![]() |
|
Log-Analyse und Auswertung: Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe Hallo Liebe Foren-Gemeinde, mein Großvater hat mir gestern seinen Rechner vorbeigebracht mit einem Problem, er sagte mir er könne nicht mehr Google verwenden und er würde langsam werden. Es handelt sich um einen Windows XP Rechner mit Installiertem Service Pack 3. Das System ist ein 32 Bit System. Nachdem ich nun den AVG Virenscanner im normalen Modus laufen lassen habe, hat dieser den Trojaner PSW.Generic.RDX gefunden. Und zwar einmal im RAM und einmal in der services.exe im System32 Ordner. Den im RAM konnte der AVG wohl entfernen, aber den im System32 Ordner wohl nicht. Also habe ich das ganze noch einmal im Abgesicherten Modus wiederholt, dort hat er aber gar nicht erst etwas gefunden. Als ich nun den Rechner wieder normal bootete, und AVG erneut Scannen lies (Zur Sicherheit) tauchte der Trojaner immernoch auf und nun noch zusätzlich in der iexplorer.exe Gibt es eine Möglichkeit das System noch zu säubern oder komme ich um eine Neu-Installation nicht herum? Habe euch auch die passenden Log Files mit geliefert. Falls noch etwas gewünscht wird, sagt es ruhig ![]() OTL.txt Code:
ATTFilter OTL logfile created on: 31.12.2011 18:33:16 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\xxxxxxx\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015,17 Mb Total Physical Memory | 436,32 Mb Available Physical Memory | 42,98% Memory free 3,87 Gb Paging File | 3,43 Gb Available in Paging File | 88,62% Paging File free Paging file location(s): C:\pagefile.sys 3048 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 137,04 Gb Total Space | 97,40 Gb Free Space | 71,08% Space Free | Partition Type: NTFS Computer Name: LUFIFESKTOP | User Name: xxxxxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.31 18:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\OTL.exe PRC - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe PRC - [2011.12.31 10:45:18 | 000,827,232 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe PRC - [2011.11.14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\PC Tools Security\BDT\BDTUpdateService.exe PRC - [2011.04.18 16:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe PRC - [2011.04.18 16:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2011.03.28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgcsrvx.exe PRC - [2011.03.16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe PRC - [2011.03.16 15:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe PRC - [2011.02.08 04:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe MOD - [2011.12.31 10:45:18 | 000,827,232 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe MOD - [2011.12.31 10:45:17 | 000,692,224 | ---- | M] () -- C:\Programme\AVG Secure Search\iGearedHelper.dll MOD - [2011.11.14 16:06:56 | 000,108,496 | ---- | M] () -- C:\Programme\PC Tools Security\BDT\BSPatch.dll MOD - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (Norton Internet Security) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater) SRV - [2011.11.22 19:41:50 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2011.11.22 18:20:06 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2011.11.14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programme\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2011.11.10 14:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.04.18 16:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2008.07.16 13:00:00 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService) SRV - [2008.05.05 23:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Programme\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2005.02.09 10:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec) DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip) DRV - [2011.11.22 19:43:02 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg) DRV - [2011.11.22 19:42:40 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD) DRV - [2011.11.22 19:38:04 | 000,253,096 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi) DRV - [2011.11.14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2011.10.07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA) DRV - [2011.10.07 17:52:06 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS) DRV - [2011.09.28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD) DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.04.14 20:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2011.04.04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011.03.16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - [2011.03.01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.02.22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2011.02.10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011.02.10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011.01.07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2009.03.23 13:06:52 | 000,130,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009.02.20 08:45:28 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009.02.20 08:43:38 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009.02.20 08:42:26 | 005,030,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.07.16 12:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15) DRV - [2008.04.13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2007.01.04 08:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus) DRV - [2005.12.21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA) DRV - [2005.12.21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA) DRV - [2005.12.21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA) DRV - [2003.07.24 11:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=0&o=xph&d=0510&m=el1600 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=0&o=xph&d=0510&m=el1600 IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank|hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bb02f40dc-6f5b-4343-b428-1843e8e01c8a%7D&mid=9dead1a333d9602cc6c0e745f9141804-ff410752225ab06f23d3680d7640feb22c7c4f1b&ds=AVG&v=9.0.0.18.1&lang=de&pr=fr&d=2011-12-31%2010%3A44%3A48&sap=ku&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011.09.01 12:26:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\9.0.0.18\ [2011.12.31 10:45:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Programme\PC Tools Security\BDT\Firefox\ [2011.12.31 14:03:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.10 09:32:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.21 08:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\Mozilla\Extensions [2010.05.21 08:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2011.09.10 09:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.12.31 10:45:42 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\AVG SECURE SEARCH\9.0.0.18 [2010.05.09 11:13:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.12.31 14:03:39 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAMME\PC TOOLS SECURITY\BDT\FIREFOX [2010.05.11 08:09:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.09.03 07:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.31 10:45:16 | 000,003,766 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml [2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Programme\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll () O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.05.09 13:06:40 | 000,000,087 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell - "" = AutoRun O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell - "" = AutoRun O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell - "" = AutoRun O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "WTGService" MsConfig - Services: "WMPNetworkSvc" MsConfig - Services: "TomTomHOMEService" MsConfig - Services: "RichVideo" MsConfig - Services: "Pml Driver HPZ12" MsConfig - Services: "PCLEPCI" MsConfig - Services: "osppsvc" MsConfig - Services: "ose" MsConfig - Services: "Norton Internet Security" MsConfig - Services: "JavaQuickStarterService" MsConfig - Services: "GameConsoleService" MsConfig - Services: "ETService" MsConfig - Services: "!SASCORE" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^F1U201.401.lnk - C:\Programme\Belkin\F1U201.401\usbshare.exe - () MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Photosmart Premier – Schnellstart.lnk - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Development Company, L.P.) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found MsConfig - StartUpReg: eRecoveryService - hkey= - key= - File not found MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Programme\CyberLink\PowerDVD\Language\Language.exe () MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: MSPY2002 - hkey= - key= - File not found MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found MsConfig - StartUpReg: Reminder - hkey= - key= - C:\Programme\Microsoft Money\System\REMINDER.EXE (Microsoft Corporation) MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) MsConfig - StartUpReg: USB2Check - hkey= - key= - File not found MsConfig - StartUpReg: WarReg_PopUp - hkey= - key= - C:\Programme\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.31 18:26:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxxxx\Desktop\OTL.exe [2011.12.31 14:26:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxxx\Lokale Einstellungen\Anwendungsdaten\Threat Expert [2011.12.31 14:03:37 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys [2011.12.31 14:03:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll [2011.12.31 14:03:35 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll [2011.12.31 14:03:35 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll [2011.12.31 13:59:30 | 000,660,992 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys [2011.12.31 13:59:30 | 000,341,656 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys [2011.12.31 13:59:23 | 000,253,096 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2011.12.31 13:58:53 | 000,331,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2011.12.31 13:58:53 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2011.12.31 13:58:35 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys [2011.12.31 13:58:35 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys [2011.12.31 13:58:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PC Tools Security [2011.12.31 13:58:19 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2011.12.31 13:58:00 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools [2011.12.31 13:20:14 | 000,000,000 | ---D | C] -- C:\Programme\PC Tools Security [2011.12.31 13:17:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools [2011.12.31 10:54:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hitman Pro [2011.12.31 10:53:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxxxxx\Eigene Dateien\Downloads [2011.12.31 10:50:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\AVG Secure Search [2011.12.31 10:45:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search [2011.12.31 10:45:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search [2011.12.31 10:45:16 | 000,000,000 | ---D | C] -- C:\Programme\AVG Secure Search [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.31 18:26:51 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\defogger_reenable [2011.12.31 18:26:40 | 000,460,416 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.12.31 18:26:40 | 000,442,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.12.31 18:26:40 | 000,085,618 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.12.31 18:26:40 | 000,072,102 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.12.31 18:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\OTL.exe [2011.12.31 18:21:26 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\Defogger.exe [2011.12.31 18:21:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.12.31 18:21:14 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys [2011.12.31 18:21:14 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\53f5srff.exe [2011.12.31 17:13:16 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BF366C04-092C-4F25-A053-9F7AEAA24F19}.job [2011.12.31 14:27:09 | 000,001,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor mit Antivirus.lnk [2011.12.31 13:59:58 | 000,600,874 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB [2011.12.31 13:17:58 | 000,512,992 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\sdsetup_revwire207[1].exe [2011.12.31 10:54:44 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2011.12.31 10:44:33 | 091,376,667 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2011.12.31 10:25:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.12.25 18:26:26 | 000,000,041 | ---- | M] () -- C:\WINDOWS\MAHJONGG.INI [2011.12.18 21:16:04 | 000,000,349 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PCLECHAL.INI [2011.12.16 17:10:10 | 009,412,608 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\Meine Finanzen.mny [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.31 18:26:51 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\defogger_reenable [2011.12.31 18:26:32 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\53f5srff.exe [2011.12.31 18:26:21 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\Defogger.exe [2011.12.31 18:21:14 | 1064,554,496 | -HS- | C] () -- C:\hiberfil.sys [2011.12.31 14:27:08 | 000,001,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor mit Antivirus.lnk [2011.12.31 14:03:36 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll [2011.12.31 14:03:36 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip [2011.12.31 14:03:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml [2011.12.31 14:03:36 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml [2011.12.31 14:03:36 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip [2011.12.31 13:59:32 | 000,600,874 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB [2011.12.31 13:17:59 | 000,512,992 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\sdsetup_revwire207[1].exe [2011.12.31 10:54:44 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2010.05.13 21:45:43 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2010.05.13 15:56:07 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MAHJONGG.INI [2010.05.13 15:52:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\stduser.ini [2010.05.13 15:36:13 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.13 15:17:13 | 000,128,150 | ---- | C] () -- C:\WINDOWS\hpoins11.dat [2010.05.10 17:15:59 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2010.05.10 17:15:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2010.05.10 17:15:57 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin [2010.05.09 14:04:04 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini [2010.05.09 13:23:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2010.05.09 