| |
| |||||||
Log-Analyse und Auswertung: Aus Sicherheitsgründen wurde ihre Windows systemherstellung blockiert TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.01.2012, 23:35
| #16 |
 |  Aus Sicherheitsgründen wurde ihre Windows systemherstellung blockiert Trojaner OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.01.2012 23:16:57 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Daniel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,56% Memory free
7,96 Gb Paging File | 5,88 Gb Available in Paging File | 73,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,66 Gb Total Space | 404,45 Gb Free Space | 89,75% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 1,86 Gb Total Space | 1,18 Gb Free Space | 63,20% Space Free | Partition Type: FAT
Computer Name: DROGOSCH | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{982C480E-5BE0-2714-E584-83E88F8A31C3}" = ccc-utility64
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E69F8CE0-7EA0-63A9-5A5B-D8FD9BDCC219}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{03148a20-37c5-4966-a0af-13cf1040e10f}" = Nero 9 Essentials
"{063541C9-B4CA-CD49-080C-AEDE45067CEB}" = CCC Help Portuguese
"{07580AC7-1B74-92E7-F405-9AD4019CA577}" = CCC Help Thai
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{10AD2C1F-9825-F220-7870-CD7B946D367E}" = CCC Help Spanish
"{1B192700-C368-49C1-BF81-D2F9BA065534}" = Catalyst Control Center - Branding
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{23E26695-3815-012F-1CAF-C6C3564DBCBF}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29A4502B-1FA5-72E0-92F1-AC8F2EF16D51}" = CCC Help Danish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{320795BA-446B-C1F7-9560-CC171192DC21}" = CCC Help Turkish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{334BEF1F-EE5B-295F-BED0-728F7F45328B}" = CCC Help Polish
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47772E7F-6942-B7A3-1B31-74D30343064B}" = CCC Help Norwegian
"{485E3D4A-35FB-CED2-3CF5-FAD4CCFE46BD}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6D25EA-5390-CEE6-305E-F28B192C806C}" = CCC Help Finnish
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{557018DC-309C-5BCC-0587-B2D86BA20613}" = CCC Help Greek
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{704ED517-BB7F-7654-2185-627ACCB20179}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B284AC2-4756-6779-9274-FE20EE9216B7}" = Catalyst Control Center InstallProxy
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{800BE8AA-C912-E42D-E97F-BA533A2C851F}" = CCC Help Korean
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83429F57-1A80-EB5B-8E60-C215D025A18B}" = CCC Help Italian
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A49FC1A9-B40E-4C2E-86B1-0F2C6B00DD60}" = Vocabulary
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3119BF5-2502-B6A6-45AA-A1FE5D82FFD7}" = CCC Help Russian
"{B4C7BC58-3914-9EF9-E2B9-52216DFE899D}" = Catalyst Control Center Graphics Previews Vista
"{B722FA60-A6EF-A3F5-DD4B-C826CDA16114}" = CCC Help Japanese
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC7BBA77-7C6F-115C-4B47-0E3EE2610C13}" = CCC Help German
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCCC93B-F646-EB40-4AB1-55D4BE0E5D30}" = CCC Help Dutch
"{DBD55196-4BE4-CAAC-1447-4AF6657EEAD6}" = CCC Help Czech
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1161FE3-E090-512B-BE20-AA276C2766CA}" = CCC Help Swedish
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B8B8A6-BBD9-0B5F-1AA1-A95161C16247}" = CCC Help Chinese Traditional
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E5F1F9B2-90C3-83E2-888F-2725AACA93BD}" = CCC Help French
"{E87C0C8B-82D6-7C51-B1A3-01EAF3314F7F}" = CCC Help English
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E90747-42A1-E42F-C104-48239458946A}" = CCC Help Chinese Standard
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDDB05A-1B35-453B-47B5-AD75809BBBF9}" = PX Profile Update
"7-Zip" = 7-Zip 9.20
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP280 series Benutzerregistrierung" = Canon MP280 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Packard Bell MyBackup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.9.0 (Full)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"WinLiveSuite" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.01.2012 17:15:39 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 03.01.2012 17:15:39 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4009
Error - 03.01.2012 17:15:39 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4009
Error - 03.01.2012 17:15:40 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 03.01.2012 17:15:40 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5023
Error - 03.01.2012 17:15:40 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5023
Error - 03.01.2012 19:34:19 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 03.01.2012 19:34:19 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
Error - 03.01.2012 19:34:19 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
Error - 03.01.2012 19:34:20 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
[ Cisco AnyConnect VPN Client Events ]
Error - 02.05.2011 14:13:10 | Computer Name = Drogosch | Source = vpnagent | ID = 67108866
Description = Function: URL::URL File: .\Utility\URL.cpp Line: 36 Invoked Function:
URL::setURL Return Code: -28508150 (0xFE4D000A) Description: URL_ERROR_BAD_URL
Error - 02.05.2011 14:13:18 | Computer Name = Drogosch | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 02.05.2011 14:13:18 | Computer Name = Drogosch | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 02.05.2011 14:13:18 | Computer Name = Drogosch | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 02.05.2011 14:13:18 | Computer Name = Drogosch | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1020 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
(0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 02.05.2011 14:13:18 | Computer Name = Drogosch | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
856 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 02.05.2011 14:13:18 | Computer Name = Drogosch | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 02.05.2011 14:14:54 | Computer Name = Drogosch | Source = vpnui | ID = 67108866
Description = Function: ClientIfcBase::autoConnectIfEnabled File: .\ClientIfcBase.cpp
Line:
570 Invoked Function: ClientIfcBase::connect Return Code: -33554422 (0xFE00000A) Description:
GLOBAL_ERROR_UNKNOWN
Error - 02.05.2011 14:14:54 | Computer Name = Drogosch | Source = vpnui | ID = 67108865
Description = Function: ClientIfcBase::attach File: .\ClientIfcBase.cpp Line: 494 autoConnectIfEnabled()
failed
Error - 02.05.2011 14:15:41 | Computer Name = Drogosch | Source = vpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
[ System Events ]
Error - 09.01.2012 12:48:40 | Computer Name = Drogosch | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Packard Bell" den Befehl "chkdsk" aus.
