| |
| |||||||
Log-Analyse und Auswertung: Systemfix und Win 7 internet Security - hoffentlich bald alle reste entfernt?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.12.2011, 22:36
| #1 | |
| |  Systemfix und Win 7 internet Security - hoffentlich bald alle reste entfernt? Einen wunderschönen guten abend Ich hab wohl ein ausgesprochenes talent mir böse sachen einzufangen  Problembeschreibung: Aus irgendeiner mir bis dato nicht ganz klaren quelle (da ich zu dem zeitpunkt im internet nicht mal was gemacht hatte sondern nur nen film geschaut hab) hab ich mir windows Internet security 2012 und Systemfix eingehandelt. Soweit die problematik Vorab noch die Info: ich habe ein 64 bit System und win 7 nachdem mein antivir die beiden dateien nicht entfernen noch erkennen konnte habe ich mir zunächst Spydoc zum prüfen besorgt, dann aber doch die bearbeitung mit kaspersky vollendet und damit zumindest schon mal einen teil entfernt, dann bin ich auf dieses Board gestossen und habe 1. Defogger gestartet (er wollte jedoch nicht neu starten - daher poste ich direkt mal das log mit: ) Zitat:
3. Rkill laufen lassen und 4 otl noch mal gestartet Ich poste nun das AKTUELLERE ergebniss von OTL: OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.12.2011 22:09:47 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lyhaire\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 66,59% Memory free 8,00 Gb Paging File | 6,74 Gb Available in Paging File | 84,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 40,90 Gb Total Space | 8,09 Gb Free Space | 19,77% Space Free | Partition Type: NTFS Drive E: | 24,41 Gb Total Space | 22,50 Gb Free Space | 92,18% Space Free | Partition Type: NTFS Drive F: | 424,76 Gb Total Space | 181,43 Gb Free Space | 42,71% Space Free | Partition Type: NTFS Drive G: | 51,91 Gb Total Space | 47,91 Gb Free Space | 92,31% Space Free | Partition Type: NTFS Drive H: | 3,80 Gb Total Space | 3,24 Gb Free Space | 85,39% Space Free | Partition Type: FAT32 Computer Name: BANSIDHE | User Name: Lyhaire | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.06 20:48:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lyhaire\Desktop\OTL.exe PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe PRC - [2010.03.10 14:26:48 | 000,189,728 | -H-- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.11.18 14:13:54 | 000,035,648 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2011.07.28 22:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2005.07.25 14:58:12 | 000,451,584 | ---- | M] ( ) [On_Demand | Stopped] -- C:\Windows\SysNative\lxcgcoms.exe -- (lxcg_device) SRV - [2011.11.18 14:13:54 | 000,028,992 | -H-- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.11.18 14:13:46 | 002,118,976 | -H-- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.07.28 16:43:58 | 000,361,984 | -H-- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- F:\Programme\System\ATI CCC\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP) SRV - [2010.11.19 06:57:14 | 001,150,936 | -H-- | M] (PC Tools) [On_Demand | Stopped] -- F:\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2010.03.15 14:02:36 | 000,366,840 | -H-- | M] (PC Tools) [On_Demand | Stopped] -- F:\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2010.03.10 14:26:48 | 000,189,728 | -H-- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.02.19 12:37:14 | 000,517,096 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.05 20:06:21 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2011.09.24 17:12:07 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.08.02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.07.28 23:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.07.28 21:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.06.06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010.11.25 10:43:26 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.08.12 11:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2010.07.16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA) DRV:64bit: - [2010.06.29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS) DRV:64bit: - [2010.05.15 12:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2011.10.13 17:33:58 | 000,011,856 | -H-- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.06.24 05:31:02 | 000,055,424 | -H-- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- F:\Programme\System\ATI CCC\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Programme\System\java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: F:\Programme\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2011.12.05 