|
Plagegeister aller Art und deren Bekämpfung: Trojaner in $recycle.binWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.09.2011, 17:59 | #1 | ||
| Trojaner in $recycle.bin Hatte in den letzten 2-3 Jahren kaum Probleme mit Spyware und Trojanern weil ich mich durchaus zu Usern zählen kann die mit Köpfchen surfen und nicht stur auf links klicken... Jedoch hat mich dan heute ein scan mit Escan stutzig gemacht. Zitat:
Im Web hab ich mich kurz schlau gemacht und gesehen, dass ich nicht der erste bin der im $recycle.bin ordner spyware hat. Wie soll ich nun vorgehen? Zitat:
Geändert von Harn33 (16.09.2011 um 18:40 Uhr) |
17.09.2011, 04:50 | #2 | ||
/// Helfer-Team | Trojaner in $recycle.bin Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
2. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
17.09.2011, 18:20 | #3 |
| Trojaner in $recycle.bin danke, malwarebytes habe ich schon im 1. post gepostet
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.09.2011 19:09:11 - Run 1 OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Alain\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 5.99 Gb Total Physical Memory | 4.01 Gb Available Physical Memory | 66.88% Memory free 11.98 Gb Paging File | 9.41 Gb Available in Paging File | 78.55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119.14 Gb Total Space | 25.72 Gb Free Space | 21.58% Space Free | Partition Type: NTFS Drive D: | 4.34 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 931.51 Gb Total Space | 22.42 Gb Free Space | 2.41% Space Free | Partition Type: NTFS Computer Name: ADMIN-PC | User Name: Alain | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Alain\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Razer\Lycosa\razertra.exe () PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe () PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe () PRC - C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Windows\SysWOW64\brss01a.exe (brother Industries Ltd) PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.) PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe () PRC - C:\Program Files (x86)\Gamers.IRC\mirc.exe (mIRC Co. Ltd.) PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe (Razer Inc.) PRC - C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Razer\Lycosa\razertra.exe () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuvp_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libswscale_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_directx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvcd_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsubtitle_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvobsub_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscale_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfreetype_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibmpeg2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirect3d_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblinear_resampler_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_i420_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_ymga_mmx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdrawable_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdemux_cdg_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_ymga_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libavcodec_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libavi_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libblend_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_float_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_directory_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_fake_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_file_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () MOD - C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe () MOD - C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () MOD - C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe () MOD - C:\Program Files (x86)\LG Soft India\forteManager\bin\MonitorGerRes.dll () MOD - C:\Program Files (x86)\LG Soft India\forteManager\bin\ApplicationManager.dll () MOD - C:\Program Files (x86)\LG Soft India\forteManager\bin\ACRHOOK.dll () MOD - C:\Program Files (x86)\LG Soft India\forteManager\bin\ProtocolEngine.dll () MOD - C:\Program Files (x86)\LG Soft India\forteManager\bin\DeviceManager.dll () MOD - C:\Program Files (x86)\LG Soft India\forteManager\bin\ErrorHandler.dll () MOD - C:\Program Files (x86)\Gamers.IRC\bin\dll\tbwin.dll () MOD - C:\Program Files (x86)\Gamers.IRC\bin\dll\dmu.dll () MOD - C:\Program Files (x86)\Gamers.IRC\bin\dll\systray.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_2da1ebd.dll () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (Brother XP spl Service) -- C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0) -- C:\Windows\SysNative\drivers\CamDrL64.sys (Logitech Inc.) DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (LGII2CDevice) -- C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys () DRV - (LGDDCDevice) -- C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys () DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 CE 10 D3 AD 70 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.ch" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.5 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.6 FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Alain\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.08 09:47:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.02 22:13:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.14\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.09.14 19:00:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.10.16 17:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alain\AppData\Roaming\mozilla\Extensions [2010.10.16 17:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alain\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.09.09 10:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alain\AppData\Roaming\mozilla\Firefox\Profiles\t8558adv.default\extensions [2010.02.04 23:57:31 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Alain\AppData\Roaming\mozilla\Firefox\Profiles\t8558adv.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2011.07.29 16:42:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alain\AppData\Roaming\mozilla\Firefox\Profiles\t8558adv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.07.29 16:42:10 | 000,000,000 | ---D | M] (YouTube mp3) -- C:\Users\Alain\AppData\Roaming\mozilla\Firefox\Profiles\t8558adv.default\extensions\info@youtube-mp3.org [2011.08.29 17:36:45 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Alain\AppData\Roaming\mozilla\Firefox\Profiles\t8558adv.default\extensions\netvideohunter@netvideohunter.com [2011.08.28 13:43:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.07.24 13:54:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.12.18 13:25:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.01 00:23:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.08.28 13:43:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERS\ALAIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T8558ADV.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERS\ALAIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T8558ADV.