| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System Check Virus + Gema Trojaner eingefangen...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.03.2012, 14:56
| #1 |
 |  System Check Virus + Gema Trojaner eingefangen... Hallo zusammen, ich habe mir vor 2 Tagen den System Check Virus eingefangen + die Woche davor den Gema Trojaner (danach lief mein Laptop eigtl. noch ganz gut  ) Naja spätestens seit "System Check" geht nichts mehr...ich habe die Malwarebytes Software gestern durchlaufen lassen und sage und schreibe 21 Viren entfernt...jetzt ist das komplette System Check Fenster weg aber leider sind meine ganzen Dateien noch "versteckt".Ich wäre Euch sehr dankbar wenn sich jemand mir annimmt und weiter helfen kann! beste Grüße Jo Ich hab jetzt nachdem ich einige Themen mit den gleichen Problemen durchgelesen habe zwei OTL Log files mit dem OTL (Old Timer Scanner) erstellt. Welche wie folgt aussehen [quote] OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 21.03.2012 15:06:45 - Run 2 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Jo\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,97 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 58,20% Memory free 3,93 Gb Paging File | 2,85 Gb Available in Paging File | 72,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 218,20 Gb Total Space | 130,64 Gb Free Space | 59,87% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Jo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jo\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\3 Mobile Broadband\3Connect\BecHelperService.exe () PRC - C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\xammp\xampp\mysql\bin\mysqld.exe (MySQL AB) PRC - C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft) PRC - c:\Programme\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) PRC - c:\Programme\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) PRC - C:\Programme\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE () PRC - C:\Programme\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE (Dell Inc.) PRC - C:\Programme\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\ppgooglenaclpluginchrome.dll () MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\pdf.dll () MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\avutil-51.dll () MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\avformat-53.dll () MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\avcodec-53.dll () MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\gcswf32.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Notepad++\NppShell_01.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (BecHelperService) -- C:\Programme\3 Mobile Broadband\3Connect\BecHelperService.exe () SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (MySQL) -- C:\xammp\xampp\mysql\bin\mysqld.exe (MySQL AB) SRV - (Apache2.2) -- C:\xammp\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (tmproxy) -- c:\Programme\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.) SRV - (TMBMServer) -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) SRV - (TmPfw) -- c:\Programme\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.) SRV - (SfCtlCom) -- c:\Programme\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.) SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE () SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mdvrmng) -- C:\Windows\System32\drivers\mdvrmng.sys () DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.) DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.) DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.) DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.) DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.) DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.) DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.) DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC) DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC) DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {4031213B-2279-418F-81C5-A2F5CE04EF46} IE - HKLM\..\SearchScopes\{4031213B-2279-418F-81C5-A2F5CE04EF46}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {4031213B-2279-418F-81C5-A2F5CE04EF46} IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKCU\..\SearchScopes\{2781380E-042A-48DC-ADCD-24554EC175A9}: "URL" = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{3C74D455-EA77-4868-AFC2-FA8D4DE18714}: "URL" = hxxp://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms} IE - HKCU\..\SearchScopes\{79817182-B2D0-41A4-AF82-743AE2044FD5}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{A335781F-692C-42E6-ADB2-1292F66B8D62}: "URL" = hxxp://go.web.de/tb2/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{CF27C2CB-2BE3-4295-BEA2-D6BB073DD605}: "URL" = hxxp://go.web.de/tb/ie_ebay_sp/?su={searchTerms} IE - HKCU\..