechseln? mfg hoshy |
|
31.08.2011, 07:00
| #4 |
| /// Helfer-Team | BOO/TDss.M - Richtig entfernt? 1. Fixen mit OTL
Code:
ATTFilter :OTL
[2011.06.12 11:51:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.12 11:51:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
2011.08.29 20:37:02 | 000,000,120 | ---- | M] () -- C:\Users\Schoormann\AppData\Local\Uzudahubimu.dat
[2011.08.29 20:37:02 | 000,000,000 | ---- | M] () -- C:\Users\Schoormann\AppData\Local\Jbetuyoyamuza.bin
:Commands
[purity]
[emptytemp]
2. erneut einen Scan mit OTL:
3.
4. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
31.08.2011, 11:17
| #5 |
| | BOO/TDss.M - Richtig entfernt? 1. Code:
ATTFilter All processes killed
========== OTL ==========
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
C:\Users\Schoormann\AppData\Local\Jbetuyoyamuza.bin moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Schoormann
->Temp folder emptied: 51552292 bytes
->Temporary Internet Files folder emptied: 6942672 bytes
->Java cache emptied: 2400 bytes
->FireFox cache emptied: 283263029 bytes
->Flash cache emptied: 3090483 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 329,00 mb
OTL by OldTimer - Version 3.2.26.6 log created on 08312011_120341
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.08.2011 12:11:37 - Run 3 OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Schoormann\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,00% Memory free 4,23 Gb Paging File | 3,11 Gb Available in Paging File | 73,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,31 Gb Total Space | 82,06 Gb Free Space | 42,02% Space Free | Partition Type: NTFS Drive D: | 149,03 Gb Total Space | 75,05 Gb Free Space | 50,36% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 424,68 Gb Free Space | 45,59% Space Free | Partition Type: NTFS Drive F: | 270,45 Gb Total Space | 27,97 Gb Free Space | 10,34% Space Free | Partition Type: NTFS Computer Name: SCHOORMANN-PC | User Name: Schoormann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.29 21:01:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Schoormann\Desktop\OTL.exe PRC - [2011.08.18 01:04:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.07.06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.29 01:31:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.25 09:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.05.25 09:24:56 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.04.28 16:54:18 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.03 02:23:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.14 11:46:14 | 000,172,032 | ---- | M] () -- C:\Programme\Razer\Lachesis\razerhid.exe PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.18 23:33:14 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2007.08.27 07:10:20 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.06.05 10:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Programme\Razer\Lachesis\razerofa.exe ========== Modules (No Company Name) ========== MOD - [2011.08.18 01:04:08 | 001,846,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.05.20 22:35:00 | 000,247,400 | ---- | M] () -- C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2010.03.15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.10.14 11:46:14 | 000,172,032 | ---- | M] () -- C:\Programme\Razer\Lachesis\razerhid.exe ========== Win32 Services (SafeList) ========== SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.29 01:31:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.04.28 16:54:18 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.10.13 12:41:00 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2010.10.13 12:40:54 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2003.02.24 10:27:26 | 000,196,669 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv) ========== Driver Services (SafeList) ========== DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.06.29 01:31:34 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.29 01:31:34 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.25 09:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.10.05 14:26:10 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2010.10.05 14:26:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2010.10.05 14:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.01.18 22:15:00 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007.08.08 11:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lachesis.sys -- (LachesisFltr) DRV - [2007.06.25 07:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 09:30:57 | 000,064,000 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2006.04.03 09:39:54 | 000,129,920 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Stargate.sys -- (PinnacleStargate) DRV - [2003.11.19 01:00:00 | 000,547,840 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fxusbase.sys -- (FXUSBASE) DRV - [2003.02.24 10:27:26 | 000,297,984 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Netfritz.sys -- (NETFRITZ) DRV - [2001.10.23 01:00:00 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avmport.sys -- (AVMPORT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{486CC1D1-3F56-4879-8E5F-355A9925EA2C}: C:\Users\Schoormann\AppData\Local\{486CC1D1-3F56-4879-8E5F-355A9925EA2C} [2011.08.29 20:37:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.18 01:04:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.30 17:21:48 | 000,000,000 | ---D | M] [2010.04.09 04:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schoormann\AppData\Roaming\mozilla\Extensions [2011.08.29 17:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schoormann\AppData\Roaming\mozilla\Firefox\Profiles\mhka9t1q.default\extensions [2010.10.20 22:34:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Schoormann\AppData\Roaming\mozilla\Firefox\Profiles\mhka9t1q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.08.30 13:41:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.08.29 20:37:00 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\SCHOORMANN\APPDATA\LOCAL\{486CC1D1-3F56-4879-8E5F-355A9925EA2C} [2011.08.18 01:04:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2000.01.01 03:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011.06.12 11:51:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.06.12 11:51:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.06.12 11:51:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.06.12 11:51:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2011.08.29 21:18:13 | 000,435,677 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14995 more lines... O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Lachesis] C:\Programme\Razer\Lachesis\razerhid.