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2011.09.08 09:47:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.08.19 10:38:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.19 10:38:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.08.19 10:38:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.08.19 10:38:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.19 10:38:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.19 10:38:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.16 12:17:34 | 000,000,887 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 q4master.idsoftware.com O1 - Hosts: 127.0.0.1 idnet.ua-corp.com O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe () O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.60.61.246 212.60.63.246 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61DD43CE-708E-4CF7-9530-05D419311561}: DhcpNameServer = 212.60.61.246 212.60.63.246 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74020BD5-2502-4AAB-A78F-2B4124B2B943}: DhcpNameServer = 192.168.201.14 192.168.201.17 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0c0cdad5-0cd0-11df-a625-002618926e02}\Shell - "" = AutoRun O33 - MountPoints2\{0c0cdad5-0cd0-11df-a625-002618926e02}\Shell\AutoRun\command - "" = 0 O33 - MountPoints2\{4a96950d-e251-11de-ac51-002618926e02}\Shell - "" = AutoRun O33 - MountPoints2\{4a96950d-e251-11de-ac51-002618926e02}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{7380f583-2744-11de-b7c3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7380f583-2744-11de-b7c3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe O33 - MountPoints2\{8c7833f4-e1cb-11de-acf9-002618926e02}\Shell - "" = AutoRun O33 - MountPoints2\{8c7833f4-e1cb-11de-acf9-002618926e02}\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.17 19:08:35 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\Alain\Desktop\OTL.exe [2011.09.16 18:47:23 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Roaming\Malwarebytes [2011.09.16 18:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.16 18:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.16 18:47:16 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.09.16 18:47:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.09.16 16:24:56 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe [2011.09.16 16:24:56 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe [2011.09.16 15:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.09.16 15:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2011.09.16 15:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.09.12 16:49:39 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL [2011.09.12 16:49:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe [2011.09.12 16:49:39 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE [2011.09.12 16:49:39 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe [2011.09.12 16:46:39 | 000,626,688 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll [2011.09.12 16:46:39 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll [2011.09.12 16:46:38 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2011.09.12 16:46:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld [2011.09.12 16:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld [2011.09.10 19:11:18 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps [2011.09.10 17:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.09.02 22:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.09.02 22:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2011.08.30 16:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.08.30 16:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.08.30 16:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.08.30 16:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.08.30 16:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.08.30 16:25:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2011.08.28 18:38:43 | 000,000,000 | ---D | C] -- C:\Users\Alain\Desktop\gproxy [2011.08.28 13:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.08.28 13:43:32 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.08.28 13:43:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.08.28 13:43:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.08.24 20:18:30 | 013,601,280 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll [1 C:\Users\Alain\*.tmp files -> C:\Users\Alain\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.17 19:08:17 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Alain\Desktop\OTL.exe [2011.09.17 13:36:56 | 000,015,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.17 13:36:56 | 000,015,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.17 13:33:55 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.09.17 13:33:55 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.09.17 13:33:55 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.09.17 13:33:55 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.09.17 13:33:55 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.09.17 13:29:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.17 13:29:40 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys [2011.09.17 13:29:39 | 000,128,876 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2011.09.16 19:03:17 | 000,331,874 | ---- | M] () -- C:\Users\Alain\Documents\pinfect.zip [2011.09.16 18:47:19 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.16 16:24:55 | 000,000,056 | ---- | M] () -- C:\Windows\Lic.xxx [2011.09.12 16:49:55 | 000,001,030 | ---- | M] () -- C:\Users\Alain\Desktop\MWAVSCAN.lnk [2011.09.12 16:46:38 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll [2011.09.12 16:46:37 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2011.09.07 19:36:58 | 000,072,654 | ---- | M] () -- C:\Users\Alain\Desktop\Grigorius.jpg [2011.09.06 22:39:30 | 000,017,408 | ---- | M] () -- C:\Users\Alain\AppData\Local\WebpageIcons.db [2011.09.02 22:13:18 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.09.02 22:12:06 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.09.02 19:39:40 | 000,073,570 | ---- | M] () -- C:\Users\Alain\Desktop\150838_463238334194_666414194_5602343_6846610_n.jpg [2011.09.02 16:09:05 | 000,000,539 | ---- | M] () -- C:\Users\Alain\Desktop\gproxy.exe.lnk [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.08.30 17:14:53 | 002,144,486 | ---- | M] () -- C:\Users\Alain\Desktop\IMG_0011.JPG [2011.08.30 16:26:59 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.08.30 16:24:36 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf [2011.08.30 14:26:38 | 001,438,552 | ---- | M] () -- C:\Users\Alain\Desktop\IMG_0015.JPG [2011.08.24 20:19:10 | 000,056,320 | ---- | M] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.08.24 20:18:30 | 013,601,280 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll [2011.08.22 15:09:46 | 000,753,005 | ---- | M] () -- C:\Users\Alain\Desktop\ramp.jpg [1 C:\Users\Alain\*.tmp files -> C:\Users\Alain\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.16 18:47:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.12 18:19:13 | 000,331,874 | ---- | C] () -- C:\Users\Alain\Documents\pinfect.zip [2011.09.12 16:49:55 | 000,001,030 | ---- | C] () -- C:\Users\Alain\Desktop\MWAVSCAN.lnk [2011.09.12 16:46:54 | 000,000,056 | ---- | C] () -- C:\Windows\Lic.xxx [2011.09.02 22:13:18 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.09.02 22:13:18 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.09.02 19:39:39 | 000,073,570 | ---- | C] () -- C:\Users\Alain\Desktop\150838_463238334194_666414194_5602343_6846610_n.jpg [2011.09.02 16:09:05 | 000,000,539 | ---- | C] () -- C:\Users\Alain\Desktop\gproxy.exe.lnk [2011.08.30 17:14:42 | 002,144,486 | ---- | C] () -- C:\Users\Alain\Desktop\IMG_0011.JPG [2011.08.30 17:14:10 | 001,438,552 | ---- | C] () -- C:\Users\Alain\Desktop\IMG_0015.JPG [2011.08.30 16:26:59 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.08.24 20:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.08.22 15:09:46 | 000,753,005 | ---- | C] () -- C:\Users\Alain\Desktop\ramp.jpg [2011.08.19 10:38:17 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.06.27 16:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.04.27 22:49:20 | 000,046,742 | ---- | C] () -- C:\Users\Alain\AppData\Roaming\room.dat [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.11.07 10:21:27 | 000,000,279 | ---- | C] () -- C:\Windows\game.ini [2010.09.05 17:21:15 | 000,093,988 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2010.04.05 14:42:45 | 000,090,112 | ---- | C] () -- C:\Windows\RSetupCE.exe [2010.04.01 22:37:09 | 000,000,023 | ---- | C] () -- C:\Windows\SysWow64\sysmwwod.dll [2010.03.09 23:09:27 | 000,017,408 | ---- | C] () -- C:\Users\Alain\AppData\Local\WebpageIcons.db [2010.03.01 21:35:54 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.01.26 16:39:49 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2009.12.22 16:04:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.12.16 14:22:51 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini [2009.12.16 14:22:50 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.12.16 14:22:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.12.08 13:04:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.12.05 22:32:23 | 000,024,593 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.12.05 16:58:15 | 000,162,474 | ---- | C] () -- C:\Windows\War3Unin.dat [2009.12.04 12:14:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS < End of report > |
17.09.2011, 18:23 | #4 |
| Trojaner in $recycle.bin Extra-Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.09.2011 19:09:13 - Run 1 OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Alain\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 5.99 Gb Total Physical Memory | 4.01 Gb Available Physical Memory | 66.88% Memory free 11.98 Gb Paging File | 9.41 Gb Available in Paging File | 78.55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119.14 Gb Total Space | 25.72 Gb Free Space | 21.58% Space Free | Partition Type: NTFS Drive D: | 4.34 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 931.51 Gb Total Space | 22.42 Gb Free Space | 2.41% Space Free | Partition Type: NTFS Computer Name: ADMIN-PC | User Name: Alain | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{26F8AE36-AC4D-A641-9BA5-8ED97E74CC51}" = ccc-utility64 "{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}" = O&O Defrag Professional "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support "{4A35302C-A6D3-DDE5-38BA-55E7BABA9670}" = AMD Catalyst Install Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4C315AA1-CD49-F046-0166-90D2DAE156DB}" = ATI AVIVO64 Codecs "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08 "{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BF7810F5-8413-09CF-FC2B-594AAEFF0CBE}" = ATI Problem Report Wizard "{C5823264-8DFC-6E63-9D69-A35B1A98B537}" = AMD Media Foundation Decoders "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch "{17C515BE-9EA8-BB8C-28FB-13731C5FD301}" = Catalyst Control Center "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch "{246C9716-CB18-492E-8679-5A88B9F73C68}_is1" = Fast MP3 Cutter Joiner v2.7 build 1296 "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26 "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM) "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{46376BAF-996E-410E-82B2-5D9E61820E6D}" = Moorhuhn Kart 3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™ "{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5C785836-A576-444B-9DD0-74E878695A56}" = CCC Help English "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration "{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor "{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite DCP-115C "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{D975B47A-B542-453E-29E8-0707A1B9CC21}" = HydraVision "{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa "{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch "{E25E9970-864D-2AE6-70A2-51D9C6FEF480}" = Catalyst Control Center InstallProxy "{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{e708247f-0f08-4ba3-9ece-a6f97c8096bb}" = Nero 9 Trial "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{E8F817ED-7F1D-05A5-1374-C6D115BC9051}" = Catalyst Control Center Graphics Previews Common "{EE3E60BC-F29F-4E7B-A110-B538387D34DA}" = NO ONE LIVES FOREVER - GAME OF THE YEAR EDITION "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acky's XP Breakout Pocket PC" = Acky's XP Breakout Pocket PC "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Akamai" = Akamai NetSession Interface "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BlackShot" = BlackShot Á¦°Å "DotAzilla" = DotAzilla "ENTERPRISE" = Microsoft Office Enterprise 2007 "F.E.A.R. 3_is1" = F.E.A.R. 3 "FLV Player" = FLV Player 2.0 (build 25) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free Audio Dub_is1" = Free Audio Dub version 1.5 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "G-Alarm_is1" = G-Alarm 2.1.2 "Gamers.IRC" = Gamers.IRC 5.30 "GFWL_{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™ "HijackThis" = HijackThis 2.0.2 "Host OpenAL (ADI)" = Host OpenAL (ADI) "ICCup Launcher_is1" = ICCup Launcher "InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch "InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "InstallShield_{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch "InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de) "Mozilla Thunderbird (3.1.14)" = Mozilla Thunderbird (3.1.14) "MP3 WAV WMA Converter" = MP3 WAV WMA Converter "OpenAL" = OpenAL "Postal 2_is1" = Portal 2 "RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.118 "Resco Diamonds" = Resco Diamonds "Resco Sokoban" = Resco Sokoban "Resco Sudoku Touch" = Resco Sudoku Touch "Soldat_is1" = Soldat 1.5.0 "Steam App 10" = Counter-Strike "Steam App 240" = Counter-Strike: Source "SUPER ©" = SUPER © Version 2010.bld.39 (Oct 24, 2010) "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamViewer 5" = TeamViewer 5 "TreeSize Professional_is1" = TreeSize Professional V5.4.4 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.3 "Warcraft III" = Warcraft III "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "Worms Armageddon" = Worms Armageddon "Worms Reloaded Update 1_is1" = Worms Reloaded Update 1 "Worms Reloaded Update 2_is1" = Worms Reloaded Update 2 "Worms Reloaded_is1" = Worms Reloaded "Zattoo" = Zattoo 3.3.4 Beta "Zattoo4" = Zattoo4 4.0.