Error - 09.01.2012 12:49:19 | Computer Name = Drogosch | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 09.01.2012 14:39:36 | Computer Name = Drogosch | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 10.01.2012 16:51:47 | Computer Name = Drogosch | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 10.01.2012 16:51:48 | Computer Name = Drogosch | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 10.01.2012 16:51:48 | Computer Name = Drogosch | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 10.01.2012 16:51:49 | Computer Name = Drogosch | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 11.01.2012 17:54:27 | Computer Name = Drogosch | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 11.01.2012 17:54:27 | Computer Name = Drogosch | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 11.01.2012 17:54:28 | Computer Name = Drogosch | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
|
|
12.01.2012, 06:36
| #17 | ||
| /// Helfer-Team    | Aus Sicherheitsgründen wurde ihre Windows systemherstellung blockiert Trojaner 1.
__________________Zitat:
Code:
ATTFilter :OTL
PRC - [2011.10.05 23:31:15 | 000,137,536 | ---- | M] (Facebook Inc.) -- C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe
O3:64bit: - HKLM\..\Toolbar: (no name) - !{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
[2011.11.19 01:14:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\5043
[2011.11.19 01:13:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\kock
[2011.11.19 01:13:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\xmldm
:Commands
[purity]
[emptytemp]
► Empfehlungen/Vorschläge: 2. An deiner Stelle würde ich aus dem Autostart folgende Programme rausnehmen: Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.- Bei allem Häkchen weg was nicht starten soll. Die Programme bleiben dabei erhalten, falls man braucht, kann jederzeit manuell gestartet werden! Code:
ATTFilter Du solltest nie deaktivieren :
Grafiktreibers
Firewall
Antivirenprogramm
Sound
um den Autostart von Windows zu gelangen:-> "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart ► "Start -> Alle Programme-> Zubehör-> Ausführen" .. und gibst Du "msconfig" (ohne "") ein ->OK um den Autostart von Windows XP zu verwalten:-> "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart Zitat:
Code:
ATTFilter O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
Für die aufgelisteten Programme gelten zusätzlich, dass man nach Aktualisierung (AfterUpdate) erneut unter Start und Dienste nachkontrollieren muss! 3. erneut einen Scan mit OTL:
__________________ |
|
12.01.2012, 12:56
| #18 |
| | Aus Sicherheitsgründen wurde ihre Windows systemherstellung blockiert Trojaner All processes killed
__________________========== OTL ========== No active process named FacebookUpdate.exe was found! 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully. C:\Users\Daniel\AppData\Roaming\5043\components folder moved successfully. C:\Users\Daniel\AppData\Roaming\5043 folder moved successfully. C:\Users\Daniel\AppData\Roaming\kock folder moved successfully. C:\Users\Daniel\AppData\Roaming\xmldm folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Daniel ->Temp folder emptied: 1564268 bytes ->Temporary Internet Files folder emptied: 994105 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 37442706 bytes ->Flash cache emptied: 470 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 22071 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 3608677 bytes Total Files Cleaned = 42,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 01122012_125203 Files\Folders moved on Reboot... C:\Users\Daniel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
12.01.2012, 13:07
| #19 |
| | Aus Sicherheitsgründen wurde ihre Windows systemherstellung blockiert Trojaner hallo, könnten Sie mir das mir dem Autostart nochmal erklären, also hineinkommen ist kein Problem, aber weis nicht wie ich da irgendwelche Änderungen vornehmen kann... mfg |
|
12.01.2012, 14:50
| #20 | |
| /// Helfer-Team | Aus Sicherheitsgründen wurde ihre Windows systemherstellung blockiert Trojaner - gehe auf "Start-> Alle Programme-> Autostart...Reiter "Systemstart" - oder "Programme-> Dateien durchsuchen-> im Startmenü schreibst Du "msconfig" rein und wählst Du den "Systemstart" aus. starten-> Extras-> Autostart... oder: Drücke bitte die Tastenkombination [Windows-Taste]+[R], gibt`s Du den Befehl "msconfig" (ohne "") ein, und klicke auf OK.[/COLOR][/SIZE][/B] bei die hier genannten Programme, Häckhen rausnehmen: Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
12.01.2012, 15:13
| #21 |
| | Aus Sicherheitsgründen wurde ihre Windows systemherstellung blockiert Trojaner OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.01.2012 15:05:41 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Daniel\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,18% Memory free 7,96 Gb Paging File | 6,04 Gb Available in Paging File | 75,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,66 Gb Total Space | 403,37 Gb Free Space | 89,51% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive E: | 1,86 Gb Total Space | 1,18 Gb Free Space | 63,20% Space Free | Partition Type: FAT Computer Name: DROGOSCH | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.09 12:28:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\24960-OTL.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.28 20:14:10 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.02 22:35:58 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.04 13:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.02.25 07:19:30 | 000,061,952 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\firefox.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.12.22 21:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.22 21:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.09 06:27:50 | 001,025,616 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.12.09 06:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.12.09 06:27:50 | 000,287,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.11.12 02:21:52 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2010.11.12 02:21:46 | 000,295,232 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe PRC - [2010.10.28 18:55:02 | 000,969,824 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.09.14 03:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.09.14 03:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.04.27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2012.01.09 16:14:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll MOD - [2011.10.14 10:57:02 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\60c320dbe033e8ff4830cdc059933f2c\IAStorUtil.ni.dll MOD - [2011.10.14 10:57:02 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll MOD - [2011.10.14 10:03:50 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.10.14 10:03:45 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.10.14 10:03:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011.10.14 10:03:31 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011.10.14 10:03:28 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.10.14 10:03:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.10.14 10:03:23 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.05.28 23:21:31 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011.02.27 04:41:25 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011.02.25 07:19:30 | 000,061,952 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\firefox.exe MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.12 02:22:22 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\sqlite3.