\SearchScopes\{E5E01A93-5788-418C-ABD4-A269D2DC0631}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{F6F847D7-BB45-4F75-A366-F6183FA44994}: "URL" = hxxp://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\ CHR - Extension: Google Mail = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UfSeAgnt.exe] c:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CA6CC16-C409-41D1-989C-CB04DD2106EB}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B00989C-9452-44BD-B6B9-D5D8BF77283C}: NameServer = 217.171.135.1 217.171.132.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll () O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell - "" = AutoRun O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.20 16:43:29 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Malwarebytes [2012.03.20 16:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.20 16:43:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.20 16:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.20 16:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.20 16:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer [2012.03.20 16:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer [2012.03.19 23:42:09 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check [2012.03.19 23:34:46 | 000,000,000 | -H-D | C] -- C:\Users\Jo\Desktop\Saukrates-The_Underground_Tapes_Volume_2-Limited_Edition-EP-1999-FTD [2012.03.19 23:16:41 | 000,000,000 | -H-D | C] -- C:\Users\Jo\Desktop\Saukrates - The Underground Tapes (1999) [2012.03.18 18:23:54 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\UAs [2012.03.18 13:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.03.18 13:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.03.18 13:36:30 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Local\Google [2012.03.18 13:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.03.18 13:35:09 | 003,628,016 | -H-- | C] (Piriform Ltd) -- C:\Users\Jo\Desktop\ccsetup316.exe [2012.03.17 21:12:41 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\xmldm [2012.03.17 21:12:40 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\kock [2012.03.15 03:36:57 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\gema [2012.03.15 03:36:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\gema [2012.03.15 03:01:04 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.03.15 03:01:03 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.03.14 14:51:54 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.03.14 14:51:53 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.03.14 14:50:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012.03.14 14:50:17 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012.03.14 14:50:17 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012.03.14 14:50:16 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2012.03.10 21:34:49 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber [2012.03.10 21:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\v-Grabber [1 C:\Users\Jo\AppData\Roaming\*.tmp files -> C:\Users\Jo\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.21 14:47:01 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.21 14:16:19 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.21 14:16:19 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.21 14:09:14 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.21 14:08:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.21 14:08:47 | 1582,583,808 | -HS- | M] () -- C:\hiberfil.sys [2012.03.20 21:27:31 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.20 21:27:31 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.20 21:27:31 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.20 21:27:31 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.20 16:43:20 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.20 16:19:23 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2012.03.19 23:43:51 | 000,000,456 | -H-- | M] () -- C:\ProgramData\bWNUBzRXeGIbSm [2012.03.19 23:42:10 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSm [2012.03.19 23:42:10 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSmr [2012.03.19 23:42:09 | 000,000,655 | -H-- | M] () -- C:\Users\Jo\Desktop\System Check.lnk [2012.03.19 23:27:07 | 041,363,404 | -H-- | M] () -- C:\Users\Jo\Desktop\Saukrates-The_Underground_Tapes_Volume_2-Limited_Edition-EP-1999-FTD.zip [2012.03.19 22:06:28 | 152,825,420 | -H-- | M] () -- C:\Users\Jo\Desktop\TONY MATTERHORN B-DAY PARTY (PART 2) (MARCH 17th 2012) (MIAMI) CODE RED, INNOCENT, TONY MATTERHORN.mp3 [2012.03.19 16:06:48 | 000,005,624 | -H-- | M] () -- C:\Users\Jo\AppData\Roaming\BAcroIEHelpe089.dll [2012.03.18 16:12:04 | 142,114,730 | -H-- | M] () -- C:\Users\Jo\Desktop\PLAYMAKER MEETS LUV INJECTION.zip [2012.03.18 14:40:49 | 000,016,081 | -HS- | M] () -- C:\Users\Jo\Desktop\Folder.jpg [2012.03.18 14:40:49 | 000,004,877 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArtSmall.jpg [2012.03.18 13:35:15 | 003,628,016 | -H-- | M] (Piriform Ltd) -- C:\Users\Jo\Desktop\ccsetup316.exe [2012.03.15 15:35:05 | 067,033,172 | -H-- | M] () -- C:\Users\Jo\Desktop\Runnsound Remembers Gregory Isaacs - Cool Ruler Audiomentary-17 Tracks Dubplate Tribute.mp3 [2012.03.15 03:21:29 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.14 03:30:38 | 000,000,444 | -H-- | M] () -- C:\Users\Jo\Desktop\Breanne Benson Videos (242) 4tube.website [2012.03.13 14:17:26 | 003,457,036 | -H-- | M] () -- C:\Users\Jo\Desktop\template9.zip [2012.03.05 17:40:52 | 000,000,028 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Small.jpg [2012.03.05 17:40:52 | 000,000,028 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Large.jpg [2012.02.25 13:22:09 | 000,000,477 | -H-- | M] () -- C:\Users\Jo\Desktop\Download Solid Selection.rar from Sendspace.com - send big files the easy way.website [2012.02.23 22:09:44 | 000,000,463 | -H-- | M] () -- C:\Users\Jo\Desktop\Supersonic, Recorded on 12-11-11 Mitch_YBS on USTREAM. Radio.website [2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [1 C:\Users\Jo\AppData\Roaming\*.tmp files -> C:\Users\Jo\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.20 16:43:20 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.20 16:19:23 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2012.03.19 23:42:10 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~bWNUBzRXeGIbSm [2012.03.19 23:42:10 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~bWNUBzRXeGIbSmr [2012.03.19 23:42:09 | 000,000,655 | -H-- | C] () -- C:\Users\Jo\Desktop\System Check.lnk [2012.03.19 23:42:05 | 000,000,456 | -H-- | C] () -- C:\ProgramData\bWNUBzRXeGIbSm [2012.03.19 23:23:49 | 041,363,404 | -H-- | C] () -- C:\Users\Jo\Desktop\Saukrates-The_Underground_Tapes_Volume_2-Limited_Edition-EP-1999-FTD.zip [2012.03.19 21:54:37 | 152,825,420 | -H-- | C] () -- C:\Users\Jo\Desktop\TONY MATTERHORN B-DAY PARTY (PART 2) (MARCH 17th 2012) (MIAMI) CODE RED, INNOCENT, TONY MATTERHORN.mp3 [2012.03.19 16:06:48 | 000,005,624 | -H-- | C] () -- C:\Users\Jo\AppData\Roaming\BAcroIEHelpe089.dll [2012.03.18 16:01:09 | 142,114,730 | -H-- | C] () -- C:\Users\Jo\Desktop\PLAYMAKER MEETS LUV INJECTION.zip [2012.03.18 13:36:35 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.18 13:36:34 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.15 15:28:50 | 067,033,172 | -H-- | C] () -- C:\Users\Jo\Desktop\Runnsound Remembers Gregory Isaacs - Cool Ruler Audiomentary-17 Tracks Dubplate Tribute.mp3 [2012.03.13 14:17:20 | 003,457,036 | -H-- | C] () -- C:\Users\Jo\Desktop\template9.zip [2012.03.05 17:40:52 | 000,000,028 | -HS- | C] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Small.jpg [2012.03.05 17:40:52 | 000,000,028 | -HS- | C] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Large.jpg [2012.02.24 00:54:54 | 000,000,477 | -H-- | C] () -- C:\Users\Jo\Desktop\Download Solid Selection.rar from Sendspace.com - send big files the easy way.website [2012.02.20 16:00:20 | 000,000,463 | -H-- | C] () -- C:\Users\Jo\Desktop\Supersonic, Recorded on 12-11-11 Mitch_YBS on USTREAM. Radio.website [2011.06.03 10:04:49 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\mdvrmng.sys [2010.11.18 15:42:34 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010.11.05 16:05:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.08.16 18:48:32 | 000,009,728 | -H-- | C] () -- C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.27 14:10:54 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin [2010.03.27 13:57:33 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2010.03.27 13:57:32 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2010.03.27 13:54:02 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll ========== Files - Unicode (All) ========== [2012.03.10 14:12:57 | 000,000,618 | -H-- | M] ()(C:\Users\Jo\Desktop\? Slow Jams Pt.2.mp3 (full) by K'Ress.website) -- C:\Users\Jo\Desktop\▶ Slow Jams Pt.2.mp3 (full) by K'Ress.website [2012.02.17 19:24:19 | 000,000,618 | -H-- | C] ()(C:\Users\Jo\Desktop\? Slow Jams Pt.2.mp3 (full) by K'Ress.website) -- C:\Users\Jo\Desktop\▶ Slow Jams Pt.2.mp3 (full) by K'Ress.website < End of report > --- --- --- OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.03.2012 15:06:45 - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Jo\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,97 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 58,20% Memory free