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Advanced Archive Password Recovery" = Advanced Archive Password Recovery "Facebook Plug-In" = Facebook Plug-In "GameRanger" = GameRanger "TeamSpeak 3 Client" = TeamSpeak 3 Client "Warcraft III" = Warcraft III: All Products ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 17.09.2011 13:03:21 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/17 19:03:21.412]: [00003588]: lperrcode->api = 3 , lperrcode->code = 2 Error - 17.09.2011 13:05:31 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/17 19:05:31.413]: [00003588]: lperrcode->api = 3 , lperrcode->code = 2 Error - 17.09.2011 13:05:39 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/17 19:05:39.527]: [00003588]: lperrcode->api = 3 , lperrcode->code = 2 Error - 17.09.2011 13:07:48 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/17 19:07:48.412]: [00003588]: lperrcode->api = 3 , lperrcode->code = 2 Error - 17.09.2011 13:07:55 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 17.09.2011 13:07:56 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/17 19:07:56.454]: [00003588]: lperrcode->api = 3 , lperrcode->code = 2 Error - 17.09.2011 13:09:12 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/17 19:09:12.715]: [00003588]: lperrcode->api = 3 , lperrcode->code = 2 Error - 17.09.2011 13:09:14 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/17 19:09:14.215]: [00003588]: lperrcode->api = 3 , lperrcode->code = 2 Error - 17.09.2011 13:09:17 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/17 19:09:17.427]: [00003588]: lperrcode->api = 3 , lperrcode->code = 2 Error - 17.09.2011 13:11:08 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/17 19:11:08.412]: [00003588]: lperrcode->api = 3 , lperrcode->code = 2 [ System Events ] Error - 02.10.2010 06:20:07 | Computer Name = Admin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB2158563) Error - 02.10.2010 06:20:07 | Computer Name = Admin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Update für die Kompatibilitätsansichtsliste für Internet Explorer*8 für Windows 7 für x64-basierte Systeme (KB2362765) Error - 02.10.2010 06:24:58 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 03.10.2010 05:15:38 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 15.10.2010 15:40:34 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 16.10.2010 05:32:21 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 17.10.2010 04:38:53 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 19.10.2010 13:01:30 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 23.10.2010 11:08:48 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 24.10.2010 05:58:11 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. < End of report > |
17.09.2011, 18:27 | #5 | |
| Trojaner in $recycle.bin Und zum schluss noch das log vom CCcleaner Zitat:
|
18.09.2011, 06:03 | #6 | |
/// Helfer-Team | Trojaner in $recycle.bin 1. Mache bitte ein Rechtsklick auf den AntiVir-Schirm in der Taskleiste → AntiVir starten → Übersicht → Ereignisse jeden Fund markieren → Rechtsklick auf Funde → Ereignis(se) exportieren und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten. 2. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java Version 6 Update 26 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 3. ALTE VERSION!!!: Code:
ATTFilter Logfile of HijackThis 2.0.2 also lösche/deinstalliere HijackThis "2.0.2." und lade Dir erneut von hier TrendMicro™ HijackThis™/Version 2.0.4 herunter 4. wird benötigt?: Zitat:
Fixen mit OTL
Code:
ATTFilter :OTL O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0c0cdad5-0cd0-11df-a625-002618926e02}\Shell - "" = AutoRun O33 - MountPoints2\{0c0cdad5-0cd0-11df-a625-002618926e02}\Shell\AutoRun\command - "" = 0 O33 - MountPoints2\{4a96950d-e251-11de-ac51-002618926e02}\Shell - "" = AutoRun O33 - MountPoints2\{4a96950d-e251-11de-ac51-002618926e02}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{7380f583-2744-11de-b7c3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7380f583-2744-11de-b7c3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe O33 - MountPoints2\{8c7833f4-e1cb-11de-acf9-002618926e02}\Shell - "" = AutoRun O33 - MountPoints2\{8c7833f4-e1cb-11de-acf9-002618926e02}\Shell\AutoRun\command - "" = F:\Autorun.exe [2011.09.10 17:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" =- "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" =- "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" =- "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" =- "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" =- "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" =- "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" =- "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" =- :Commands [purity] [emptytemp]
6. erneut einen Scan mit OTL:
7.
8. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< ► Bemerkung: Ich würde dem Programm nicht vertrauen, da meistens die angeblichen Funde nicht nachvollziehbar sind bzw oft Fehldiagnose ausgibt ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ --> Trojaner in $recycle.bin |
18.09.2011, 12:02 | #7 | |
| Trojaner in $recycle.bin antivir-ergebnisse: Zitat:
|
18.09.2011, 12:19 | #8 |
| Trojaner in $recycle.bin Java und HijackThis aktualisiert ob ich das Facebookplugin benötige weiss ich nicht, Ich benütze Facebook mit Firefox aber ob es da ein plugin braucht bin ich überfragt OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.09.2011 13:13:56 - Run 2 OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Alain\Desktop\OTL 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 5.99 Gb Total Physical Memory | 4.23 Gb Available Physical Memory | 70.59% Memory free 11.98 Gb Paging File | 9.93 Gb Available in Paging File | 82.87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119.14 Gb Total Space | 25.10 Gb Free Space | 21.07% Space Free | Partition Type: NTFS Drive D: | 4.34 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 931.51 Gb Total Space | 65.22 Gb Free Space | 7.00% Space Free | Partition Type: NTFS Computer Name: ADMIN-PC | User Name: Alain | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.17 19:08:17 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Alain\Desktop\OTL\OTL.exe PRC - [2011.09.08 09:47:23 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.07.31 12:56:28 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.04.13 11:46:28 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Razer\Lycosa\razertra.exe PRC - [2010.01.12 16:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2009.10.12 19:13:20 | 000,226,816 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe PRC - [2009.10.12 12:13:06 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe PRC - [2009.10.08 15:41:14 | 000,232,960 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Lycosa\razerhid.exe PRC - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.07.22 01:00:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brss01a.exe PRC - [2009.05.18 14:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe PRC - [2009.03.30 16:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe PRC - [2008.12.12 16:29:42 | 001,687,552 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe PRC - [2007.02.14 12:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe PRC - [2004.06.14 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brsvc01a.exe ========== Modules (No Company Name) ========== MOD - [2011.09.08 09:47:23 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.04.13 11:46:28 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Razer\Lycosa\razertra.exe MOD - [2009.10.12 19:13:20 | 000,226,816 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe MOD - [2009.10.12 12:13:06 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll MOD - [2008.12.12 16:29:42 | 001,687,552 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe MOD - [2008.12.12 16:29:00 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\MonitorGerRes.dll MOD - [2008.12.12 16:28:14 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\ApplicationManager.dll MOD - [2008.12.12 16:27:56 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\ACRHOOK.dll MOD - [2008.12.12 16:27:56 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\ProtocolEngine.dll MOD - [2008.12.12 16:27:50 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\DeviceManager.dll MOD - [2008.12.12 16:27:44 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\ErrorHandler.