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2010.10.28 03:38:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.10.08 02:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.28 20:14:10 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.02 22:35:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.26 20:06:01 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.12.22 21:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.12.22 21:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.12.09 06:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.11.12 02:21:52 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.10.29 19:22:12 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.09.14 03:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.06.28 20:14:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.28 20:14:10 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.28 04:11:46 | 007,877,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.28 03:03:40 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.08 02:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.09.30 06:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.09.27 08:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010.09.14 03:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.07.29 14:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.07.20 10:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.05.11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.05.05 22:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..network.proxy.no_proxies_on: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Daniel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.18 19:31:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.08 03:45:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.10 21:54:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Daniel\AppData\Roaming\5043 [2012.01.10 21:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2012.01.11 23:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\szfr3tp7.default\extensions [2012.01.10 21:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.01.10 21:54:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2012.01.08 03:45:21 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.10 21:54:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.03 21:21:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 21:21:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 21:21:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 21:21:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Mozilla Firefox] C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\firefox.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{359E4F5A-1A40-464B-BD4A-2AF301A56293}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{590F8133-C064-4BB6-9FA0-00BD017A0412}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9443097F-9960-484F-9F44-D5F904231400}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.12 13:04:20 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.01.11 23:12:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\tdsskiller_2.5.5.0 [2012.01.10 23:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.01.10 22:10:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\SUPERAntiSpyware.com [2012.01.10 22:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.01.10 22:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.01.10 22:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.01.10 22:04:16 | 000,000,000 | ---D | C] -- C:\_OTL [2012.01.10 21:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.01.10 21:54:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.01.10 21:54:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.01.10 21:54:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.01.09 19:04:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Virus [2012.01.09 16:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.01.09 16:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.01.09 16:09:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\24960-OTL.exe [2012.01.04 23:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vocabulary [2012.01.04 23:56:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Eigene Vokabelhefte [2011.12.27 22:38:23 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Media Player Classic [2011.12.27 22:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2011.12.27 22:37:52 | 000,839,680 | ---- | C] (www) -- C:\Windows\SysWow64\lameACM.acm [2011.12.27 22:36:18 | 016,534,924 | ---- | C] ( ) -- C:\Users\Daniel\Desktop\K-Lite_Codec_Pack_790_Full.exe [2011.12.27 22:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2011.12.27 09:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2011.12.16 11:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.12.16 11:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.12.16 11:44:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.12.16 11:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.12.16 00:54:07 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.16 00:54:07 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.16 00:54:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.16 00:54:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.16 00:54:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.16 00:54:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.16 00:54:05 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.12.16 00:54:05 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.12.16 00:54:05 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.12.16 00:54:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.12.16 00:54:04 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.12.15 20:59:28 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.15 20:59:28 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.15 20:54:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [1 