| |
| |||||||
Log-Analyse und Auswertung: Trojaner! System wurde aus Sicherheitsgründen gesperrt.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.12.2011, 18:07
| #1 |
| |  Trojaner! System wurde aus Sicherheitsgründen gesperrt. Hallo Ich habe mir heute den Trojaner eingefangen, der die Meldung bringt „System wurde aus Sicherheitsgründen gesperrt.“ Nach einem Start im Abgesichertenmodus konnte ich „Hihgjack this“ ausführen und das Log an einem anderen PC auswerten. Die exe-Datei, die sich beim Start öffnete konnte ich somit identifizieren und löschen. Es war eine iexploer.exe unter C:\Users\...\AppData\Roaming\Microsoft\Internet Explorer Nach dem löschen der Datei funktioniert mein Rechner wieder. Ich würde jetzt nur gerne wissen ob das Problem komplett behoben wurde. Außerdem bekomme ich bei dem Starten (a9us der Traskleiste) einiger Programme wie zum Bsp. Firefox oder Word den Fehler, das die Dateipfade verschoben wurde. Ich habe ein Windows 7 64-Bit System. Logfiles befinden sich im Anhang. Achja defogger habe ich als Admin ausgeführt. Dieser wollte keinen Neustart und hat sonst auch nichts gemacht. S&D und Malwarebytes Anti-Malware haben nichts mehr auf dem PC gefunden. Antivir auch nicht aber das hatte schon im abgesichertem Modus nichts gefunden, als der Trojaner noch da war. Code:
ATTFilter OTL logfile created on: 27.12.2011 17:41:13 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Siggi\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 62,89% Memory free 7,99 Gb Paging File | 6,08 Gb Available in Paging File | 76,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 38,10 Gb Free Space | 31,98% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 329,75 Gb Free Space | 70,80% Space Free | Partition Type: NTFS Drive E: | 58,59 Gb Total Space | 58,50 Gb Free Space | 99,85% Space Free | Partition Type: NTFS Drive F: | 220,86 Gb Total Space | 170,05 Gb Free Space | 76,99% Space Free | Partition Type: NTFS Drive H: | 7,47 Gb Total Space | 6,86 Gb Free Space | 91,73% Space Free | Partition Type: FAT32 Computer Name: SIGGI-PC | User Name: Siggi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Siggi\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Programme\TS3\ts3client_win32.exe (TeamSpeak Systems GmbH) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\DAODx.exe () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - D:\Programme\TS3\plugins\clientquery_plugin.dll () MOD - D:\Programme\TS3\soundbackends\windowsaudiosession_win32.dll () MOD - D:\Programme\TS3\soundbackends\directsound_win32.dll () MOD - D:\Programme\TS3\plugins\appscanner_plugin.dll () MOD - D:\Programme\TS3\QtGui4.dll () MOD - D:\Programme\TS3\QtCore4.dll () MOD - D:\Programme\TS3\QtNetwork4.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll () MOD - C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll () MOD - D:\Programme\TS3\imageformats\_old_qjpeg4.dll () MOD - D:\Programme\TS3\imageformats\_old_qgif4.dll () MOD - C:\Windows\DAODx.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (AODService) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (EIO64) -- C:\Windows\SysNative\drivers\EIO64.sys (ASUSTeK Computer Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (IOMap) -- C:\Windows\SysNative\drivers\IOMap64.sys (ASUSTeK Computer Inc.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (Magic Tune) -- C:\Windows\SysNative\drivers\MTiCtwl.sys (Samsung Electronics, Inc. ) DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (AODDriver2) -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys (Advanced Micro Devices) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 01 33 4A 37 BF CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\Reader10\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.26 22:09:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.26 22:09:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.21 19:36:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.21 19:36:42 | 000,000,000 | ---D | M] [2010.12.01 20:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siggi\AppData\Roaming\mozilla\Extensions [2010.12.01 20:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siggi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.23 15:33:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siggi\AppData\Roaming\mozilla\Firefox\Profiles\yv5k50de.default\extensions [2011.12.27 14:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.12.02 11:36:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.12.02 12:41:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.15 14:45:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.23 15:23:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.27 11:25:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.04.26 22:09:52 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.04.26 22:09:52 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.03.07 11:16:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.07 11:16:26 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.03.07 11:16:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.07 11:16:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.07 11:16:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.27 17:20:16 | 000,439,956 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15125 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ASUS SmartDoctor] C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.) O4 - HKCU..