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.07.28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.11.25 08:47:08 | 003,152,200 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.06.05 11:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.07.31 12:56:28 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.29 01:47:10 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_2da1ebd.dll -- (Akamai) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010.06.22 22:37:00 | 003,440,232 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.12 16:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009.12.05 14:55:43 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2004.06.14 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\brsvc01a.exe -- (Brother XP spl Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.07.31 12:56:28 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.31 12:56:28 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.07.28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009.12.05 17:28:20 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.09.30 16:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.30 13:45:52 | 000,020,352 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa) DRV:64bit: - [2009.09.28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.09.11 13:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2009.09.11 13:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2009.09.11 13:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2009.09.11 13:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 11:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.27 02:23:54 | 000,019,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132) DRV:64bit: - [2008.09.17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64) DRV:64bit: - [2007.02.03 11:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2007.02.03 11:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0) DRV:64bit: - [2005.11.07 15:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DB3G.sys -- (Razerlow) DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.12.12 16:27:46 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice) DRV - [2008.12.12 16:27:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice) DRV - [2005.01.03 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 CE 10 D3 AD 70 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.ch" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.5 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.6 FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Alain\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.08 09:47:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.02 22:13:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.14\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.09.14 19:00:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.10.16 17:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alain\AppData\Roaming\mozilla\Extensions [2010.10.16 17:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alain\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.09.09 10:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alain\AppData\Roaming\mozilla\Firefox\Profiles\t8558adv.default\extensions [2010.02.04 23:57:31 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Alain\AppData\Roaming\mozilla\Firefox\Profiles\t8558adv.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2011.07.29 16:42:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alain\AppData\Roaming\mozilla\Firefox\Profiles\t8558adv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.07.29 16:42:10 | 000,000,000 | ---D | M] (YouTube mp3) -- C:\Users\Alain\AppData\Roaming\mozilla\Firefox\Profiles\t8558adv.default\extensions\info@youtube-mp3.org [2011.08.29 17:36:45 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Alain\AppData\Roaming\mozilla\Firefox\Profiles\t8558adv.default\extensions\netvideohunter@netvideohunter.com [2011.09.18 13:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.07.24 13:54:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.12.18 13:25:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.01 00:23:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.09.18 13:04:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} () (No name found) -- C:\USERS\ALAIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T8558ADV.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERS\ALAIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T8558ADV.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2011.09.08 09:47:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.09.18 13:04:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.08.19 10:38:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.19 10:38:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.08.19 10:38:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.08.19 10:38:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.19 10:38:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.19 10:38:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.16 12:17:34 | 000,000,887 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 q4master.idsoftware.com O1 - Hosts: 127.0.0.1 idnet.ua-corp.com O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe () O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.60.61.246 212.60.63.246 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61DD43CE-708E-4CF7-9530-05D419311561}: DhcpNameServer = 212.60.61.246 212.60.63.246 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74020BD5-2502-4AAB-A78F-2B4124B2B943}: DhcpNameServer = 192.168.201.14 192.168.201.17 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.18 13:11:55 | 000,000,000 | ---D | C] -- C:\Users\Alain\Desktop\OTL [2011.09.18 13:07:48 | 000,000,000 | ---D | C] -- C:\_OTL [2011.09.18 13:06:40 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.09.18 13:05:34 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2011.09.18 13:05:34 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2011.09.18 13:05:34 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2011.09.18 13:05:34 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2011.09.18 13:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.09.18 13:05:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.09.18 13:04:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.09.18 13:04:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.09.18 13:04:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.09.18 13:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2011.09.17 22:05:06 | 000,000,000 | ---D | C] -- C:\Users\Alain\.system32 [2011.09.17 21:43:02 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DotAlicious Gaming Client [2011.09.17 21:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DotAlicious Gaming Client [2011.09.17 21:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari [2011.09.16 18:47:23 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Roaming\Malwarebytes [2011.09.16 18:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.16 18:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.16 18:47:16 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.09.16 18:47:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.09.16 16:24:56 