C:\Users\Daniel\AppData\Roaming\*.tmp files -> C:\Users\Daniel\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.12 15:09:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.12 15:09:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.12 15:09:06 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.12 15:09:06 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.12 15:09:06 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.12 15:09:06 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.12 15:09:06 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.12 15:01:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.12 15:01:38 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys [2012.01.10 22:10:08 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.01.10 21:54:32 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.01.10 21:54:32 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.01.10 21:54:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012.01.10 21:54:31 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.01.09 16:13:22 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.01.09 12:28:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\24960-OTL.exe [2012.01.08 21:44:01 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.08 19:56:56 | 005,605,280 | ---- | M] () -- C:\Users\Daniel\Desktop\winf programmieren S.125.pdf [2012.01.08 18:23:05 | 000,043,101 | ---- | M] () -- C:\Users\Daniel\Desktop\SII Lo sungen.pdf [2012.01.08 17:50:19 | 000,616,654 | ---- | M] () -- C:\Users\Daniel\Desktop\KLR Skript Zsfassung.pdf [2012.01.04 23:56:26 | 000,003,093 | ---- | M] () -- C:\Users\Daniel\Desktop\Vocabulary 2004.lnk [2012.01.03 03:01:59 | 001,843,358 | ---- | M] () -- C:\Users\Daniel\Desktop\IMG_0481.JPG [2012.01.03 03:01:58 | 002,002,497 | ---- | M] () -- C:\Users\Daniel\Desktop\IMG_0479.JPG [2012.01.03 03:01:58 | 001,912,178 | ---- | M] () -- C:\Users\Daniel\Desktop\IMG_0478.JPG [2012.01.03 03:01:58 | 001,819,277 | ---- | M] () -- C:\Users\Daniel\Desktop\IMG_0480.JPG [2011.12.27 22:37:04 | 016,534,924 | ---- | M] ( ) -- C:\Users\Daniel\Desktop\K-Lite_Codec_Pack_790_Full.exe [2011.12.16 11:44:56 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.12.16 11:10:09 | 000,457,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Users\Daniel\AppData\Roaming\*.tmp files -> C:\Users\Daniel\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.10 22:10:08 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.01.09 16:13:22 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.01.08 21:44:01 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.08 19:56:56 | 005,605,280 | ---- | C] () -- C:\Users\Daniel\Desktop\winf programmieren S.125.pdf [2012.01.08 18:23:05 | 000,043,101 | ---- | C] () -- C:\Users\Daniel\Desktop\SII Lo sungen.pdf [2012.01.08 17:50:19 | 000,616,654 | ---- | C] () -- C:\Users\Daniel\Desktop\KLR Skript Zsfassung.pdf [2012.01.04 23:56:26 | 000,003,093 | ---- | C] () -- C:\Users\Daniel\Desktop\Vocabulary 2004.lnk [2012.01.04 23:56:26 | 000,003,053 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vocabulary 2004.lnk [2012.01.03 03:00:56 | 001,843,358 | ---- | C] () -- C:\Users\Daniel\Desktop\IMG_0481.JPG [2012.01.03 03:00:55 | 002,002,497 | ---- | C] () -- C:\Users\Daniel\Desktop\IMG_0479.JPG [2012.01.03 03:00:55 | 001,819,277 | ---- | C] () -- C:\Users\Daniel\Desktop\IMG_0480.JPG [2012.01.03 03:00:54 | 001,912,178 | ---- | C] () -- C:\Users\Daniel\Desktop\IMG_0478.JPG [2011.12.27 22:37:52 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.12.27 22:37:52 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.12.27 22:37:52 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml [2011.12.27 22:37:51 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.12.27 22:34:32 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.12.16 11:44:56 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.19 01:14:01 | 000,000,072 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\blckdom.res [2011.05.06 17:57:32 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.05.01 20:56:00 | 000,001,164 | ---- | C] () -- C:\Users\Daniel\AppData\Local\9A5FF4EA.il [2011.05.01 20:56:00 | 000,000,280 | ---- | C] () -- C:\Users\Daniel\AppData\Local\IndexIE_9A5FF4EA.il [2011.04.26 23:10:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.04.22 20:09:31 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.02.26 20:12:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.02.26 19:56:26 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2010.12.07 15:46:03 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2010.12.07 15:05:17 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.10.30 17:55:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Canon [2011.08.28 11:42:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\digital publishing [2011.05.28 23:22:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org [2011.08.28 11:40:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ProtectDISC [2011.07.07 22:36:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SNS [2012.01.09 02:23:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SoftGrid Client [2011.11.16 10:09:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\toolplugin [2011.05.17 22:27:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TP [2011.11.15 15:27:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
12.01.2012, 15:15
| #22 |
| | Aus Sicherheitsgründen wurde ihre Windows systemherstellung blockiert Trojaner OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.01.2012 15:05:41 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Daniel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,18% Memory free
7,96 Gb Paging File | 6,04 Gb Available in Paging File | 75,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,66 Gb Total Space | 403,37 Gb Free Space | 89,51% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 1,86 Gb Total Space | 1,18 Gb Free Space | 63,20% Space Free | Partition Type: FAT
Computer Name: DROGOSCH | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{982C480E-5BE0-2714-E584-83E88F8A31C3}" = ccc-utility64
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E69F8CE0-7EA0-63A9-5A5B-D8FD9BDCC219}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{03148a20-37c5-4966-a0af-13cf1040e10f}" = Nero 9 Essentials
"{063541C9-B4CA-CD49-080C-AEDE45067CEB}" = CCC Help Portuguese
"{07580AC7-1B74-92E7-F405-9AD4019CA577}" = CCC Help Thai
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{10AD2C1F-9825-F220-7870-CD7B946D367E}" = CCC Help Spanish
"{1B192700-C368-49C1-BF81-D2F9BA065534}" = Catalyst Control Center - Branding