\Run: [iexploer.exe] C:\Users\Siggi\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O12 - Plugin for: .cdx - C:\Program Files (x86)\Internet Explorer\PLUGINS\Npcdp32.dll (CambridgeSoft.Com) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{549DBD61-C3E1-430C-AD3B-DBB6BA87D162}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{e667fb04-fd6e-11df-8e62-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e667fb04-fd6e-11df-8e62-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.27 16:51:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Siggi\Desktop\OTL.exe [2011.12.27 13:25:33 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{B328F867-5265-4669-8E3E-608B49A6D7EC} [2011.12.27 13:25:11 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{5F25E6FC-1504-41BF-9B08-75C791069222} [2011.12.26 13:34:57 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{76502099-7A10-4B7E-8A05-44F48802A1A1} [2011.12.25 13:24:39 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{0E2CD1CA-3189-4210-9553-5CFC52C45480} [2011.12.25 13:24:27 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{094C389D-BFFD-4D66-891E-8EDC56FAB003} [2011.12.24 12:30:59 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{E8488BDE-FCF6-4361-9AE1-A75EC6A3592F} [2011.12.24 00:34:28 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{58E1AC49-BB7A-457E-8DC2-B369D3F1C77B} [2011.12.23 21:55:49 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{DC4B2874-5B18-4F9C-84C6-77040A826E90} [2011.12.23 16:10:28 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{3E94D341-2F61-42F9-95D3-0CA2406058B4} [2011.12.23 11:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSDlife [2011.12.23 11:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BinarySense [2011.12.23 11:22:06 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{CEDE75BC-1BF9-4D0B-99DD-5F0E0EE7171E} [2011.12.23 11:21:43 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{264A42BD-7FAB-4CAF-BEEB-6581E73A0E4D} [2011.12.22 15:16:00 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{C7203CA9-DEFB-4A2F-BFD9-421DF24C1A11} [2011.12.22 15:15:38 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{89378933-57A8-492A-85D4-D1C7C3819D25} [2011.12.22 11:36:45 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{FEAB741E-40C5-4205-8339-D3CE31B3C182} [2011.12.21 19:04:14 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{BBA437C6-0C4D-48B4-BCF1-CEC5285EB99B} [2011.12.21 19:03:52 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{80867720-C5B9-4A25-BFE5-6AF4624709E1} [2011.12.20 17:45:18 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{0C3D28B7-CB7C-42A1-BA9A-222010480EE6} [2011.12.20 17:44:57 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{3AEEE537-730C-4DF8-9502-7F2BF9904D58} [2011.12.19 17:28:52 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{570B13B9-E91F-4DFB-87EA-5E08C26D1F39} [2011.12.19 17:28:40 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{5EF65840-CD8A-43A2-AFDA-523A39904A7B} [2011.12.18 13:10:28 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{54FF3DD8-6B17-4FE1-8DA4-95B44D03DD16} [2011.12.18 13:10:06 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{3AEBEC6E-4E00-4DB0-84DF-70D9147B5A55} [2011.12.17 11:52:41 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{398C19CB-3B92-436E-8A03-E06A028E863B} [2011.12.17 11:52:30 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{A3A11522-3862-4DFC-9FB3-78F146D3987A} [2011.12.16 18:14:50 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{CC5E390D-26C7-4358-A886-372798FCE332} [2011.12.16 18:14:39 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{199B749F-7756-487A-8278-1985855CF8A1} [2011.12.15 17:10:27 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{F6C01BDA-EDEB-4139-B72E-5064D83D568C} [2011.12.15 17:10:16 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{D9B8F578-113F-4667-A123-906C71E0D3B2} [2011.12.14 18:55:31 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{BBE00D8C-198E-435B-A910-CEB09FA8E0F4} [2011.12.14 18:46:57 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{F4C1E7D9-7875-4641-8638-6B0022242544} [2011.12.14 18:04:02 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{8381431F-2926-4002-8117-C0BBD2AE04DE} [2011.12.14 18:03:40 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{A630CC3F-B8B8-4C68-A3C4-0E124FA8EE40} [2011.12.13 20:40:39 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{AFABC5BB-7715-4D39-AE32-90967BAFA398} [2011.12.13 18:24:54 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{F2A24672-1BE6-4A87-A9ED-E8245E95436B} [2011.12.12 