|
Log-Analyse und Auswertung: RECYCLER Virus ! Computer & USB Sticks infiziert BITTE BITTE HELFT MIR!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.11.2011, 12:19 | #1 |
| RECYCLER Virus ! Computer & USB Sticks infiziert BITTE BITTE HELFT MIR! Bitte helft mir mein Notebook ist mit Recycler virus infiziert und Malwarebytes erkennt nichts! Wie kann ich Virus loeschen ohne Daten vom Stick zu loeschen ? Computer ist egal keine wichtigen Daten oben. Neu aufgesetzt hab ich mein Notebook (Recovery - ASUS Eee PC) schonhelft oefter hilft nix ....kommt immer wieder......... Bitte helft einem lieben suessen verzweifelten Maedl.... OTL Log File & Extras.txt erstellt : OTL logfile created on: 11/19/2011 11:52:22 AM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Saskia\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1014.18 Mb Total Physical Memory | 590.82 Mb Available Physical Memory | 58.26% Memory free 1.99 Gb Paging File | 1.59 Gb Available in Paging File | 80.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 83.55 Gb Free Space | 83.55% Space Free | Partition Type: NTFS Drive D: | 117.87 Gb Total Space | 117.77 Gb Free Space | 99.92% Space Free | Partition Type: NTFS Computer Name: SASKIA-PC | User Name: Saskia | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/11/18 17:08:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saskia\Desktop\OTL.exe PRC - [2011/11/18 16:51:40 | 000,947,056 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe ========== Modules (No Company Name) ========== MOD - [2011/11/18 19:31:05 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011/11/18 17:50:02 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\401d4cd2a06122a32cf094d541dcdd63\Microsoft.VisualBasic.ni.dll MOD - [2011/11/18 16:51:45 | 000,776,704 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll MOD - [2011/11/18 16:51:45 | 000,316,928 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2011/11/18 16:51:45 | 000,275,968 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2011/11/18 16:51:45 | 000,168,448 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2011/11/18 16:51:45 | 000,106,496 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreelements.dll MOD - [2011/11/18 16:51:45 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2011/11/18 16:51:45 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2011/11/18 16:51:45 | 000,078,336 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2011/11/18 16:51:45 | 000,076,800 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2011/11/18 16:51:45 | 000,068,608 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2011/11/18 16:51:45 | 000,064,000 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2011/11/18 16:51:45 | 000,046,592 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2011/11/18 16:51:45 | 000,045,568 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll MOD - [2011/11/18 14:44:30 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7e94064464380c8a5d7315c8b5d312aa\System.EnterpriseServices.ni.dll MOD - [2011/11/18 14:44:25 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\c744f0f95227e75796b8689801740d4b\System.Transactions.ni.dll MOD - [2011/11/18 14:44:22 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\935ac020241e59cab3287d5eb38c592d\System.Data.ni.dll MOD - [2010/12/25 11:02:48 | 012,430,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll MOD - [2010/12/25 11:02:18 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll MOD - [2010/12/25 11:01:18 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll MOD - [2010/12/25 11:01:03 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll MOD - [2010/12/25 11:00:59 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll MOD - [2010/12/25 11:00:34 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll MOD - [2010/12/25 09:19:59 | 000,030,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\2.2.0.21078__0d0f4b69e50e559b\SqliteShared.dll MOD - [2010/12/25 09:19:56 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2010/09/01 05:51:14 | 000,124,240 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\2.2.56.108\AsusWSShellExt.dll MOD - [2009/06/10 23:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009/06/10 23:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ========== Win32 Services (SafeList) ========== SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/07/12 12:40:00 | 000,146,880 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp) SRV - [2009/08/19 03:35:56 | 000,219,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/08/24 11:55:51 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010/07/23 17:57:00 | 000,058,448 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon) DRV - [2010/07/23 17:56:00 | 000,169,552 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm) DRV - [2010/07/23 17:56:00 | 000,053,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2010/07/02 03:14:00 | 001,015,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010/03/31 03:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2009/11/23 12:42:56 | 000,083,344 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi) DRV - [2009/10/05 19:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/07/20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2009/07/01 06:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010/12/25 09:15:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/25 09:16:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/25 09:16:06 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\2.2.56.108\ASUSWSDashBoard.exe (eCareme) O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe (Trend Micro Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.104.112.9 78.104.112.