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{23E26695-3815-012F-1CAF-C6C3564DBCBF}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29A4502B-1FA5-72E0-92F1-AC8F2EF16D51}" = CCC Help Danish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{320795BA-446B-C1F7-9560-CC171192DC21}" = CCC Help Turkish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{334BEF1F-EE5B-295F-BED0-728F7F45328B}" = CCC Help Polish
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47772E7F-6942-B7A3-1B31-74D30343064B}" = CCC Help Norwegian
"{485E3D4A-35FB-CED2-3CF5-FAD4CCFE46BD}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6D25EA-5390-CEE6-305E-F28B192C806C}" = CCC Help Finnish
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{557018DC-309C-5BCC-0587-B2D86BA20613}" = CCC Help Greek
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{704ED517-BB7F-7654-2185-627ACCB20179}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B284AC2-4756-6779-9274-FE20EE9216B7}" = Catalyst Control Center InstallProxy
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{800BE8AA-C912-E42D-E97F-BA533A2C851F}" = CCC Help Korean
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83429F57-1A80-EB5B-8E60-C215D025A18B}" = CCC Help Italian
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A49FC1A9-B40E-4C2E-86B1-0F2C6B00DD60}" = Vocabulary
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3119BF5-2502-B6A6-45AA-A1FE5D82FFD7}" = CCC Help Russian
"{B4C7BC58-3914-9EF9-E2B9-52216DFE899D}" = Catalyst Control Center Graphics Previews Vista
"{B722FA60-A6EF-A3F5-DD4B-C826CDA16114}" = CCC Help Japanese
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC7BBA77-7C6F-115C-4B47-0E3EE2610C13}" = CCC Help German
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCCC93B-F646-EB40-4AB1-55D4BE0E5D30}" = CCC Help Dutch
"{DBD55196-4BE4-CAAC-1447-4AF6657EEAD6}" = CCC Help Czech
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1161FE3-E090-512B-BE20-AA276C2766CA}" = CCC Help Swedish
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B8B8A6-BBD9-0B5F-1AA1-A95161C16247}" = CCC Help Chinese Traditional
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E5F1F9B2-90C3-83E2-888F-2725AACA93BD}" = CCC Help French
"{E87C0C8B-82D6-7C51-B1A3-01EAF3314F7F}" = CCC Help English
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E90747-42A1-E42F-C104-48239458946A}" = CCC Help Chinese Standard
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDDB05A-1B35-453B-47B5-AD75809BBBF9}" = PX Profile Update
"7-Zip" = 7-Zip 9.20
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP280 series Benutzerregistrierung" = Canon MP280 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Packard Bell MyBackup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.9.0 (Full)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"WinLiveSuite" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05.01.2012 16:55:28 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3011
Error - 05.01.2012 16:55:28 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3011
Error - 05.01.2012 16:55:29 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 05.01.2012 16:55:29 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4009
Error - 05.01.2012 16:55:29 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4009
Error - 05.01.2012 16:55:30 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 05.01.2012 16:55:30 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5023
Error - 05.01.2012 16:55:30 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5023
Error - 05.01.2012 16:55:36 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 05.01.2012 16:55:36 | Computer Name = Drogosch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10998
[ Cisco AnyConnect VPN Client Events ]
Error - 02.05.2011 14:13:10 | Computer Name = Drogosch | Source = vpnagent | ID = 67108866
Description = Function: URL::URL File: .\Utility\URL.cpp Line: 36 Invoked Function:
URL::setURL Return Code: -28508150 (0xFE4D000A) Description: URL_ERROR_BAD_URL
Error - 02.05.2011 14:13:18 | Computer Name = Drogosch | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 02.05.2011 14:13:18 | Computer Name = Drogosch | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 02.05.2011 14:13:18 | Computer Name = Drogosch | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 02.05.2011 14:13:18 | Computer Name = Drogosch | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1020 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
(0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 02.05.2011 14:13:18 | Computer Name = Drogosch | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
856 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 02.05.2011 14:13:18 | Computer Name = Drogosch | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 02.05.2011 14:14:54 | Computer Name = Drogosch | Source = vpnui | ID = 67108866
Description = Function: ClientIfcBase::autoConnectIfEnabled File: .\ClientIfcBase.cpp
Line:
570 Invoked Function: ClientIfcBase::connect Return Code: -33554422 (0xFE00000A) Description:
GLOBAL_ERROR_UNKNOWN
Error - 02.05.2011 14:14:54 | Computer Name = Drogosch | Source = vpnui | ID = 67108865
Description = Function: ClientIfcBase::attach File: .\ClientIfcBase.cpp Line: 494 autoConnectIfEnabled()
failed
Error - 02.05.2011 14:15:41 | Computer Name = Drogosch | Source = vpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
[ System Events ]
Error - 09.01.2012 12:49:19 | Computer Name = Drogosch | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 09.01.2012 14:39:36 | Computer Name = Drogosch | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 10.01.2012 16:51:47 | Computer Name = Drogosch | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 10.01.2012 16:51:48 | Computer Name = Drogosch | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 10.01.2012 16:51:48 | Computer Name = Drogosch | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 10.01.2012 16:51:49 | Computer Name = Drogosch | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 11.01.2012 17:54:27 | Computer Name = Drogosch | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 11.01.2012 17:54:27 | Computer Name = Drogosch | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 11.01.2012 17:54:28 | Computer Name = Drogosch | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 12.01.2012 08:46:50 | Computer Name = Drogosch | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
< End of report >
|
|
13.01.2012, 08:18
| #23 | |
| /// Helfer-Team | Aus Sicherheitsgründen wurde ihre Windows systemherstellung blockiert Trojaner 1. Programme deinstallieren: Zitat:
Vor dem nächsten Schritt, also bevor wir weitermachen: Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw) ►Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - ►Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks Mache das jetzt bitte! 3. Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment). Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint. Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread. Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop. Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen. Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