22:34:07 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{DFE55DBB-C4F2-4786-89A6-069471C180BE} [2011.12.12 19:23:18 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{47231922-97E7-48FB-B016-634D2E0BA8A6} [2011.12.12 18:33:01 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{EF42163C-EA3F-4F3A-AE7A-BBFBE784CF56} [2011.12.11 13:06:47 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{008BD398-4823-48C5-9474-FCF702CBF847} [2011.12.11 13:06:36 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{045A4CBA-072E-4317-9C8F-0EE288A9D7C4} [2011.12.10 14:07:33 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{3BEB0104-920A-4DD7-9A42-8C30B63737C3} [2011.12.10 14:07:22 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{B59B20B9-28BA-4533-87F5-17589F945BBC} [2011.12.09 13:25:02 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{0F7830BA-5E7D-4036-BE56-F41080B26352} [2011.12.09 13:24:40 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{BDA098B2-66A2-4E18-A9A3-5C13F3C65FFC} [2011.12.09 01:48:35 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{DACAD6F3-BB09-45A4-A791-0B094255113C} [2011.12.08 12:52:06 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{B5D8C887-3A0F-4775-8ED6-57B658622193} [2011.12.08 12:51:44 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{629C6F96-C382-40EB-B347-6EA44A4C354D} [2011.12.07 12:58:53 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{4A4A2C1A-6C8B-4ED2-BFF3-6E1EDF7A3C88} [2011.12.06 12:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.12.06 12:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2011.12.06 12:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2011.12.06 12:34:41 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{F1800ADC-E24A-47C7-84B7-8A7F8254CD28} [2011.12.06 12:34:26 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{B308B0FE-80CA-4D07-ADB7-3F5D4801D61A} [2011.12.05 12:32:35 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{2B7C27F0-7751-4D90-91A5-6B8A1DB76537} [2011.12.05 12:32:19 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{BB44C220-DE19-40F1-B09B-22559D0EC202} [2011.12.04 19:24:06 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{4177CEB6-685B-4CC5-B5DE-98C17599CC99} [2011.12.03 18:47:32 | 000,000,000 | ---D | C] -- C:\Users\Siggi\Documents\Star Wars - The Old Republic [2011.12.03 18:46:40 | 000,000,000 | ---D | C] -- C:\Users\Siggi\Documents\HeroBlade Logs [2011.12.03 18:02:16 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{26C92C44-8AED-421D-9399-D778D2C47590} [2011.12.03 18:02:05 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{3BD14D84-7794-4420-8DFE-025684D83F24} [2011.12.03 15:32:44 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{8A8B6D67-458A-4445-A872-577CB430EB1E} [2011.12.03 12:49:56 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{3E722424-1373-4124-85B8-957F2B7FE695} [2011.12.02 20:07:51 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{07057D14-E0A0-4912-A978-0EF57705289D} [2011.12.02 20:07:40 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{D90226D1-A30D-41EC-9481-12F9B8FD6A63} [2011.12.01 23:14:14 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{A6C2020C-BCC0-4049-8010-C33F60EF4876} [2011.12.01 23:13:52 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{B78A5BE7-986F-4594-AF1A-3192548202DE} [2011.11.30 11:26:09 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{42E7C10E-A073-4C05-BC5E-07A352E1DC5B} [2011.11.30 11:25:58 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{1A9629BB-3343-49FA-AD14-0F572F09C17B} [2011.11.30 11:23:49 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{AE452F27-33CA-480E-9EB4-0FD598752926} [2011.11.30 11:23:37 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{73C546C9-B984-4C31-9F93-05F9622F9783} [2011.11.29 11:08:57 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{2976766A-EAE8-4BB5-ABA7-E59C1B350C56} [2011.11.29 11:08:42 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{59237F6F-3F79-407E-806D-8A1675A0CF0A} [2011.11.27 22:50:04 | 000,000,000 | ---D | C] -- C:\Users\Siggi\AppData\Local\{96BB8EED-93C0-4C8B-B562-C3D0C9E1ADAB} [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.27 17:40:22 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.27 17:40:22 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.27 17:40:17 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.27 17:40:17 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.27 17:40:17 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.27 17:40:17 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.27 17:40:17 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.27 17:38:35 | 000,000,000 | ---- | M] () -- C:\Users\Siggi\defogger_reenable [2011.12.27 17:34:34 | 000,000,721 | ---- | M] () -- C:\Users\Siggi\Desktop\World of Warcraft.lnk [2011.12.27 17:33:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.27 17:33:10 | 3219,763,200 | -HS- | M] () -- C:\hiberfil.sys [2011.12.27 17:20:16 | 000,439,956 