13:10:32 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010.05.09 13:06:39 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll [2010.05.09 13:06:39 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll [2010.05.09 13:06:39 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll [2010.05.09 13:06:39 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll [2010.05.09 13:06:39 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll [2010.05.09 10:46:59 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\INT15.dll [2009.02.26 11:35:25 | 000,460,416 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2009.02.26 11:35:25 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2009.02.26 11:35:25 | 000,085,618 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2009.02.26 11:35:25 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2009.02.26 11:35:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2009.02.26 11:35:19 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2009.02.26 11:35:19 | 000,442,454 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2009.02.26 11:35:19 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2009.02.26 11:35:19 | 000,072,102 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2009.02.26 11:35:19 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2009.02.26 11:35:19 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2009.02.26 11:35:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2009.02.26 11:35:17 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2009.02.26 11:35:17 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2009.02.26 11:35:14 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2009.02.26 11:35:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2009.02.26 04:15:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.02.26 03:07:07 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2009.02.26 03:04:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2009.02.26 02:53:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe [2009.02.26 02:53:10 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009.02.26 02:52:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009.02.26 02:48:29 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009.02.26 02:47:17 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2009.02.26 02:43:47 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.02.26 02:43:01 | 000,367,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007.04.20 01:28:30 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat [2006.01.04 10:12:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2001.07.07 02:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI ========== LOP Check ========== [2011.12.31 10:45:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search [2010.11.22 18:00:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar [2010.11.22 17:38:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10 [2010.11.22 17:30:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9 [2010.11.22 17:38:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2011.12.31 10:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hitman Pro [2011.05.25 15:41:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData [2010.05.09 13:17:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle [2010.05.09 13:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio [2011.12.31 18:24:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp [2010.05.21 08:58:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2009.02.26 03:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WildTangent [2011.12.31 10:50:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\AVG Secure Search [2010.11.22 17:43:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\AVG10 [2010.05.09 12:21:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\OpenOffice.org [2010.05.09 13:48:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\proDAD [2010.05.21 08:58:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\TomTom [2011.12.31 17:13:16 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BF366C04-092C-4F25-A053-9F7AEAA24F19}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.07.15 12:10:53 | 000,000,000 | -H-D | M] -- C:\$AVG [2010.05.09 11:59:02 | 000,000,000 | ---D | M] -- C:\a46e3e7a20cc69a3039b15ac07 [2010.05.09 10:56:54 | 000,000,000 | -H-D | M] -- C:\ACER [2010.05.09 10:56:48 | 000,000,000 | -H-D | M] -- C:\ACERSW [2010.05.13 15:27:03 | 000,000,000 | ---D | M] -- C:\bin [2009.02.26 03:09:39 | 000,000,000 | ---D | M] -- C:\Book [2011.12.31 13:59:05 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2011.09.27 14:09:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2008.09.11 08:23:36 | 000,000,000 | ---D | M] -- C:\DOTNETFX [2011.09.10 09:30:48 | 000,000,000 | ---D | M] -- C:\Downloads [2011.08.31 22:33:59 | 000,000,000 | ---D | M] -- C:\i386 [2009.02.26 02:58:04 | 000,000,000 | ---D | M] -- C:\Intel [2010.06.14 17:37:06 | 000,000,000 | ---D | M] -- C:\Microsoft Money Sicherung [2011.01.23 15:38:28 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.05.09 10:46:33 | 000,000,000 | ---D | M] -- C:\Program Files [2011.12.31 13:20:14 | 000,000,000 | R--D | M] -- C:\Programme [2010.05.09 11:12:16 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.12.31 13:59:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.09.11 08:23:33 | 000,000,000 | ---D | M] -- C:\VALUEADD [2011.12.31 18:22:02 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: AFD.SYS > [2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3GDR\afd.sys [2008.04.14 13:00:00 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys [2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\system32\dllcache\afd.sys [2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\system32\drivers\afd.sys [2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys [2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys [2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys [2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys [2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys [2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys [2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys [2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3QFE\afd.sys < MD5 for: EXPLORER.EXE > [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: IPSEC.SYS > [2008.04.14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys [2008.04.14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys < MD5 for: REGEDIT.EXE > [2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\i386\REGEDIT.EXE [2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.06.06 12:35:26 | 001,859,072 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-09 11:47:58 < > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 207 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:430C6D84 < End of report > |
Themen zu Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe |
0x00000001, 32 bit, alternate, avg, avg secure search, avg security toolbar, bho, browser, c:\windows\system32\rundll32.exe, c:\windows\system32\services.exe, cid, document, einstellungen, entfernen, excel.exe, firefox, format, google, home, langsam, logfile, plug-in, popup, problem, realtek, registry, required, rundll, scan, secure search, security, security update, services.exe, sicherheit, system, trojaner, vtoolbarupdater, win32k.sys, windows, windows xp |