13.01.2012, 23:11
| #24 |
| | Aus Sicherheitsgründen wurde ihre Windows systemherstellung blockiert Trojaner Hi, Habe nun alles gemacht, allerdings vergessen diese widerherstellungs Datei zu installieren, jetzt komm ich nicht mehr ins Internet da er sagt ein registrierungsschlussel einem unzulässigen Vorgang zu unterziehen, der zum löschen makiert wurde... Was soll ich jetzt machen? |
|
14.01.2012, 07:12
| #25 | |
| /// Helfer-Team | Aus Sicherheitsgründen wurde ihre Windows systemherstellung blockiert Trojaner kann nicht nachvollziehen was da vorgefallen ist und ob das hilft..es ist einen Versuch wert zu machen: wo noch dein System noch einwandfrei funktioniert hat (bevor das Problem aufgetreten ist), die Systemwiederherstellung ist einen Versuch Wert!: - Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen. Zitat:
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis) ► berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können? Nenne mir bitte das früheste Datum auch, welches genau Du ausgewählt hast!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
14.01.2012, 09:59
| #26 |
| | Aus Sicherheitsgründen wurde ihre Windows systemherstellung blockiert Trojaner Habe jetzt keine Systemwiederherstellung gemacht, habe den Rechner eben eingeschalten und iwie kann ich doch wieder ins internet |
|
14.01.2012, 10:00
| #27 |
| | Aus Sicherheitsgründen wurde ihre Windows systemherstellung blockiert Trojaner Combofix Logfile: Code:
ATTFilter ComboFix 12-01-09.03 - Daniel 13.01.2012 22:46:01.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4078.2349 [GMT 1:00]
ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Daniel\4.0
c:\users\Daniel\AppData\Roaming\AcroIEHelpe.txt
c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\firefox.exe
c:\users\Daniel\AppData\Roaming\srvblck2.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-13 bis 2012-01-13 ))))))))))))))))))))))))))))))
.
.
2012-01-13 21:49 . 2012-01-13 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-13 21:29 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57451539-4E3A-42F6-99DE-8859B758C7CE}\mpengine.dll
2012-01-12 14:14 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 14:14 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 14:14 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-12 14:14 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-12 14:14 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 14:14 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-12 14:14 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-12 14:14 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 22:18 . 2012-01-10 22:18 -------- d-----w- c:\program files (x86)\ESET
2012-01-10 21:10 . 2012-01-10 21:10 -------- d-----w- c:\users\Daniel\AppData\Roaming\SUPERAntiSpyware.com
2012-01-10 21:09 . 2012-01-10 21:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-10 21:09 . 2012-01-10 21:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-10 21:04 . 2012-01-10 21:04 -------- d-----w- C:\_OTL
2012-01-10 20:55 . 2012-01-10 20:55 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-10 20:54 . 2012-01-10 20:54 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-01-09 15:13 . 2012-01-09 15:13 -------- d-----w- c:\program files\CCleaner
2012-01-08 02:45 . 2012-01-08 02:45 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-08 02:45 . 2012-01-08 02:45 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-08 02:45 . 2012-01-08 02:45 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-08 02:45 . 2012-01-08 02:45 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-04 22:56 . 2012-01-04 22:56 -------- d-----w- c:\program files (x86)\Vocabulary
2011-12-27 21:38 . 2012-01-10 20:57 -------- d-----w- c:\users\Daniel\AppData\Roaming\Media Player Classic
2011-12-27 21:37 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-12-27 21:37 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-12-27 21:37 . 2008-09-24 18:41 839680 ----a-w- c:\windows\SysWow64\lameACM.acm
2011-12-27 21:37 . 2011-10-28 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-12-27 21:34 . 2011-03-02 11:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2011-12-27 21:34 . 2011-12-27 21:38 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2011-12-27 08:46 . 2011-12-27 08:46 -------- d-----w- c:\programdata\Hewlett-Packard
2011-12-27 08:46 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-12-16 10:44 . 2011-12-16 10:44 -------- d-----w- c:\program files\iTunes
2011-12-16 10:44 . 2011-12-16 10:44 -------- d-----w- c:\program files (x86)\iTunes
2011-12-16 10:44 . 2011-12-16 10:44 -------- d-----w- c:\program files\iPod
2011-12-15 19:59 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 19:59 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 19:54 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 19:54 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-15 19:54 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 19:53 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 20:54 . 2011-05-28 22:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-02 10:27 . 2011-12-02 10:27 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-20 22:57 . 2011-11-20 22:44 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 12:29 . 2011-10-24 12:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 12:29 . 2011-10-24 12:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"BackupManagerTray"="c:\program files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" [2010-11-12 295232]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-09 1025616]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-02 136360]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-12-09 311376]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-10-29 868224]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [2010-11-12 257344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-29 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-26 11619432]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-10-29 860040]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\szfr3tp7.default\
FF - prefs.js: browser.search.selectedEngine -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Mozilla Firefox - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\firefox.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-13 22:54:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-01-13 21:54
.
Vor Suchlauf: 9 Verzeichnis(se), 432.966.774.784 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 432.808.849.408 Bytes frei
.