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.12.27 17:18:58 | 000,050,477 | ---- | M] () -- C:\Users\Siggi\Desktop\Defogger.exe [2011.12.27 16:58:53 | 000,008,012 | ---- | M] () -- C:\Users\Siggi\Desktop\Extras.rar [2011.12.27 16:58:49 | 000,011,105 | ---- | M] () -- C:\Users\Siggi\Desktop\OTL.rar [2011.12.27 16:52:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Siggi\Desktop\OTL.exe [2011.12.21 19:15:49 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.12.21 19:15:49 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.12.13 00:05:51 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011.12.06 21:03:54 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2011.12.06 21:03:19 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.11.29 02:07:07 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.27 17:38:35 | 000,000,000 | ---- | C] () -- C:\Users\Siggi\defogger_reenable [2011.12.27 17:38:00 | 000,050,477 | ---- | C] () -- C:\Users\Siggi\Desktop\Defogger.exe [2011.12.27 16:58:53 | 000,008,012 | ---- | C] () -- C:\Users\Siggi\Desktop\Extras.rar [2011.12.27 16:58:49 | 000,011,105 | ---- | C] () -- C:\Users\Siggi\Desktop\OTL.rar [2011.11.24 15:20:38 | 002,580,552 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.11.24 14:40:52 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.24 14:40:45 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.10.27 22:37:10 | 000,007,597 | ---- | C] () -- C:\Users\Siggi\AppData\Local\Resmon.ResmonCfg [2011.10.26 02:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.10.26 02:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.10.25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.10.03 11:53:16 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.05 23:01:06 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011.09.05 23:01:06 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011.09.05 23:01:06 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011.06.17 18:01:52 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.04.02 19:32:39 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2011.02.27 15:18:33 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2011.01.10 11:59:27 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.13 11:53:46 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.12.10 17:15:41 | 000,259,302 | ---- | C] () -- C:\Windows\hpwins19.dat [2010.12.10 17:15:41 | 000,000,673 | ---- | C] () -- C:\Windows\hpwmdl19.dat [2010.12.06 20:25:44 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.12.03 20:58:54 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI [2010.12.01 20:18:02 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2010.12.01 20:18:02 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2010.12.01 20:18:01 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2010.12.01 20:18:01 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2010.12.01 18:33:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.12.01 18:26:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.12.01 18:26:12 | 000,031,469 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010.09.14 16:17:00 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\ASDR.exe [2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2009.03.30 07:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe ========== LOP Check ========== [2010.12.01 19:54:10 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\Canneverbe Limited [2011.09.09 22:53:46 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\Hi-Rez Studios [2011.10.19 18:10:19 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\ICQ [2010.12.01 22:37:25 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\Leadertech [2011.05.27 17:24:33 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\LolClient [2010.12.02 11:37:43 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\OpenOffice.org [2011.10.26 17:19:13 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\Origin [2010.12.01 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\Thunderbird [2011.03.22 20:59:19 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\TuneUp Software [2011.11.23 00:22:37 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\Ubisoft [2011.03.24 01:09:36 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\wargaming.net [2010.12.16 22:51:34 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\Windows Live Writer [2011.09.28 11:06:21 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\WordToPDF [2011.11.29 16:32:15 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4FC01C57 < End of report > |
| Themen zu Trojaner! System wurde aus Sicherheitsgründen gesperrt. |
| .dll, 0x00000001, 64-bit, adobe, alternate, antivir, avira, bho, browser, excel, fehler, firefox, format, gesperrt, helper, internet, langs, launch, neustart, plug-in, problem, programme, realtek, registry, safer networking, scan, sched.exe, software, starten, system, teamspeak, trojaner, trojaner eingefangen, version=1.0, webcheck, windows, windows 7 64-bit |
Baum-Darstellung