20:16:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.12.05 20:16:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: F:\Programme\Firefox\components [2011.11.09 07:20:34 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: F:\Programme\components [2011.09.19 16:11:56 | 000,000,000 | -H-D | M] [2011.09.17 08:49:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lyhaire\AppData\Roaming\mozilla\Extensions [2011.12.02 06:59:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lyhaire\AppData\Roaming\mozilla\Firefox\Profiles\cgv4jcoq.default\extensions [2011.09.24 17:10:28 | 000,000,000 | -H-D | M] (Gutscheinrausch.de) -- C:\Users\Lyhaire\AppData\Roaming\mozilla\Firefox\Profiles\cgv4jcoq.default\extensions\vikh0s2l.qyg () (No name found) -- C:\USERS\LYHAIRE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CGV4JCOQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.09.18 12:38:05 | 000,002,048 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = F:\Programme\System\java\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = F:\Programme\System\java\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Lyhaire\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = F:\Programme\VLC\npvlc.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Facemoods = C:\Users\Lyhaire\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.1_0\ CHR - Extension: Skype Click to Call = C:\Users\Lyhaire\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Programme\System\java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] F:\Programme\System\ATI CCC\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\Lyhaire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\Lyhaire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = F:\Programme\Trillian\trillian.exe (Cerulean Studios) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5FE7FA7-B6B0-4332-A280-61307CF03FF6}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.06 20:54:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Lyhaire\Desktop\OTL.exe [2011.12.05 20:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012 [2011.12.05 20:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.12.05 20:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2011.12.05 20:06:21 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2011.12.05 19:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Lyhaire\AppData\Local\fa28b086 [2011.12.05 08:36:10 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys [2011.12.05 08:36:10 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys [2011.12.05 08:36:09 | 000,331,368 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys [2011.12.05 08:36:09 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys [2011.12.05 08:36:07 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys [2011.12.05 08:36:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2011.12.05 08:36:04 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys [2011.12.05 08:35:48 | 000,000,000 | -H-D | C] -- C:\Users\Lyhaire\AppData\Roaming\PC Tools [2011.12.05 08:35:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\PC Tools [2011.12.05 08:35:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2011.12.05 08:35:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2011.12.05 08:34:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\TEMP [2011.12.04 23:27:48 | 000,000,000 | -H-D | C] -- C:\Users\Lyhaire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix [2011.11.26 08:16:00 | 000,000,000 | -H-D | C] -- C:\ATI [2011.11.24 20:00:13 | 000,000,000 | -H-D | C] -- C:\Users\Lyhaire\AppData\Local\CrashDumps [2011.11.23 19:11:03 | 000,035,648 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2011.11.23 19:11:01 | 000,028,992 | -H-- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2011.11.23 19:08:38 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2011.11.23 19:08:37 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2011.11.23 19:08:37 | 000,021,312 | -H-- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2011.11.23 19:08:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2011.11.23 19:08:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012 [2011.11.23 19:07:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2011.11.20 17:20:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Protexis [2011.11.20 17:20:27 | 000,000,000 | -H-D | C] -- C:\Users\Lyhaire\AppData\Roaming\Corel [2011.11.20 17:18:26 | 000,000,000 | -H-D | C] -- C:\Users\Lyhaire\AppData\Roaming\Ulead Systems [2011.11.20 17:18:26 | 000,000,000 | -H-D | C] -- C:\Users\Lyhaire\Documents\Corel