- - End Of File - - D2EA859712F52335E97AF2DA3801A6EB
|
|
14.01.2012, 10:16
| #28 |
| | Aus Sicherheitsgründen wurde ihre Windows systemherstellung blockiert Trojaner Bin nun seit 20min im Internet ohne einen Blockierungsvorfall, vermute mal (weis nicht ob man das so pauschal behaupten kann) das der Virus beseitigt ist. Gibt es sonst noch irgendwas was ich machen sollte oder ab nun beachten muss o.ä.? Soll ich die ganzen Programme wie Ottl, antispy etc wieder löschen? Und könnt ihr mir Programme empfehlen welche mich zukünftig besser im netz schützen... Und Danke euch für die Hilfe, ihr seit echt TOP. |
|
16.01.2012, 05:21
| #29 |
| /// Helfer-Team | Aus Sicherheitsgründen wurde ihre Windows systemherstellung blockiert Trojaner zur Nachkontrolle: erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
20.01.2012, 19:41
| #30 |
| | Aus Sicherheitsgründen wurde ihre Windows systemherstellung blockiert Trojaner OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.01.2012 19:37:38 - Run 5 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Daniel\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 61,88% Memory free 7,96 Gb Paging File | 6,06 Gb Available in Paging File | 76,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,66 Gb Total Space | 405,89 Gb Free Space | 90,06% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: DROGOSCH | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.09 12:28:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\24960-OTL.exe PRC - [2011.10.05 23:31:15 | 000,137,536 | ---- | M] (Facebook Inc.) -- C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe PRC - [2011.06.28 20:14:10 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.02 22:35:58 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.04 13:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.12.22 21:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.22 21:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.09 06:27:50 | 001,025,616 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.12.09 06:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.12.09 06:27:50 | 000,287,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.11.12 02:21:52 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2010.11.12 02:21:46 | 000,295,232 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe PRC - [2010.10.28 18:55:02 | 000,969,824 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.09.14 03:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.09.14 03:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.04.27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2012.01.09 16:14:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll MOD - [2011.10.14 10:57:02 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\60c320dbe033e8ff4830cdc059933f2c\IAStorUtil.ni.dll MOD - [2011.10.14 10:57:02 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll MOD - [2011.10.14 10:03:50 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.10.14 10:03:45 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.10.14 10:03:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011.10.14 10:03:31 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011.10.14 10:03:28 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.10.14 10:03:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.10.14 10:03:23 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.05.28 23:21:31 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011.02.27 04:41:25 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.12 02:22:22 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\sqlite3.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2010.10.28 03:38:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.10.08 02:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2011.06.28 20:14:10 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.02 22:35:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.26 20:06:01 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.12.22 21:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.12.22 21:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.12.09 06:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.11.12 02:21:52 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.10.29 19:22:12 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.09.14 03:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.06.28 20:14:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.28 20:14:10 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.28 04:11:46 | 007,877,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.28 03:03:40 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.08 02:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.09.30 06:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.09.27 08:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010.09.14 03:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.07.29 14:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.07.20 10:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.05.11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.05.05 22:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..network.proxy.no_proxies_on: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Daniel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.18 19:31:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.08 03:45:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.10 21:54:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Daniel\AppData\Roaming\5043 [2012.01.10 21:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2012.01.11 23:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\szfr3tp7.default\extensions [2012.01.10 21:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.01.10 21:54:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2012.01.08 03:45:21 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.10 21:54:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.03 21:21:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 21:21:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 21:21:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 21:21:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml ========== Chrome ========== O1 HOSTS File: ([2012.01.13 22:50:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{359E4F5A-1A40-464B-BD4A-2AF301A56293}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{590F8133-C064-4BB6-9FA0-00BD017A0412}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9443097F-9960-484F-9F44-D5F904231400}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.20 13:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.01.20 13:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.01.20 13:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.01.20 13:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.01.17 19:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.01.16 01:26:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\flash111 [2012.01.16 01:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.01.16 01:19:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Google [2012.01.16 01:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.01.13 23:06:05 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.01.13 23:06:05 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2012.01.13 23:06:05 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2012.01.13 23:06:05 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2012.01.13 23:06:05 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2012.01.13 23:06:05 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2012.01.13 22:50:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.01.13 22:45:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.01.13 22:45:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.01.13 22:45:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.01.13 22:45:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.01.13 22:45:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.01.12 15:14:16 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2012.01.12 15:14:16 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2012.01.12 15:14:16 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.01.12 