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0768D34E-B842-4FC1-A2A6-B1EDBE12CF49}: DhcpNameServer = 137.208.3.3 137.208.8.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12CB40E7-E9AC-4B56-8AC7-2137BBB4FBF3}: DhcpNameServer = 78.104.112.9 78.104.112.4 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/11/19 11:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2011/11/19 11:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine [2011/11/19 11:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security [2011/11/19 11:48:33 | 000,848,856 | ---- | C] (Panda Security ) -- C:\Users\Saskia\Desktop\USBVaccineSetup.exe [2011/11/19 00:39:05 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution [2011/11/19 00:36:03 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011/11/19 00:35:23 | 000,000,000 | -HSD | C] -- C:\Boot [2011/11/18 21:19:38 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Documents\E-Cam [2011/11/18 19:31:06 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2011/11/18 17:34:02 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Desktop\CMMD I [2011/11/18 17:10:24 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Malwarebytes [2011/11/18 17:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/11/18 17:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/11/18 17:09:59 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011/11/18 17:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/11/18 17:08:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Saskia\Desktop\OTL.exe [2011/11/18 16:52:03 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Opera [2011/11/18 16:52:03 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Opera [2011/11/18 16:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2011/11/18 15:15:31 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\PasswordSafe [2011/11/18 15:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Password Safe and Repository 6 [2011/11/18 15:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Password Safe and Repository 6 [2011/11/18 15:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2011/11/18 14:58:09 | 000,000,000 | ---D | C] -- C:\temp [2011/11/18 14:58:01 | 000,083,344 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmtdi.sys [2011/11/18 14:57:56 | 000,169,552 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmcomm.sys [2011/11/18 14:57:56 | 000,058,448 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmactmon.sys [2011/11/18 14:57:56 | 000,053,840 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmevtmgr.sys [2011/11/18 14:50:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/11/18 14:49:50 | 000,000,000 | ---D | C] -- C:\windows\ConfigSetRoot [2011/11/18 14:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\E-Cam [2011/11/18 14:48:54 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\E-Cam [2011/11/18 14:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\E-Cam [2011/11/18 14:47:19 | 000,000,000 | ---D | C] -- C:\windows\System32\Atheros_L1e [2011/11/18 14:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech [2011/11/18 14:45:49 | 000,000,000 | ---D | C] -- C:\windows\System32\SRSLabs [2011/11/18 14:45:47 | 000,000,000 | ---D | C] -- C:\windows\System32\RTCOM [2011/11/18 14:45:17 | 001,775,136 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkPgExt.dll [2011/11/18 14:45:17 | 001,083,936 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RTSndMgr.cpl [2011/11/18 14:45:16 | 003,583,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkAPO.dll [2011/11/18 14:45:16 | 000,367,136 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkApoApi.dll [2011/11/18 14:45:16 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEP32A.dll [2011/11/18 14:45:16 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RP3DHT32.dll [2011/11/18 14:45:16 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RP3DAA32.dll [2011/11/18 14:45:16 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEED32A.dll [2011/11/18 14:45:16 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEL32A.dll [2011/11/18 14:45:16 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEG32A.dll [2011/11/18 14:45:16 | 000,058,400 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkCoInst.dll [2011/11/18 14:45:14 | 000,299,424 | ---- | C] (Fortemedia Corporation) -- C:\windows\System32\FMAPO.dll [2011/11/18 14:45:14 | 000,145,760 | ---- | C] (Andrea Electronics