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe [2011.09.16 16:24:56 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe [2011.09.16 15:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.09.16 15:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2011.09.16 15:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.09.12 16:49:39 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL [2011.09.12 16:49:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe [2011.09.12 16:49:39 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE [2011.09.12 16:49:39 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe [2011.09.12 16:46:39 | 000,626,688 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll [2011.09.12 16:46:39 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll [2011.09.12 16:46:38 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2011.09.12 16:46:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld [2011.09.12 16:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld [2011.09.10 19:11:18 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps [2011.09.02 22:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.09.02 22:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2011.08.30 16:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.08.30 16:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.08.30 16:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.08.30 16:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.08.30 16:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.08.30 16:25:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2011.08.28 18:38:43 | 000,000,000 | ---D | C] -- C:\Users\Alain\Desktop\gproxy [2011.08.24 20:18:30 | 013,601,280 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll [1 C:\Users\Alain\*.tmp files -> C:\Users\Alain\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.18 13:10:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.18 13:10:25 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys [2011.09.18 13:10:22 | 000,131,428 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2011.09.18 13:06:40 | 000,002,975 | ---- | M] () -- C:\Users\Alain\Desktop\HiJackThis.lnk [2011.09.18 13:05:24 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2011.09.18 13:05:24 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2011.09.18 13:05:24 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2011.09.18 13:05:24 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2011.09.18 13:04:46 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.09.18 13:04:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.09.18 13:04:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.09.18 13:04:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.09.18 12:56:17 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.09.18 12:53:45 | 000,015,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.18 12:53:45 | 000,015,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.18 12:51:00 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.09.18 12:51:00 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.09.18 12:51:00 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.09.18 12:51:00 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.09.18 12:51:00 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.09.17 20:51:05 | 000,476,924 | ---- | M] () -- C:\Users\Alain\Desktop\123.jpg [2011.09.17 20:28:00 | 004,167,646 | ---- | M] () -- C:\Users\Alain\Desktop\New1.mp3 [2011.09.16 19:03:17 | 000,331,874 | ---- | M] () -- C:\Users\Alain\Documents\pinfect.zip [2011.09.16 18:47:19 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.16 16:24:55 | 000,000,056 | ---- | M] () -- C:\Windows\Lic.xxx [2011.09.12 16:49:55 | 000,001,030 | ---- | M] () -- C:\Users\Alain\Desktop\MWAVSCAN.lnk [2011.09.12 16:46:38 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll [2011.09.12 16:46:37 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2011.09.07 19:36:58 | 000,072,654 | ---- | M] () -- C:\Users\Alain\Desktop\Grigorius.jpg [2011.09.06 22:39:30 | 000,017,408 | ---- | M] () -- C:\Users\Alain\AppData\Local\WebpageIcons.db [2011.09.02 22:13:18 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.09.02 22:12:06 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.09.02 19:39:40 | 000,073,570 | ---- | M] () -- C:\Users\Alain\Desktop\150838_463238334194_666414194_5602343_6846610_n.jpg [2011.09.02 16:09:05 | 000,000,539 | ---- | M] () -- C:\Users\Alain\Desktop\gproxy.exe.lnk [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.08.30 17:14:53 | 002,144,486 | ---- | M] () -- C:\Users\Alain\Desktop\IMG_0011.JPG [2011.08.30 16:26:59 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.08.30 16:24:36 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf [2011.08.30 14:26:38 | 001,438,552 | ---- | M] () -- C:\Users\Alain\Desktop\IMG_0015.JPG [2011.08.24 20:19:10 | 000,056,320 | ---- | M] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.08.24 20:18:30 | 013,601,280 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll [2011.08.22 15:09:46 | 000,753,005 | ---- | M] () -- C:\Users\Alain\Desktop\ramp.jpg [1 C:\Users\Alain\*.tmp files -> C:\Users\Alain\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.18 13:06:40 | 000,002,975 | ---- | C] () -- C:\Users\Alain\Desktop\HiJackThis.lnk [2011.09.17 21:34:19 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2011.09.17 20:51:05 | 000,476,924 | ---- | C] () -- C:\Users\Alain\Desktop\123.jpg [2011.09.17 20:27:51 | 004,167,646 | ---- | C] () -- C:\Users\Alain\Desktop\New1.mp3 [2011.09.16 18:47:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.12 18:19:13 | 000,331,874 | ---- | C] () -- C:\Users\Alain\Documents\pinfect.zip [2011.09.12 16:49:55 | 000,001,030 | ---- | C] () -- C:\Users\Alain\Desktop\MWAVSCAN.lnk [2011.09.12 16:46:54 | 000,000,056 | ---- | C] () -- C:\Windows\Lic.xxx [2011.09.02 22:13:18 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.09.02 22:13:18 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.09.02 19:39:39 | 000,073,570 | ---- | C] () -- C:\Users\Alain\Desktop\150838_463238334194_666414194_5602343_6846610_n.jpg [2011.09.02 16:09:05 | 000,000,539 | ---- | C] () -- C:\Users\Alain\Desktop\gproxy.exe.lnk [2011.08.30 17:14:42 | 002,144,486 | ---- | C] () -- C:\Users\Alain\Desktop\IMG_0011.JPG [2011.08.30 17:14:10 | 001,438,552 | ---- | C] () -- C:\Users\Alain\Desktop\IMG_0015.JPG [2011.08.30 16:26:59 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.08.24 20:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.08.22 15:09:46 | 000,753,005 | ---- | C] () -- C:\Users\Alain\Desktop\ramp.jpg [2011.06.27 16:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.04.27 22:49:20 | 000,046,742 | ---- | C] () -- C:\Users\Alain\AppData\Roaming\room.dat [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.11.07 10:21:27 | 000,000,279 | ---- | C] () -- C:\Windows\game.ini [2010.09.05 17:21:15 | 000,093,988 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2010.04.05 14:42:45 | 000,090,112 | ---- | C] () -- C:\Windows\RSetupCE.exe [2010.04.01 22:37:09 | 000,000,023 | ---- | C] () -- C:\Windows\SysWow64\sysmwwod.dll [2010.03.09 23:09:27 | 000,017,408 | ---- | C] () -- C:\Users\Alain\AppData\Local\WebpageIcons.db [2010.03.01 21:35:54 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.01.26 16:39:49 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2009.12.22 16:04:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.12.16 14:22:51 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini [2009.12.16 14:22:50 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.12.16 14:22:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.12.08 13:04:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.12.05 22:32:23 | 000,024,593 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.12.05 16:58:15 | 000,162,474 | ---- | C] () -- C:\Windows\War3Unin.dat [2009.12.04 12:14:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2011.04.27 19:16:34 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\BlackBean [2011.07.30 22:27:49 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\Day 1 Studios [2010.06.12 17:58:21 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\Facebook [2010.04.01 22:30:05 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\FreeAudioPack [2010.01.30 23:41:05 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\GameRanger [2011.02.27 16:33:04 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\gtk-2.0 [2011.08.05 18:58:09 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\ICQ [2010.12.26 21:39:17 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\JAM Software [2009.12.06 16:01:32 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\Leadertech [2009.12.06 02:22:10 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\Razer [2010.04.01 21:49:56 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\ROUTE 66 Sync [2010.02.28 21:47:09 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\Soldat [2010.01.30 20:07:11 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\TeamViewer [2010.10.16 17:25:50 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\Thunderbird [2011.07.29 03:21:55 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\TS3Client [2011.08.21 09:52:13 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extra: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.09.2011 13:13:59 - Run 2 OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Alain\Desktop\OTL 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 5.99 Gb Total Physical Memory | 4.23 Gb Available Physical Memory | 70.59% Memory free 11.98 Gb Paging File | 9.93 Gb Available in Paging File | 82.87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119.14 Gb Total Space | 25.10 Gb Free Space | 21.07% Space Free | Partition Type: NTFS Drive D: | 4.34 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 931.51 Gb Total Space | 65.22 Gb Free Space | 7.00% Space Free | Partition Type: NTFS Computer Name: ADMIN-PC | User Name: Alain | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit) "{26F8AE36-AC4D-A641-9BA5-8ED97E74CC51}" = ccc-utility64 "{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}" = O&O Defrag Professional "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support "{4A35302C-A6D3-DDE5-38BA-55E7BABA9670}" = AMD Catalyst Install Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4C315AA1-CD49-F046-0166-90D2DAE156DB}" = ATI AVIVO64 Codecs "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08 "{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BF7810F5-8413-09CF-FC2B-594AAEFF0CBE}" = ATI Problem Report Wizard "{C5823264-8DFC-6E63-9D69-A35B1A98B537}" = AMD Media Foundation Decoders "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch "{17C515BE-9EA8-BB8C-28FB-13731C5FD301}" = Catalyst Control Center "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch "{246C9716-CB18-492E-8679-5A88B9F73C68}_is1" = Fast MP3 Cutter Joiner v2.7 build 1296 "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27 "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM) "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46376BAF-996E-410E-82B2-5D9E61820E6D}" = Moorhuhn Kart 3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™ "{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5C785836-A576-444B-9DD0-74E878695A56}" = CCC Help English "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration "{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari "{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor "{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite DCP-115C "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{D975B47A-B542-453E-29E8-0707A1B9CC21}" = HydraVision "{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa "{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch "{E25E9970-864D-2AE6-70A2-51D9C6FEF480}" = Catalyst Control Center InstallProxy "{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{e708247f-0f08-4ba3-9ece-a6f97c8096bb}" = Nero 9 Trial "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{E8F817ED-7F1D-05A5-1374-C6D115BC9051}" = Catalyst Control Center Graphics Previews Common "{EE3E60BC-F29F-4E7B-A110-B538387D34DA}" = NO ONE LIVES FOREVER - GAME OF THE YEAR EDITION "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acky's XP Breakout Pocket PC" = Acky's XP Breakout Pocket PC "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Akamai" = Akamai NetSession Interface "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BlackShot" = BlackShot Á¦°Å "DotAlicious Gaming Client" = DotAlicious Gaming Client "DotAzilla" = DotAzilla "ENTERPRISE" = Microsoft Office Enterprise 2007 "F.E.A.R. 3_is1" = F.E.A.R. 3 "FLV Player" = FLV Player 2.0 (build 25) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free Audio Dub_is1" = Free Audio Dub version 1.5 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "G-Alarm_is1" = G-Alarm 2.1.2 "Gamers.IRC" = Gamers.IRC 5.30 "GFWL_{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™ "Host OpenAL (ADI)" = Host OpenAL (ADI) "ICCup Launcher_is1" = ICCup Launcher "InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch "InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "InstallShield_{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch "InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de) "Mozilla Thunderbird (3.1.14)" = Mozilla Thunderbird (3.1.14) "MP3 WAV WMA Converter" = MP3 WAV WMA Converter "OpenAL" = OpenAL "Postal 2_is1" = Portal 2 "RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.118 "Resco Diamonds" = Resco Diamonds "Resco Sokoban" = Resco Sokoban "Resco Sudoku Touch" = Resco Sudoku Touch "Soldat_is1" = Soldat 1.5.0 "Steam App 10" = Counter-Strike "Steam App 240" = Counter-Strike: Source "SUPER ©" = SUPER © Version 2010.bld.39 (Oct 24, 2010) "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamViewer 5" = TeamViewer 5 "TreeSize Professional_is1" = TreeSize Professional V5.4.4 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.3 "Warcraft III" = Warcraft III "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "Worms Armageddon" = Worms Armageddon "Worms Reloaded Update 1_is1" = Worms Reloaded Update 1 "Worms Reloaded Update 2_is1" = Worms Reloaded Update 2 "Worms Reloaded_is1" = Worms Reloaded "Zattoo" = Zattoo 3.3.4 Beta "Zattoo4" = Zattoo4 4.0.