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Schoormann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Schoormann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.03.06 02:24:42 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.31 12:03:41 | 000,000,000 | ---D | C] -- C:\_OTL [2011.08.31 00:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.08.30 22:12:13 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Roaming\Thunderbird [2011.08.30 22:12:13 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Local\Thunderbird [2011.08.30 18:12:37 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\Documents\gegl-0.0 [2011.08.30 17:43:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Schoormann\AppData\Roaming\pcouffin.sys [2011.08.30 17:43:41 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Roaming\Vso [2011.08.30 17:43:41 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\Documents\PcSetup [2011.08.30 17:41:32 | 000,000,000 | R--D | C] -- C:\Users\Schoormann\Favorites [2011.08.30 17:00:23 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.08.30 17:00:23 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.08.30 17:00:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.08.30 17:00:22 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.08.30 17:00:22 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.08.30 17:00:22 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.08.30 17:00:22 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.08.30 17:00:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.08.30 17:00:22 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.08.30 17:00:22 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.08.30 17:00:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.08.30 17:00:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.08.30 17:00:21 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.08.30 17:00:21 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.08.30 17:00:21 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.08.30 17:00:21 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.08.30 17:00:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.08.30 17:00:21 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.08.30 17:00:21 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.08.30 17:00:21 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.08.30 17:00:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.08.30 17:00:21 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.08.30 17:00:21 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.08.30 17:00:21 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.08.30 17:00:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.08.30 17:00:20 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.08.30 17:00:20 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.08.30 17:00:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.08.30 17:00:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.08.30 17:00:20 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.08.30 17:00:20 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.08.30 17:00:20 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.08.30 17:00:20 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.08.30 17:00:20 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.08.30 17:00:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.08.30 17:00:20 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.08.30 17:00:20 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.08.30 16:23:58 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Local\Tracker Software [2011.08.30 16:23:40 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Roaming\Tracker Software [2011.08.30 13:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2011.08.30 13:43:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.08.29 21:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.08.29 21:01:50 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Schoormann\Desktop\OTL.exe [2011.08.29 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Roaming\Malwarebytes [2011.08.29 20:51:54 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.08.29 20:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.29 20:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.29 20:51:49 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.08.29 20:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.08.29 20:46:13 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Schoormann\Desktop\TDSSKiller.exe [2011.08.29 20:37:00 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Local\{486CC1D1-3F56-4879-8E5F-355A9925EA2C} [2011.08.24 21:13:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.08.10 13:21:55 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.08.10 13:21:38 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.08.10 13:21:38 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.08.01 15:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Screentime [2011.08.01 15:08:10 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Local\Screentime ========== Files - Modified Within 30 Days ========== [2011.08.31 12:10:41 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.31 12:10:41 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.31 12:10:41 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.31 12:10:41 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.31 12:06:14 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.31 12:06:14 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.31 12:06:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.30 23:55:50 | 