Corporation) -- C:\windows\System32\AERTACap.dll [2011/11/18 14:45:14 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\windows\System32\AERTARen.dll [2011/11/18 14:45:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp [2011/11/18 14:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2011/11/18 14:45:12 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\RtlExUpd.dll [2011/11/18 14:43:55 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\VirtualStore [2011/11/18 14:43:52 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\AppData\Local\Temporary Internet Files [2011/11/18 14:43:52 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Templates [2011/11/18 14:43:52 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Start Menu [2011/11/18 14:43:52 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\SendTo [2011/11/18 14:43:52 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Recent [2011/11/18 14:43:52 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\PrintHood [2011/11/18 14:43:52 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\NetHood [2011/11/18 14:43:52 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Documents\My Videos [2011/11/18 14:43:52 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Documents\My Pictures [2011/11/18 14:43:52 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Documents\My Music [2011/11/18 14:43:52 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\My Documents [2011/11/18 14:43:52 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Local Settings [2011/11/18 14:43:52 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\AppData\Local\History [2011/11/18 14:43:52 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Cookies [2011/11/18 14:43:52 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Application Data [2011/11/18 14:43:52 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\AppData\Local\Application Data [2011/11/18 14:43:50 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011/11/18 14:43:50 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011/11/18 14:43:50 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011/11/18 14:43:50 | 000,000,000 | -H-D | C] -- C:\Users\Saskia\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2011/11/18 14:43:50 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Windows Live [2011/11/18 14:43:50 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Temp [2011/11/18 14:43:50 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Microsoft [2011/11/18 14:43:50 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Macromedia [2011/11/18 14:43:50 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\InstallShield [2011/11/18 14:43:50 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Identities [2011/11/18 14:43:50 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park [2011/11/18 14:43:50 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\ASUS WebStorage [2011/11/18 14:43:50 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Adobe [2011/11/18 14:43:50 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Adobe [2011/11/18 14:43:49 | 000,000,000 | --SD | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft [2011/11/18 14:43:49 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Videos [2011/11/18 14:43:49 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011/11/18 14:43:49 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Searches [2011/11/18 14:43:49 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Saved Games [2011/11/18 14:43:49 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Pictures [2011/11/18 14:43:49 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Music [2011/11/18 14:43:49 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Links [2011/11/18 14:43:49 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Favorites [2011/11/18 14:43:49 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Downloads [2011/11/18 14:43:49 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Documents [2011/11/18 14:43:49 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Desktop [2011/11/18 14:43:49 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Contacts [2011/11/18 14:43:49 | 000,000,000 | -H-D | C] -- C:\Users\Saskia\AppData [2011/11/18 14:43:49 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Mozilla [2011/11/18 14:43:49 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Documents\EBI [2011/11/18 14:43:49 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Documents\Bluetooth Exchange Folder [2011/11/18 14:43:49 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Documents\Asus WebStorage [2011/11/18 14:43:26 | 000,000,000 | -HSD | C] -- C:\Recovery [2010/07/29 09:43:10 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2011/11/19 11:55:57 | 101,206,032 | ---- | M] () -- C:\Users\Saskia\Desktop\setup_kaspersky_removal_11.0.0.1245.x01_2011_08_05_09_12.exe [2011/11/19 11:49:13 | 000,615,122 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011/11/19 11:49:13 | 000,103,496 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011/11/19 11:48:43 | 000,848,856 | ---- | M] (Panda Security ) -- C:\Users\Saskia\Desktop\USBVaccineSetup.exe [2011/11/19 11:44:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/11/19 11:44:53 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys [2011/11/19 10:03:01 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/11/19 10:03:01 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/11/19 00:42:49 | 000,035,789 | ---- | M] () -- C:\windows\System32\license.rtf [2011/11/18 20:16:55 | 000,014,512 | ---- | M] () -- C:\Users\Saskia\Desktop\316919_10150274521477406_520882405_7914981_6680577_n.jpg [2011/11/18 19:31:06 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2011/11/18 17:10:07 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/11/18 17:08:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saskia\Desktop\OTL.exe [2011/11/18 16:51:46 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2011/11/18 15:15:04 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Password Safe 6.lnk [2011/11/18 14:50:01 | 000,001,411 | ---- | M] () -- C:\Users\Saskia\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/11/18 14:48:43 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk [2011/11/18 14:48:43 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\E-Manual.lnk ========== Files Created - No Company Name ========== [2011/11/19 09:57:07 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS [2011/11/19 00:36:04 | 797,581,312 | -HS- | C] () -- C:\hiberfil.sys [2011/11/19 00:35:24 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2011/11/18 20:16:54 | 000,014,512 | ---- | C] () -- C:\Users\Saskia\Desktop\316919_10150274521477406_520882405_7914981_6680577_n.jpg [2011/11/18 17:10:07 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/11/18 16:51:46 | 000,001,791 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2011/11/18 16:51:46 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2011/11/18 15:15:04 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Password Safe 6.lnk [2011/11/18 14:50:10 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini [2011/11/18 14:50:01 | 000,001,411 | ---- | C] () -- C:\Users\Saskia\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/11/18 14:48:43 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk [2011/11/18 14:48:43 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\E-Manual.lnk [2011/11/18 14:45:20 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat [2011/11/18 14:45:20 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat [2011/11/18 14:43:50 | 000,001,871 | ---- | C] () -- C:\Users\Saskia\Desktop\MySyncFolder.lnk [2011/11/18 14:43:50 | 000,001,417 | ---- | C] () -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011/11/18 14:43:50 | 000,000,290 | ---- | C] () -- C:\Users\Saskia\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2011/11/18 14:43:50 | 000,000,272 | ---- | C] () -- C:\Users\Saskia\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2010/12/25 09:09:37 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe [2010/12/25 09:09:36 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini [2010/12/25 09:08:07 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010/12/25 09:06:23 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys [2010/12/25 09:05:40 | 000,000,702 | ---- | C] () -- C:\windows\Reboot.ini [2010/12/25 09:01:08 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe [2010/12/25 09:00:37 | 000,014,051 | ---- | C] () -- C:\windows\System32\RaCoInst.dat [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 06:33:53 | 000,257,736 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,615,122 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,103,496 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat [2009/02/26 08:50:32 | 000,000,176 | ---- | C] () -- C:\windows\explorer.exe.config < End of report > OTL Extras logfile created on: 11/19/2011 11:52:22 AM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Saskia\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1014.18 Mb Total Physical Memory | 590.82 Mb Available Physical Memory | 58.26% Memory free 1.99 Gb Paging File | 1.59 Gb Available in Paging File | 80.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 83.55 Gb Free Space | 83.55% Space Free | Partition Type: NTFS Drive D: | 117.87 Gb Total Space | 117.77 Gb Free Space | 99.92% Space Free | Partition Type: NTFS Computer Name: SASKIA-PC | User Name: Saskia | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common "{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0A455897-C606-4958-AD34-6DF0430D184B}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{10668AA3-490D-46C1-B606-A621451998EF}" = Password Safe and Repository 6 "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}" = Kontrola Windows Live Mesh ActiveX za daljinske veze "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță "{269FAF4C-8237-49A4-8440-6560FF15B4B0}" = Windows Live UX Platform Language Pack "{2719ED2A-F6F5-4CA4-B248-A48FFE75DB84}" = Windows Live UX Platform Language Pack "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{2852BC06-B850-4518-97E6-CD136FE75683}" = Windows