PaintShop Pro [2011.11.20 17:18:26 | 000,000,000 | -H-D | C] -- C:\Users\Lyhaire\AppData\Local\Corel PaintShop Pro [2011.11.20 17:17:27 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\Protexis [2011.11.20 17:17:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Corel [2011.11.20 17:16:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X4 [2011.09.17 08:44:10 | 000,216,064 | -H-- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll ========== Files - Modified Within 30 Days ========== [2011.12.06 21:39:31 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.06 21:39:31 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.06 21:39:31 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.06 21:39:31 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.06 21:39:31 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.06 21:38:37 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.06 21:38:37 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.06 21:33:31 | 000,001,108 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.06 21:33:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.06 21:31:22 | 001,008,120 | ---- | M] () -- C:\Users\Lyhaire\Desktop\rkill.com [2011.12.06 21:20:00 | 000,001,112 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.06 20:50:52 | 000,012,750 | -HS- | M] () -- C:\Users\Lyhaire\AppData\Local\q523nl664v4j7j [2011.12.06 20:50:52 | 000,012,750 | -HS- | M] () -- C:\ProgramData\q523nl664v4j7j [2011.12.06 20:48:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lyhaire\Desktop\OTL.exe [2011.12.06 20:47:20 | 000,050,477 | ---- | M] () -- C:\Users\Lyhaire\Desktop\Defogger.exe [2011.12.05 20:07:58 | 000,017,408 | ---- | M] () -- C:\Users\Lyhaire\AppData\Local\WebpageIcons.db [2011.12.05 20:07:17 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2011.12.05 20:07:16 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2011.12.05 20:07:00 | 001,641,380 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2011.12.05 20:06:21 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2011.12.05 19:40:47 | 000,000,106 | -H-- | M] () -- C:\Users\Lyhaire\defogger_reenable [2011.12.04 23:35:17 | 000,000,000 | -H-- | M] () -- C:\Users\Lyhaire\AppData\Local\{E59D8373-C669-4D4E-9285-792D7C97464F} [2011.12.04 23:30:36 | 000,000,448 | -H-- | M] () -- C:\ProgramData\KxEg5oCHW5FvAh [2011.12.04 23:27:48 | 000,000,649 | -H-- | M] () -- C:\Users\Lyhaire\Desktop\System Fix.lnk [2011.12.04 23:27:48 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~KxEg5oCHW5FvAh [2011.12.04 23:27:48 | 000,000,216 | -H-- | M] () -- C:\ProgramData\~KxEg5oCHW5FvAhr [2011.12.04 18:12:04 | 000,136,141 | -H-- | M] () -- C:\Users\Lyhaire\Desktop\kekse.jpg [2011.12.02 18:53:34 | 000,015,269 | -H-- | M] () -- C:\Users\Lyhaire\Documents\Finanzenübersicht.ods [2011.12.02 18:53:33 | 000,000,116 | -H-- | M] () -- C:\Users\Lyhaire\Documents\.~lock.Finanzenübersicht.ods# [2011.11.26 11:02:04 | 000,039,942 | -H-- | M] () -- C:\Users\Lyhaire\Desktop\Pemberley 11-8 w (1 of 1).jpg [2011.11.19 00:04:11 | 000,101,480 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat [2011.11.18 14:13:54 | 000,035,648 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2011.11.18 14:13:54 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2011.11.18 14:13:54 | 000,028,992 | -H-- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2011.11.18 14:13:54 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2011.11.18 14:13:54 | 000,021,312 | -H-- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2011.11.16 11:01:59 | 000,009,518 | -H-- | M] () -- C:\Users\Lyhaire\Documents\Körper.ods [2011.11.16 09:11:14 | 000,012,732 | -H-- | M] () -- C:\Users\Lyhaire\Documents\Schulden.ods [2011.11.09 17:21:09 | 004,851,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011.12.06 21:34:23 | 001,008,120 | ---- | C] () -- C:\Users\Lyhaire\Desktop\rkill.com [2011.12.06 20:51:12 | 000,050,477 | ---- | C] () -- C:\Users\Lyhaire\Desktop\Defogger.exe [2011.12.05 20:07:56 | 000,017,408 | ---- | C] () -- C:\Users\Lyhaire\AppData\Local\WebpageIcons.db [2011.12.05 20:07:17 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2011.12.05 20:07:16 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2011.12.05 19:40:47 | 000,000,106 | -H-- | C] () -- C:\Users\Lyhaire\defogger_reenable [2011.12.05 08:36:11 | 001,641,380 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2011.12.04 23:35:17 | 000,000,000 | -H-- | C] () -- C:\Users\Lyhaire\AppData\Local\{E59D8373-C669-4D4E-9285-792D7C97464F} [2011.12.04 23:27:48 | 000,000,649 | -H-- | C] () -- C:\Users\Lyhaire\Desktop\System Fix.lnk [2011.12.04 23:27:48 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~KxEg5oCHW5FvAh [2011.12.04 23:27:48 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~KxEg5oCHW5FvAhr [2011.12.04 23:27:43 | 000,000,448 | -H-- | C] () -- C:\ProgramData\KxEg5oCHW5FvAh [2011.12.04 23:21:04 | 000,012,750 | -HS- | C] () -- C:\Users\Lyhaire\AppData\Local\q523nl664v4j7j [2011.12.04 23:21:04 | 000,012,750 | -HS- | C] () -- C:\ProgramData\q523nl664v4j7j [2011.12.04 18:12:03 | 000,136,141 | -H-- | C] () -- C:\Users\Lyhaire\Desktop\kekse.jpg [2011.12.01 20:48:23 | 000,000,116 | -H-- | C] () -- C:\Users\Lyhaire\Documents\.