3,93 Gb Paging File | 2,85 Gb Available in Paging File | 72,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,20 Gb Total Space | 130,64 Gb Free Space | 59,87% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: Jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54F5197C-9A19-4BCF-98A1-514C5A832D84}" = Dell Backup and Recovery Manager
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D71174A-31A3-4523-8A52-8602B6099AC2}" = ITCH
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Dell Webcam Central" = Dell Webcam Central
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"Google Chrome" = Google Chrome
"GridinSoft Trojan Killer" = Trojan Killer
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Notepad++" = Notepad++
"Opera 11.61.1250" = Opera 11.61
"TVWiz" = Intel(R) TV Wizard
"Veetle TV" = Veetle TV 0.9.18
"Visual Slideshow" = Visual Slideshow
"VLC media player" = VLC media player 1.0.5
"vShare" = vShare Plugin
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.05.2011 07:30:17 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description =
Error - 15.05.2011 20:46:16 | Computer Name = Laptop | Source = EventSystem | ID = 4621
Description =
Error - 16.05.2011 13:16:23 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description =
Error - 17.05.2011 05:41:42 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description =
Error - 17.05.2011 08:44:23 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description =
Error - 17.05.2011 11:10:48 | Computer Name = Laptop | Source = EventSystem | ID = 4621
Description =
Error - 17.05.2011 12:02:31 | Computer Name = Laptop | Source = EventSystem | ID = 4621
Description =
Error - 17.05.2011 14:14:14 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description =
Error - 18.05.2011 11:34:10 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description =
Error - 18.05.2011 15:30:07 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description =
[ Media Center Events ]
Error - 24.04.2011 07:46:45 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:46:45 - Fehler beim Herstellen der Internetverbindung. 13:46:45
- Serververbindung konnte nicht hergestellt werden..
Error - 24.04.2011 07:46:56 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:46:50 - Fehler beim Herstellen der Internetverbindung. 13:46:50
- Serververbindung konnte nicht hergestellt werden..
Error - 13.05.2011 06:42:59 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 12:42:59 - Fehler beim Herstellen der Internetverbindung. 12:42:59
- Serververbindung konnte nicht hergestellt werden..
Error - 13.05.2011 06:43:11 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 12:43:04 - Fehler beim Herstellen der Internetverbindung. 12:43:04
- Serververbindung konnte nicht hergestellt werden..
Error - 13.05.2011 07:46:16 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:46:16 - Fehler beim Herstellen der Internetverbindung. 13:46:16
- Serververbindung konnte nicht hergestellt werden..
Error - 13.05.2011 07:46:23 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:46:21 - Fehler beim Herstellen der Internetverbindung. 13:46:21
- Serververbindung konnte nicht hergestellt werden..
Error - 26.10.2011 07:02:03 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:02:03 - Fehler beim Herstellen der Internetverbindung. 13:02:03
- Serververbindung konnte nicht hergestellt werden..
Error - 26.10.2011 07:02:16 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:02:08 - Fehler beim Herstellen der Internetverbindung. 13:02:08
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 20.03.2012 10:51:21 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 20.03.2012 10:51:29 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 20.03.2012 10:51:29 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 20.03.2012 10:51:29 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 20.03.2012 10:52:56 | Computer Name = Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
Error - 20.03.2012 10:52:59 | Computer Name = Laptop | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%1062
Error - 20.03.2012 11:12:26 | Computer Name = Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
Error - 20.03.2012 13:27:57 | Computer Name = Laptop | Source = DCOM | ID = 10010
Description =
Error - 20.03.2012 13:29:23 | Computer Name = Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
Error - 21.03.2012 09:09:10 | Computer Name = Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
< End of report >
|
| Themen zu System Check Virus + Gema Trojaner eingefangen... |
| bacroiehelpe, ccsetup, check, dankbar, dateien, eingefangen, entfern, fenster, gefangen, gema trojaner, gestern, hallo zusammen, host.exe, install.exe, komplette, laptop, malwarebytes, mbamservice.exe, nichts, plug-in, searchscopes, security scan, sendspace.com, software, system, tagen, taskhost.exe, troja, trojaner, version=1.0, versteckt, viren, virus, virus eingefangen, woche, zusammen |
Baum-Darstellung