000,057,274 | ---- | M] () -- C:\Users\Schoormann\.recently-used.xbel [2011.08.30 17:43:42 | 000,087,608 | ---- | M] () -- C:\Users\Schoormann\AppData\Roaming\inst.exe [2011.08.30 17:43:42 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Schoormann\AppData\Roaming\pcouffin.sys [2011.08.30 17:43:42 | 000,007,887 | ---- | M] () -- C:\Users\Schoormann\AppData\Roaming\pcouffin.cat [2011.08.30 17:43:42 | 000,001,144 | ---- | M] () -- C:\Users\Schoormann\AppData\Roaming\pcouffin.inf [2011.08.30 17:37:50 | 000,095,232 | ---- | M] () -- C:\Users\Schoormann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.30 17:00:29 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.08.30 17:00:29 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.08.30 17:00:23 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.08.30 17:00:23 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.08.30 17:00:23 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.08.30 17:00:22 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.08.30 17:00:22 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.08.30 17:00:22 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.08.30 17:00:22 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.08.30 17:00:22 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.08.30 17:00:22 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.08.30 17:00:22 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.08.30 17:00:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.08.30 17:00:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.08.30 17:00:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.08.30 17:00:21 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.08.30 17:00:21 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.08.30 17:00:21 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.08.30 17:00:21 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.08.30 17:00:21 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.08.30 17:00:21 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.08.30 17:00:21 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.08.30 17:00:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.08.30 17:00:21 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.08.30 17:00:21 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.08.30 17:00:21 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.08.30 17:00:21 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.08.30 17:00:20 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.08.30 17:00:20 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.08.30 17:00:20 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.08.30 17:00:20 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.08.30 17:00:20 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.08.30 17:00:20 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.08.30 17:00:20 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.08.30 17:00:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.08.30 17:00:20 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.08.30 17:00:20 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.08.30 17:00:20 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.08.30 17:00:20 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.08.30 17:00:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.08.30 13:53:56 | 000,000,416 | ---- | M] () -- C:\cc_20110830_135354.reg [2011.08.30 13:53:45 | 000,000,550 | ---- | M] () -- C:\cc_20110830_135343.reg [2011.08.30 13:53:34 | 000,000,990 | ---- | M] () -- C:\cc_20110830_135331.reg [2011.08.30 13:53:19 | 000,041,464 | ---- | M] () -- C:\cc_20110830_135303.reg [2011.08.30 13:37:48 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe [2011.08.30 13:24:33 | 000,302,592 | ---- | M] () -- C:\Users\Schoormann\Desktop\ygjpkoqd.exe [2011.08.29 21:04:32 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.08.29 21:01:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Schoormann\Desktop\OTL.exe [2011.08.29 20:51:54 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.29 20:37:02 | 000,000,120 | ---- | M] () -- C:\Users\Schoormann\AppData\Local\Uzudahubimu.dat [2011.08.22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Schoormann\Desktop\TDSSKiller.exe [2011.08.16 00:06:45 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.08.07 20:33:03 | 000,325,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011.08.30 23:55:50 | 000,057,274 | ---- | C] () -- C:\Users\Schoormann\.recently-used.xbel [2011.08.30 17:43:42 | 000,087,608 | ---- | C] () -- C:\Users\Schoormann\AppData\Roaming\inst.exe [2011.08.30 17:43:42 | 000,007,887 | ---- | C] () -- C:\Users\Schoormann\AppData\Roaming\pcouffin.cat [2011.08.30 17:43:42 | 000,001,144 | ---- | C] () -- C:\Users\Schoormann\AppData\Roaming\pcouffin.inf [2011.08.30 17:00:21 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.08.30 13:53:55 | 000,000,416 | ---- | C] () -- C:\cc_20110830_135354.reg [2011.08.30 13:53:44 | 000,000,550 | ---- | C] () -- C:\cc_20110830_135343.reg [2011.08.30 13:53:33 | 000,000,990 | ---- | C] () -- C:\cc_20110830_135331.reg [2011.08.30 13:53:09 | 000,041,464 | ---- | C] () -- C:\cc_20110830_135303.reg [2011.08.30 13:44:12 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011.08.30 13:38:22 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe [2011.08.30 13:25:10 | 000,302,592 | ---- | C] () -- C:\Users\Schoormann\Desktop\ygjpkoqd.exe [2011.08.29 21:04:32 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.08.29 20:51:54 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.29 20:37:02 | 000,000,120 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\Uzudahubimu.dat [2011.07.15 18:49:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.07.15 18:49:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.07.15 17:55:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.07.14 15:54:35 | 000,000,552 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\d3d8caps.dat [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2010.08.11 02:36:47 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\EACC5DED12.sys [2010.08.11 02:36:46 | 000,001,056 