~lock.Finanzenübersicht.ods# [2011.11.26 11:02:03 | 000,039,942 | -H-- | C] () -- C:\Users\Lyhaire\Desktop\Pemberley 11-8 w (1 of 1).jpg [2011.11.19 00:04:11 | 000,101,480 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.10.23 11:15:41 | 000,000,132 | -H-- | C] () -- C:\Users\Lyhaire\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.10.05 10:59:33 | 000,221,184 | -H-- | C] () -- C:\Windows\SysWow64\TidyATL.dll [2011.09.17 11:47:12 | 000,001,769 | -H-- | C] () -- C:\Windows\Language_trs.ini [2011.09.17 11:47:10 | 000,023,468 | -H-- | C] () -- C:\Windows\Ascd_tmp.ini [2011.09.17 09:31:28 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin [2011.09.17 08:44:11 | 000,175,616 | -H-- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.09.17 08:44:11 | 000,000,038 | -H-- | C] () -- C:\Windows\avisplitter.ini [2011.09.17 08:44:10 | 003,164,160 | -H-- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2011.09.17 08:44:10 | 000,644,608 | -H-- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.09.17 08:44:10 | 000,243,200 | -H-- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.09.17 08:44:09 | 000,073,216 | -H-- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.03.17 18:51:44 | 000,003,929 | -H-- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.04.02 13:30:14 | 000,010,296 | -H-- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2011.10.05 11:03:38 | 000,000,000 | -H-D | M] -- C:\Users\Lyhaire\AppData\Roaming\BlogDesk [2011.10.05 09:16:51 | 000,000,000 | -H-D | M] -- C:\Users\Lyhaire\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.09.24 17:13:26 | 000,000,000 | -H-D | M] -- C:\Users\Lyhaire\AppData\Roaming\DAEMON Tools Lite [2011.12.04 23:24:13 | 000,000,000 | -H-D | M] -- C:\Users\Lyhaire\AppData\Roaming\FileZilla [2011.09.21 17:35:57 | 000,000,000 | -H-D | M] -- C:\Users\Lyhaire\AppData\Roaming\OpenOffice.org [2011.10.08 21:55:40 | 000,000,000 | -H-D | M] -- C:\Users\Lyhaire\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.09.19 16:13:43 | 000,000,000 | -H-D | M] -- C:\Users\Lyhaire\AppData\Roaming\Thunderbird [2011.09.17 20:05:36 | 000,000,000 | -H-D | M] -- C:\Users\Lyhaire\AppData\Roaming\Trillian [2011.11.23 19:08:29 | 000,000,000 | -H-D | M] -- C:\Users\Lyhaire\AppData\Roaming\TuneUp Software [2011.11.20 17:18:26 | 000,000,000 | -H-D | M] -- C:\Users\Lyhaire\AppData\Roaming\Ulead Systems [2011.11.23 16:59:34 | 000,032,632 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.10.23 09:46:02 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.11.26 08:16:00 | 000,000,000 | -H-D | M] -- C:\ATI [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.09.17 08:24:06 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.09.27 16:44:33 | 000,000,000 | -H-D | M] -- C:\Lexmark [2009.07.14 04:20:08 | 000,000,000 | -H-D | M] -- C:\PerfLogs [2011.10.19 19:54:52 | 000,000,000 | RH-D | M] -- C:\Program Files [2011.12.05 20:06:33 | 000,000,000 | RH-D | M] -- C:\Program Files (x86) [2011.12.05 20:25:59 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.09.17 08:24:06 | 000,000,000 | -HSD | M] -- C:\Programme [2011.09.17 08:24:06 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.12.06 22:01:34 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.09.27 16:44:36 | 000,000,000 | -H-D | M] -- C:\Temp [2011.09.17 08:26:59 | 000,000,000 | RH-D | M] -- C:\Users [2011.12.06 21:33:08 | 000,000,000 | -H-D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Lyhaire\AppData\Local\Temp\RarSFX0\procs\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Lyhaire\AppData\Local\Temp\RarSFX0\h\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2011.12.06 21:25:13 | 001,008,120 | ---- | M] () MD5=B126E9A5878A0C30775619E640669C91 -- C:\Users\Lyhaire\Downloads\eXplorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Lyhaire\AppData\Local\Temp\RarSFX0\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Lyhaire\AppData\Local\Temp\RarSFX0\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Extras: txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.12.2011 20:55:50 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lyhaire\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 72,11% Memory free