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Advanced Archive Password Recovery" = Advanced Archive Password Recovery "Facebook Plug-In" = Facebook Plug-In "GameRanger" = GameRanger "TeamSpeak 3 Client" = TeamSpeak 3 Client "Warcraft III" = Warcraft III: All Products ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 18.09.2011 07:13:43 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/18 13:13:43.490]: [00004052]: lperrcode->api = 3 , lperrcode->code = 2 Error - 18.09.2011 07:14:00 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/18 13:14:00.525]: [00004052]: lperrcode->api = 3 , lperrcode->code = 2 Error - 18.09.2011 07:14:10 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/18 13:14:10.540]: [00004052]: lperrcode->api = 3 , lperrcode->code = 2 Error - 18.09.2011 07:14:20 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/18 13:14:20.540]: [00004052]: lperrcode->api = 3 , lperrcode->code = 2 Error - 18.09.2011 07:14:30 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/18 13:14:30.539]: [00004052]: lperrcode->api = 3 , lperrcode->code = 2 Error - 18.09.2011 07:14:40 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/18 13:14:40.539]: [00004052]: lperrcode->api = 3 , lperrcode->code = 2 Error - 18.09.2011 07:14:56 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/18 13:14:56.498]: [00004052]: lperrcode->api = 3 , lperrcode->code = 2 Error - 18.09.2011 07:15:06 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/18 13:15:06.497]: [00004052]: lperrcode->api = 3 , lperrcode->code = 2 Error - 18.09.2011 07:15:16 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/18 13:15:16.497]: [00004052]: lperrcode->api = 3 , lperrcode->code = 2 Error - 18.09.2011 07:15:32 | Computer Name = Admin-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2011/09/18 13:15:32.413]: [00004052]: lperrcode->api = 3 , lperrcode->code = 2 [ System Events ] Error - 02.10.2010 06:20:07 | Computer Name = Admin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB2158563) Error - 02.10.2010 06:20:07 | Computer Name = Admin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Update für die Kompatibilitätsansichtsliste für Internet Explorer*8 für Windows 7 für x64-basierte Systeme (KB2362765) Error - 02.10.2010 06:24:58 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 03.10.2010 05:15:38 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 15.10.2010 15:40:34 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 16.10.2010 05:32:21 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 17.10.2010 04:38:53 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 19.10.2010 13:01:30 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 23.10.2010 11:08:48 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 24.10.2010 05:58:11 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. < End of report > |
18.09.2011, 13:08 | #9 |
| Trojaner in $recycle.bin nächster scan: HTML-Code: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 09/18/2011 at 01:50 PM Application Version : 5.0.1118 Core Rules Database Version : 7705 Trace Rules Database Version: 5517 Scan type : Complete Scan Total Scan Time : 00:26:25 Operating System Information Windows 7 Professional 64-bit (Build 6.01.7600) UAC Off - Administrator Memory items scanned : 839 Memory threats detected : 0 Registry items scanned : 72317 Registry threats detected : 0 File items scanned : 57719 File threats detected : 35 Adware.Tracking Cookie C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\V9K8MNL6.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\K3YI0DB5.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\SWKCHR76.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\R1JIJ8S1.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\GV96KE9S.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\T82X0BC4.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\JY94GB17.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\X5J0RBU3.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\M78Y9AWZ.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\YE3LVIH3.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\1Q7MLOFQ.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\4OTDQCIS.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\BVSWT10G.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\N885C549.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\A5L8CC2L.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\EQ5VWRWK.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\JZ1CZ753.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\X4JLVFP1.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\H5STGNK0.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\5PN7XIBY.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\L0MTUSR7.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\VVB2992Y.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\4C4UK2J9.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\7STUC5ZE.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\OI33FKNB.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\WHEUE4Q3.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\DR21004L.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\U1YFFGY6.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\GABLMXBM.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\FZAE4PUG.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\R2A3IHTR.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\NBAJK3BY.txt C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Cookies\Y9WRX245.txt media.energy.ch [ C:\USERS\ALAIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2J4CAPUU ] media.rofl.to [ C:\USERS\ALAIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2J4CAPUU ] |
19.09.2011, 16:48 | #10 | |
/// Helfer-Team | Trojaner in $recycle.binZitat:
Posting #6 / Punkt 8. fehlt noch!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
25.09.2011, 19:33 | #11 |
| Trojaner in $recycle.bin Eset scan durchgeführt, logfile hat er keines gespeichert, funde: 1 Der hat mir bei einem setup eines converterprogrammes adware angegeben, wobei ich glaube dass dies eine fehlermeldung ist, anyway die setup habe ich eh nicht mehr gebraucht und die ist jetzt gelöscht. Ansonsten funktioniert mein Computer ganz normal bezüglich der letzten frage |
27.09.2011, 05:09 | #12 |
/// Helfer-Team | Trojaner in $recycle.bin 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner 2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Wenn alles gut verlaufen und dein System läuft stabil,mache folgendes: Systemsteuerung/System und Sicherheit/System/Computerschutz/Systemeigenschaften poppt auf und dann einen Sicherungspunkt erstellen Systemwiederherstellung deaktivieren: Windows 7 - einen manuellen Systemwiederherstellungspunkt erstellen also zuerst deaktivieren-> dann aktivieren - am Ende soll wieder aktiviert sein! 4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) ➎ ► für Windows 7 das Service Pack 1 bitte aufspielen!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! ► Internet Explorer ebenfalls (Version 9 ist aktuell) Software wie Betriebssysteme, Browser und E-Mail Clients werden laufend weiterentwickelt. Gleichzeitig arbeiten jedoch auch Hacker daran, ständig neue Sicherheitslücken zu finden und auszunutzen. Was heute noch keine Schlupflücke für Viren und Würmer ist, kann morgen bereits zur Gefahr werden, wenn der entsprechende Schädling programmiert wurde. Das führt dazu, dass es relativ häufig zu Meldungen über neue Sicherheitsanfälligkeiten kommt, auch wenn diese noch nicht durch Hacker entdeckt wurden. Denn selbstverständlich suchen auch Sicherheitsspezialisten nach potenziellen Angriffsmöglichkeiten. Updates der Softwareentwickler sorgen dafür, dass der User immer die aktuellste und sicherste Version des Betriebssystems und der installierten Software nutzen kann.
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
Themen zu Trojaner in $recycle.bin |
$recycle.bin, .exe, escan, heute, infiziert, jahre, klicke, links, maßnahme, nicht sichtbar, ordner, probleme, recycle.bin, scan, schlau, sichtbar, spyware, surfe, surfen, troja, trojaner, trojanern, usern, versteckte, versteckte ordner, virus, vorgehen, web |