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2010.07.11 18:21:09 | 000,036,334 | ---- | C] () -- C:\Windows\DIIUnin.dat [2010.07.09 20:24:41 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2010.06.24 12:44:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.04.12 13:55:48 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.04.09 05:40:20 | 000,095,232 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.09 04:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.04.09 04:05:30 | 000,000,115 | ---- | C] () -- C:\Windows\telephon.ini [2010.04.09 03:47:05 | 000,006,912 | ---- | C] () -- C:\Windows\System32\drivers\FlashSys.sys [2010.04.09 03:34:22 | 000,001,356 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\d3d9caps.dat [2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 17:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,325,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.07.20 22:34:26 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Amazon [2010.09.27 02:16:13 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\BSW [2010.04.12 13:55:54 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Canneverbe Limited [2010.08.27 15:25:32 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Canon [2010.04.09 04:37:20 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\FRITZ! [2011.08.30 23:55:50 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\gtk-2.0 [2011.06.17 03:17:24 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\IrfanView [2011.08.30 22:12:14 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Thunderbird [2011.08.30 16:23:40 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Tracker Software [2011.08.30 13:51:55 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\TS3Client [2011.08.30 17:43:42 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Vso [2011.08.31 12:05:13 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.08.2011 12:11:37 - Run 3
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Schoormann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,00% Memory free
4,23 Gb Paging File | 3,11 Gb Available in Paging File | 73,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 82,06 Gb Free Space | 42,02% Space Free | Partition Type: NTFS
Drive D: | 149,03 Gb Total Space | 75,05 Gb Free Space | 50,36% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 424,68 Gb Free Space | 45,59% Space Free | Partition Type: NTFS
Drive F: | 270,45 Gb Total Space | 27,97 Gb Free Space | 10,34% Space Free | Partition Type: NTFS
Computer Name: SCHOORMANN-PC | User Name: Schoormann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3784390759-3954865261-2086754977-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D5B3E92-8665-44FC-8373-84DE3CAFBBC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{100350CC-249B-4569-BCBA-6A467B102A9F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D30E94DA-939E-4D46-8A8A-0169D684DB75}" = lport=6881 | protocol=6 | dir=in | name=wow |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0724A2AF-D548-462E-9CE5-2C6715580A50}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{07E3E6E0-D221-456E-BD71-2EDE1324EACC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0953A5C7-035C-4490-9A95-52E9B0FB8723}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{12E2E86F-9754-4298-89D2-D54B349C60F7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{15EAD0CB-A41A-4AA7-AE14-CFF2D8EAD2CF}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{2F484F7D-704F-4D7D-ACCD-4B86D95BD38D}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow.exe |
"{3B2C22AC-E58B-4E67-A91D-037AB9CCD706}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{4E3BB871-E11C-41B2-A9DE-B83E52F9B477}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{501ED65F-6CB1-4B42-BF7E-1DC6E601C160}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow.exe |
"{52ADD736-95CA-46CA-B479-70898172BDA3}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{5F16B22D-98F0-4213-9987-3073E2B5707A}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{728FBF64-D96F-4A37-BB68-6C6CA5B60821}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"{87681B39-8F60-4BE5-B980-B83CAFF6631D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\schoormann\counter-strike source\hl2.exe |
"{9E2882A4-5915-4196-82E0-79D02BF0CDEB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A8942F68-A9AF-414D-A090-094E98F0D532}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{AB853CCF-E724-45B3-B42D-EF2C22F709DB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BABF248F-CB9B-4576-9308-4DF7EE65A909}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"{BC8EEC8F-BA5B-4A6B-A4A1-D4E889B00EFA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D07CBEAC-D557-4C38-B830-8AE92DB7582A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\schoormann\counter-strike source\hl2.exe |
"{DA120216-F152-4202-80C1-07DB0F5E629B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F07DE95A-4172-408A-B328-B089D7521A7D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{AD657F9B-AECD-453A-A66A-1ABFA3EDF800}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{AE0D0234-4F94-4F6B-9D8A-592EE7DD8815}C:\program files\steam\steamapps\schoormann\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\schoormann\team fortress 2\hl2.exe |
"TCP Query User{D5C06307-5B5C-4D22-805D-9678AAC9C434}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{E9FB85EE-9FBF-4340-82C5-9FF2E3176BCA}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{6044E343-8E82-4035-8F31-947D37459AD2}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{62F6FD0D-0709-4D10-91DC-046F75D1700F}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{8980AD1B-7EA9-420E-990C-AB4B5A2813C0}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{C3F7BD6B-2AA9-4895-B21A-E0C6BD7EA2E7}C:\program files\steam\steamapps\schoormann\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\schoormann\team fortress 2\hl2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69FD33C-8815-46BF-9134-A643DE68F3C0}" = WinFast(R) Display Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Diablo II" = Diablo II
"EADM" = EA Download Manager
"FRITZ! 2.0" = AVM FRITZ!