8,00 Gb Paging File | 6,76 Gb Available in Paging File | 84,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,90 Gb Total Space | 8,50 Gb Free Space | 20,79% Space Free | Partition Type: NTFS
Drive E: | 24,41 Gb Total Space | 22,50 Gb Free Space | 92,18% Space Free | Partition Type: NTFS
Drive F: | 424,76 Gb Total Space | 181,43 Gb Free Space | 42,71% Space Free | Partition Type: NTFS
Drive G: | 51,91 Gb Total Space | 47,91 Gb Free Space | 92,31% Space Free | Partition Type: NTFS
Drive H: | 3,80 Gb Total Space | 3,24 Gb Free Space | 85,49% Space Free | Partition Type: FAT32
Computer Name: BANSIDHE | User Name: Lyhaire | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = ah] -- C:\Users\Lyhaire\AppData\Local\qht.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- F:\Programme\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- F:\Programme\PS\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Pro X4 durchsuchen] -- "F:\Programme\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [PlayWithVLC] -- "F:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- F:\Programme\PS\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Pro X4 durchsuchen] -- "F:\Programme\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [PlayWithVLC] -- "F:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0015DE8E-8D9F-403E-8E5A-4098410E6125}" = PSPPro64
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26F8AE36-AC4D-A641-9BA5-8ED97E74CC51}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4A35302C-A6D3-DDE5-38BA-55E7BABA9670}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C5823264-8DFC-6E63-9D69-A35B1A98B537}" = AMD Media Foundation Decoders
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDFFF800-E7AB-D678-4D8E-53B8D57AE925}" = AMD Fuel
"{CFA5BA6D-D6BB-AE1B-E61E-5B1ACFC8F0BB}" = AMD Drag and Drop Transcoding
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Lexmark 2300 Series" = Lexmark 2300 Series
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4
"{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA
"{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent
"{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4
"{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM
"{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup
"{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{17C515BE-9EA8-BB8C-28FB-13731C5FD301}" = AMD VISION Engine Control Center
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C785836-A576-444B-9DD0-74E878695A56}" = CCC Help English
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC0C5A78-6DBF-3444-0120-0FE8F0134FCD}" = Adobe Download Assistant
"{E25E9970-864D-2AE6-70A2-51D9C6FEF480}" = Catalyst Control Center InstallProxy
"{E8F817ED-7F1D-05A5-1374-C6D115BC9051}" = Catalyst Control Center Graphics Previews Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.5
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BlogDesk_is1" = BlogDesk 2.8
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"FileZilla Client" = FileZilla Client 3.5.2
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.2.0
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"Spyware Doctor" = Spyware Doctor 8.0
"Trillian" = Trillian
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 26.11.2011 04:05:57 | Computer Name = Bansidhe | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 27.11.2011 14:00:04 | Computer Name = Bansidhe | Source = Windows Backup | ID = 4103
Description =
Error - 29.11.2011 14:26:47 | Computer Name = Bansidhe | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 02.12.2011 15:40:50 | Computer Name = Bansidhe | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 04.12.2011 05:01:32 | Computer Name = Bansidhe | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 04.12.2011 14:00:04 | Computer Name = Bansidhe | Source = Windows Backup | ID = 4103
Description =
Error - 05.12.2011 14:53:57 | Computer Name = Bansidhe | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pctsSvc.exe, Version: 7.0.0.147,
Zeitstempel: 0x4ce59256 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xc08b74e9 ID des fehlerhaften
Prozesses: 0x8b4 Startzeit der fehlerhaften Anwendung: 0x01ccb37df6440ac0 Pfad der
fehlerhaften Anwendung: F:\PC Tools Security\pctsSvc.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 7c330220-1f72-11e1-ab65-14dae969b6ca