Live Remote Client Resources "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh "{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3FD1CB9F-807F-451B-926C-9D19C84CFC61}" = Messenger Suradnik "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4 "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{61A5DE19-BE38-45AF-A9BC-73E49703315E}" = Windows Live Remote Service Resources "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{6255D9FC-427F-4867-84DB-164DBEA0661F}" = Windows Live Remote Client Resources "{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6B318C80-7BE4-4D79-9F53-4290958EA984}" = Windows Live UX Platform Language Pack "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger "{6DD3B54B-F0D0-4A69-8344-F52033225A02}" = Messenger Companion "{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker "{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer "{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A3163358-58E0-4203-9517-E9CAADAB94C2}" = Windows Live Family Safety "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium "{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail "{AC259A12-6CD9-486D-A97A-B619EB46225A}" = Windows Live Remote Service Resources "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{AFEBFEAC-7D1C-40A0-9285-09631C27310E}" = Windows Live Family Safety "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки "{B6F55C3E-30EE-4D25-8BAD-CEE4BF8C78EB}" = Windows Live Remote Client Resources "{B73CC376-C28E-4FC9-8C0B-493695640E7E}" = Windows Live Family Safety "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources "{BA8D4CEF-D23D-44AB-8A89-66E602253791}" = Windows Live Remote Service Resources "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{E7F55ECB-CC70-4008-ADC9-29AA1512808A}" = Windows Live Family Safety "{E7FB0043-24A5-4B30-AED6-01B47B44CB67}" = Windows Live Remote Client Resources "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F14F9EE9-9B68-42B4-90F7-0924F7619281}" = Spremljevalec Messenger "{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F81DB83D-A016-45A6-A6A0-135B1E6939EF}" = Windows Live Remote Service Resources "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FEA0181F-3758-46DA-B7EC-F3CDFA7E0CE7}" = Помощник на Messenger "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASUS VIBE" = ASUS VIBE "ASUS WebStorage" = ASUS WebStorage "B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) "B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "Eee Docking_is1" = Eee Docking 3.8.1 "Elantech" = ETDWare PS/2-x86 7.0.5.13_WHQL "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "Opera 11.52.1100" = Opera 11.52 "WinLiveSuite" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/18/2011 8:46:49 AM | Computer Name = Saskia-PC | Source = VSS | ID = 8194 Description = Error - 11/18/2011 8:49:55 AM | Computer Name = Saskia-PC | Source = ESENT | ID = 215 Description = WinMail (4004) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed. Error - 11/18/2011 11:22:37 AM | Computer Name = Saskia-PC | Source = Application Hang | ID = 1002 Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 304 Start Time: 01cca604e3df6afa Termination Time: 0 Application Path: C:\Users\Saskia\Desktop\OTL.exe Report Id: [ System Events ] Error - 11/19/2011 5:11:40 AM | Computer Name = Saskia-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 11/19/2011 5:11:40 AM | Computer Name = Saskia-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 11/19/2011 5:11:40 AM | Computer Name = Saskia-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 11/19/2011 5:11:40 AM | Computer Name = Saskia-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 11/19/2011 5:11:40 AM | Computer Name = Saskia-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 11/19/2011 5:45:03 AM | Computer Name = Saskia-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AsUpIO discache spldr tmtdi Wanarpv6 Error - 11/19/2011 5:45:43 AM | Computer Name = Saskia-PC | Source = DCOM | ID = 10005 Description = Error - 11/19/2011 5:45:49 AM | Computer Name = Saskia-PC | Source = DCOM | ID = 10005 Description = Error - 11/19/2011 5:45:51 AM | Computer Name = Saskia-PC | Source = DCOM | ID = 10005 Description = Error - 11/19/2011 5:45:51 AM | Computer Name = Saskia-PC | Source = DCOM | ID = 10005 Description = < End of report > Viele Liebe Gruesse und ich danke im Vorhinein fuer eure Hilfe ! |
20.11.2011, 13:38 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | RECYCLER Virus ! Computer & USB Sticks infiziert BITTE BITTE HELFT MIR!Zitat:
Beachte den Artikel zur Neuinstallation von Windows.
__________________ |
Themen zu RECYCLER Virus ! Computer & USB Sticks infiziert BITTE BITTE HELFT MIR! |
32 bit, computer, defender, error, explorer, firefox, flash player, format, helper, install.exe, installation, kaspersky, launch, log file, logfile, mbamservice.exe, opera, panda usb vaccine, problem, realtek, recycler virus, registry, rundll, scan, security, shell32.dll, software, stick, usb, version=1.0, virus, webcheck, windows, windows live mesh |