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSI Live Update 3" = MSI Live Update 3
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pen Tablet Driver" = Bamboo
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.1.11
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01.06.2011 16:45:16 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
Error - 01.06.2011 16:45:20 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
Error - 01.06.2011 16:45:20 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
Error - 01.06.2011 16:45:23 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
Error - 02.06.2011 09:36:01 | Computer Name = Schoormann-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.06.2011 09:36:01 | Computer Name = Schoormann-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.06.2011 15:04:23 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
Error - 02.06.2011 15:04:28 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
Error - 03.06.2011 10:31:21 | Computer Name = Schoormann-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.06.2011 10:31:21 | Computer Name = Schoormann-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 30.08.2011 07:35:34 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
Error - 30.08.2011 07:37:58 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
Error - 30.08.2011 07:43:49 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10005
Description =
Error - 30.08.2011 07:43:49 | Computer Name = Schoormann-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 30.08.2011 07:43:49 | Computer Name = Schoormann-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 30.08.2011 11:20:15 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
Error - 30.08.2011 16:01:10 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
Error - 31.08.2011 05:58:18 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
Error - 31.08.2011 06:03:42 | Computer Name = Schoormann-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 31.08.2011 06:07:18 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
< End of report >
- Rest folgt gleich.. |
|
31.08.2011, 12:07
| #6 |
| | BOO/TDss.M - Richtig entfernt? 3. Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/31/2011 at 01:05 PM
Application Version : 5.0.1118
Core Rules Database Version : 7624
Trace Rules Database Version: 5436
Scan type : Complete Scan
Total Scan Time : 00:42:41
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator
Memory items scanned : 625
Memory threats detected : 0
Registry items scanned : 37547
Registry threats detected : 0
File items scanned : 51105
File threats detected : 2
Adware.Tracking Cookie
acvs.mediaonenetwork.net [ D:\DOKUMENTE UND EINSTELLUNGEN\SCHOORMANN\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BCUWCNHZ ]
D:\DOKUMENTE UND EINSTELLUNGEN\SCHOORMANN\COOKIES\SCHOORMANN@ATWOLA[1].TXT
Weitere Logs folgen sobald fertig. |
|
31.08.2011, 13:36
| #7 |
| | BOO/TDss.M - Richtig entfernt? Der ESET Scanner läuft noch .. dauert ganz schön. Wie könnte ich denn die Partition D:\ formatieren? Über die Systemverwaltung funktioniert das nicht. Kein Zugriffmöglich. Müsste ich über die Vista CD booten und dort D:\ löschen? Eigentlich ist das ja unsinn das sich dort alter Krempel lagert.. |
|
31.08.2011, 17:32
| #8 |
| | BOO/TDss.M - Richtig entfernt? ESET Log Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=ded0ff27d450db439cba443374305389
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-31 12:58:58