15:14:16 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.01.12 15:14:15 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2012.01.12 15:14:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012.01.12 15:14:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2012.01.12 13:04:20 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.01.11 23:12:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\tdsskiller_2.5.5.0 [2012.01.10 23:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.01.10 22:10:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\SUPERAntiSpyware.com [2012.01.10 22:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.01.10 22:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.01.10 22:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.01.10 22:04:16 | 000,000,000 | ---D | C] -- C:\_OTL [2012.01.10 21:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.01.10 21:54:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.01.10 21:54:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.01.10 21:54:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.01.09 19:04:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Virus [2012.01.09 16:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.01.09 16:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.01.09 16:09:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\24960-OTL.exe [2012.01.04 23:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vocabulary [2012.01.04 23:56:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Eigene Vokabelhefte [2011.12.27 22:38:23 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Media Player Classic [2011.12.27 22:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2011.12.27 22:37:52 | 000,839,680 | ---- | C] (www) -- C:\Windows\SysWow64\lameACM.acm [2011.12.27 22:36:18 | 016,534,924 | ---- | C] ( ) -- C:\Users\Daniel\Desktop\K-Lite_Codec_Pack_790_Full.exe [2011.12.27 22:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2011.12.27 09:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard ========== Files - Modified Within 30 Days ========== [2012.01.20 19:21:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.20 18:59:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.20 18:37:13 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.20 18:37:13 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.20 18:37:13 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.20 18:37:13 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.20 18:37:13 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.20 13:29:42 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.19 20:34:44 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.19 20:29:47 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.19 20:29:47 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.18 22:37:18 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys [2012.01.17 19:48:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.01.13 22:50:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.01.10 22:10:08 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.01.10 21:54:32 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.01.10 21:54:32 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.01.10 21:54:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012.01.10 21:54:31 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.01.09 16:13:22 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.01.09 12:28:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\24960-OTL.exe [2012.01.08 19:56:56 | 005,605,280 | ---- | M] () -- C:\Users\Daniel\Desktop\winf programmieren S.125.pdf [2012.01.08 18:23:05 | 000,043,101 | ---- | M] () -- C:\Users\Daniel\Desktop\SII Lo sungen.pdf [2012.01.08 17:50:19 | 000,616,654 | ---- | M] () -- C:\Users\Daniel\Desktop\KLR Skript Zsfassung.pdf [2012.01.04 23:56:26 | 000,003,093 | ---- | M] () -- C:\Users\Daniel\Desktop\Vocabulary 2004.lnk [2012.01.03 03:01:59 | 001,843,358 | ---- | M] () -- C:\Users\Daniel\Desktop\IMG_0481.JPG [2012.01.03 03:01:58 | 002,002,497 | ---- | M] () -- C:\Users\Daniel\Desktop\IMG_0479.JPG [2012.01.03 03:01:58 | 001,912,178 | ---- | M] () -- C:\Users\Daniel\Desktop\IMG_0478.JPG [2012.01.03 03:01:58 | 001,819,277 | ---- | M] () -- C:\Users\Daniel\Desktop\IMG_0480.JPG [2011.12.27 22:37:04 | 016,534,924 | ---- | M] ( ) -- C:\Users\Daniel\Desktop\K-Lite_Codec_Pack_790_Full.exe ========== Files Created - No Company Name ========== [2012.01.20 13:29:42 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.17 19:48:10 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.17 19:48:09 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.13 22:45:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.01.13 22:45:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.01.13 22:45:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.01.13 22:45:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.01.13 22:45:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.01.10 22:10:08 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.01.09 16:13:22 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.01.08 19:56:56 | 005,605,280 | ---- | C] () -- C:\Users\Daniel\Desktop\winf programmieren S.125.pdf [2012.01.08 18:23:05 | 000,043,101 | ---- | C] () -- C:\Users\Daniel\Desktop\SII Lo sungen.pdf [2012.01.08 17:50:19 | 000,616,654 | ---- | C] () -- C:\Users\Daniel\Desktop\KLR Skript Zsfassung.pdf [2012.01.04 23:56:26 | 000,003,093 | ---- | C] () -- C:\Users\Daniel\Desktop\Vocabulary 2004.lnk [2012.01.04 23:56:26 | 000,003,053 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vocabulary 2004.lnk [2012.01.03 03:00:56 | 001,843,358 | ---- | C] () -- C:\Users\Daniel\Desktop\IMG_0481.JPG [2012.01.03 03:00:55 | 002,002,497 | ---- | C] () -- C:\Users\Daniel\Desktop\IMG_0479.JPG [2012.01.03 03:00:55 | 001,819,277 | ---- | C] () -- C:\Users\Daniel\Desktop\IMG_0480.JPG [2012.01.03 03:00:54 | 001,912,178 | ---- | C] () -- C:\Users\Daniel\Desktop\IMG_0478.JPG [2011.12.27 22:37:52 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.12.27 22:37:52 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.12.27 22:37:52 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml [2011.12.27 22:37:51 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.12.27 22:34:32 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.11.19 01:14:01 | 000,000,072 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\blckdom.res [2011.05.06 17:57:32 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.05.01 20:56:00 | 000,001,164 | ---- | C] () -- C:\Users\Daniel\AppData\Local\9A5FF4EA.il [2011.05.01 20:56:00 | 000,000,280 | ---- | C] () -- C:\Users\Daniel\AppData\Local\IndexIE_9A5FF4EA.il [2011.04.26 23:10:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.04.22 20:09:31 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.02.26 20:12:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.02.26 19:56:26 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2010.12.07 15:46:03 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2010.12.07 15:05:17 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.10.30 17:55:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Canon [2011.08.28 11:42:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\digital publishing [2011.05.28 23:22:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org [2011.08.28 11:40:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ProtectDISC [2011.07.07 22:36:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SNS [2012.01.09 02:23:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SoftGrid Client [2011.11.16 10:09:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\toolplugin [2011.05.17 22:27:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TP [2011.11.15 15:27:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
| Themen zu Aus Sicherheitsgründen wurde ihre Windows systemherstellung blockiert Trojaner |
| abend, achtung, ahnung, aus sicherheitsgründen, blockiert, ellung, erschein, erscheint, garnichts, guten, hoffe, inter, interne, internetverbindung, min, problem, schei, sicherheitsgründe, sicherheitsgründen, troja, trojane, trojaner, verbindung, windows, überhaupt |
.
Linear-Darstellung