Error - 06.12.2011 03:14:30 | Computer Name = Bansidhe | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.0.4325 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13a8 Startzeit:
01ccb3e42dde42f0 Endzeit: 38311 Anwendungspfad: F:\Programme\Firefox\firefox.exe Berichts-ID:
d7168881-1fd9-11e1-b2a7-14dae969b6ca
Error - 06.12.2011 03:23:10 | Computer Name = Bansidhe | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.0.4325 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1a0 Startzeit:
01ccb3e7b861d3d0 Endzeit: 15564 Anwendungspfad: F:\Programme\Firefox\firefox.exe Berichts-ID:
199d84f1-1fdb-11e1-ae21-14dae969b6ca
Error - 06.12.2011 14:47:33 | Computer Name = Bansidhe | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.0.4325 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cbc Startzeit:
01ccb4471c581ca0 Endzeit: 35848 Anwendungspfad: F:\Programme\Firefox\firefox.exe Berichts-ID:
a9d79741-203a-11e1-b736-14dae969b6ca
[ System Events ]
Error - 06.12.2011 15:51:05 | Computer Name = Bansidhe | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%5
Error - 06.12.2011 15:51:05 | Computer Name = Bansidhe | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%5
Error - 06.12.2011 15:51:14 | Computer Name = Bansidhe | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 06.12.2011 15:51:15 | Computer Name = Bansidhe | Source = PNRPSvc | ID = 102
Description =
Error - 06.12.2011 15:51:15 | Computer Name = Bansidhe | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%5
Error - 06.12.2011 15:51:15 | Computer Name = Bansidhe | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%5
Error - 06.12.2011 15:51:15 | Computer Name = Bansidhe | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 06.12.2011 15:51:18 | Computer Name = Bansidhe | Source = PNRPSvc | ID = 102
Description =
Error - 06.12.2011 15:51:18 | Computer Name = Bansidhe | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%5
Error - 06.12.2011 15:51:18 | Computer Name = Bansidhe | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%5
< End of report >
Was gibt es noch zu tun um meinen PC wieder sauber und keimfrei zu bekommen? Vielen Dank schon mal! Geändert von Lyhaire (06.12.2011 um 22:42 Uhr) |
|
07.12.2011, 19:08
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Systemfix und Win 7 internet Security - hoffentlich bald alle reste entfernt?Zitat:
__________________ |
|
07.12.2011, 20:12
| #3 | |
| | Systemfix und Win 7 internet Security - hoffentlich bald alle reste entfernt? aktuelle übersicht bei Kaspersky
__________________Zitat:
|
|
07.12.2011, 20:14
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Systemfix und Win 7 internet Security - hoffentlich bald alle reste entfernt? Mehr steht da nicht? Die Dateinamen zu den Funden fehlen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.12.2011, 20:33
| #5 | |
| | Systemfix und Win 7 internet Security - hoffentlich bald alle reste entfernt? Ne da steht nicht mehr in dem bericht zu den erkannten bedrohungen. ich hab noch mal das log was im schutz zenter angezeigt wird kopiert: Zitat:
(wenns relevant ist - das ist ne 30 Tage testversion erstmal) |
|
07.12.2011, 20:43
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Systemfix und Win 7 internet Security - hoffentlich bald alle reste entfernt?Zitat:
__________________ --> Systemfix und Win 7 internet Security - hoffentlich bald alle reste entfernt? |
|
07.12.2011, 21:14
| #7 |
| | Systemfix und Win 7 internet Security - hoffentlich bald alle reste entfernt? Hm, okay. Ich weiss 100% ich hab nix gecracktes runtergeladen und bin grad selbst etwas irritiert was das ist. Aber ok- trotzdem danke |
|
08.12.2011, 11:15
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Systemfix und Win 7 internet Security - hoffentlich bald alle reste entfernt? Neuinstallation wäre bei diesem Befall eh anzuraten => ZeroAccess ist ein fieses Rootkit.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Systemfix und Win 7 internet Security - hoffentlich bald alle reste entfernt? |
| 64 bit, 64 bit system, adobe, alternate, bearbeitung, bho, bonjour, c:\windows\system32\rundll32.exe, entfernen, entfernt?, error, fehler, firefox, flash player, format, google, google chrome, helper, home, install.exe, internet, internet security 2012, jdownloader, kaspersky, kaspersky anti-virus 2012, logfile, mozilla thunderbird, object, photoshop, plug-in, rarsfx0, registry, required, richtlinie, rundll, scan, security, shell32.dll, software, starten, systemfix, tastatur, vdeck.exe, version=1.0, webcheck, win 7, win 7 security 2012, windows, windows internet |
Linear-Darstellung