# local_time=2011-08-31 02:58:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 92875 51329546 35721 0
# compatibility_mode=5892 16776638 100 95 4037027 152321818 0 0
# compatibility_mode=8192 67108863 100 0 99 99 0 0
# scanned=207733
# found=1
# cleaned=1
# scan_time=6447
D:\Dokumente und Einstellungen\Schoormann\Eigene Dateien\eMule - Kopie\eMule\Incoming\Crack\ProcessWatch.exe probably a variant of Win32/TrojanDropper.Delf.ECUIPRQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Wie gesagt, die Partition möchte ich dann noch formatieren. Ansonsten scheint das Vista wieder sauber zu sein?! Sehe ich das richtig? Anfühlen tut sich der Rechner wie immer.. Gruß Hoshy Ein kleines Problem habe ich noch.. Irgendwie hat sich meine Schriftart im Mailprogramm geändert, das war vor dem fixen und reparieren nicht so.. Grüne Kästen zeigen die richtige Schrift, Der rote das was neu und imho falsch ist: |
|
01.09.2011, 05:37
| #9 | |
| /// Helfer-Team | BOO/TDss.M - Richtig entfernt?Zitat:
Da das Installieren von Raubkopien ist eine ziemlich sichere Methode, ein Rechner zu infizieren  - Ich beführte dass Du Dein Problem 100%ig lösen kannst, wenn du dein System neu installierst, da geht`s um: Code:
ATTFilter D:\Dokumente und Einstellungen\Schoormann\Eigene Dateien\eMule - Kopie\eMule\Incoming\Crack\ProcessWatch.exe
** Du solltest in so einem Fall mal dein Konsummuster überdenken  Weil dein Verhalten damit dem deutschen Recht unterliegt, wird den Support an dieser Stelle von unsere Seite aus beendet. Also am besten ist es, Du Sicherst deiner Daten (ohne cracks & Keygens!) und machst eine komplette Neuinstallation des Rechners, das ist der schnellste und sauberste lösung! Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von... -> Forumregel!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
01.09.2011, 12:30
| #10 |
| | BOO/TDss.M - Richtig entfernt? Aha, ist ja super wie meine Beiträge gelesen wurden... meine Frage zum formatieren wurde auch nicht beantwortet.. Als ob ich einfach so die HDD formatieren könnte.. tztz.. dann wär das Teil ja Weg gewesen... |
|
02.09.2011, 04:36
| #11 | |
| /// Helfer-Team | BOO/TDss.M - Richtig entfernt? meinst die Frage hier?: Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
02.09.2011, 08:16
| #12 |
| | BOO/TDss.M - Richtig entfernt? Also meinte Aktive Partition mit der ich arbeite, surfe und alles andere mache ist Partition C:\ auf der liegt Vista. Die Partition D:\ ist 6 - 7 Jahre alt. Auf der liegt XP. Mit der habe ich ewig nicht gearbeitet (ca. 4 Jahre). Und hatte bis dato, keine wirkliche Ahnung was da noch drauf ist. Ich kann die Festplatte aber nicht einfach über die Verwaltung->Datenträgerverwaltung formatieren. Es kommt immer eine Fehlermeldung. "á la die Systempartition kann nicht formatiert werden." Ich müsste also das irgendwie anders machen.. Wahrscheinlich über die Vista CD und das Boot Menü? Richtig? Ich habe auf meiner Vista Partition, keinerlei illegale Software.. Cracks oder sonstigen Schwachsinn. Ich habe immer sehr darauf geachtet, was ich an meinen PC veranstalte. Fühle mich deshalb bisschen von der Seite angefahren, bzgl. meines "Konsumverhalten". gruß hoshy |
|
02.09.2011, 16:13
| #13 |
| /// Helfer-Team | BOO/TDss.M - Richtig entfernt? Mit Windows CD booten und die gewünschte Partition auswählen
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu BOO/TDss.M - Richtig entfernt? |
| antivir, application/pdf, application/pdf:, autorun, avira, bho, bonjour, boo/tdss.m, browser, call of duty, canon, cdburnerxp, counter-strike source, entfernt?, error, excel.exe, firefox, flash player, helper, home, install.exe, kaspersky, logfile, mbamservice.exe, microsoft office word, mozilla, nvidia update, object, office 2007, pdfforge toolbar, plug-in, pup.dealio.tb, realtek, recycle.bin, registry, rootkit, rootkit.win32.tdss.tdl4, safer networking, scan, sched.exe, security, security update, senden, shell32.dll, shortcut, software, start menu, super, svchost.exe, tablet, teamspeak, tracker, trojan.agent.u, version=1.0, vista |
.
Linear-Darstellung
