| |
| |||||||
Log-Analyse und Auswertung: Rogue.FakeHDD - System Check Virus - Keine Dateien und Links mehr sichtbarWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.03.2012, 22:19
| #1 |
 |  Rogue.FakeHDD - System Check Virus - Keine Dateien und Links mehr sichtbar Hallo Forum, obwohl ich versierter Techniker und glaube guter PC Fachmann zu sein, hat es mich jetzt auch zum ersten mal mit einer Malware erwischt. Normaler Betrieb, nur IE und Thunderbird offen: Dann wird einem ein Systemfehler vorgegaukelt, Festplatte... au weia.. alle Links und Dateien nicht mehr sichtbar, vermeintlich weg. Nach Suche hier im Forum habe ich gleich die nachfolgenden Schritte ausgeführt. Jetzt sieht es so aus, dass fast alles wieder OK ist. Einige Links passen noch nicht und ob der PC nun sauber ist weiß ich auch noch nicht. Defogger ausgeführt → Log im Zip Malwarebytes Quick Scann → Virus (Rogue.FakeHDD) & (PUM.Hijack.StartMenu) gefunden und entfernt → Log im Zip Esset online Scan durchgeführt → ein Fund, ist mir bekannt, kein Problem! → Log im Zip Kaspersky TDSSKiller ausgeführt → keine Funde, Report habe ich keinen raus bekommen. Unhide ausgeführt → Super, meine Dateien und Links sind (fast) wieder alle da → Log im Zip Combofix gestartet → Logs im Zip Malewarebytes Full Scann → nix, alles sauber → Log im Zip DDS ausgeführt → Logs im Zip und Thread Nachgelagert wäre für mich noch interessieren wo die Schwachstelle war? Java hatte gemeldet, dass es aktualisiert werden möchte, was ich ein paar Tage vor mich hin geschoben habe...  ?Vielen Dank im voraus, Sigi [CODE] .DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Sigi at 22:08:36 on 2012-03-28
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4087.2358 [GMT 2:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkCSrv.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/ig?hl=de
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CEAB29A9-421C-4C97-9028-D0760BB037E6} : DhcpNameServer = 192.168.2.1
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{53707962-6F74-2D53-2644-206D7942484F}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun-x64: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-3-20 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-3-20 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-28 652360]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-15 1153368]
R2 StkSSrv;Syntek AVStream USB2.0 ATV Service;C:\Windows\System32\StkCSrv.exe --> C:\Windows\System32\StkCSrv.exe [?]
R2 Windows7FirewallService;Windows7FirewallService;C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe [2010-3-20 364544]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mv2;mv2;C:\Windows\system32\DRIVERS\mv2.sys --> C:\Windows\system32\DRIVERS\mv2.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-2-19 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-19 79360]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]
S3 libusb0;LibUsb-Win32 - Kernel Driver 1.2.0.1, 07/11/2010;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 MCHPUSB;MCHPUSB;C:\Windows\system32\DRIVERS\mchpusb64.sys --> C:\Windows\system32\DRIVERS\mchpusb64.sys [?]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 StkCMini;Syntek AVStream USB2.0 ATV;C:\Windows\system32\Drivers\StkCMini.sys --> C:\Windows\system32\Drivers\StkCMini.sys [?]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== File Associations ===============
.
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2012-03-28 19:55:41 -------- d--h--w- C:\Windows\autorec
2012-03-28 18:49:45 -------- d-----w- C:\$RECYCLE.BIN
2012-03-28 18:43:52 98816 ----a-w- C:\Windows\sed.exe
2012-03-28 18:43:52 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-28 18:43:52 256000 ----a-w- C:\Windows\PEV.exe
2012-03-28 18:43:52 208896 ----a-w- C:\Windows\MBR.exe
2012-03-28 15:23:59 -------- d-----w- C:\Users\Sigi\AppData\Roaming\Malwarebytes
2012-03-28 15:23:50 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-28 15:23:49 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-28 15:23:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-28 14:52:52 -------- d---a-w- C:\LogDateien
2012-03-28 14:52:42 -------- d---a-w- C:\.Trash-999
2012-03-27 18:07:22 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78684142-BC6D-458B-8E91-4B507CA54AF0}\mpengine.dll
2012-03-14 23:45:49 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 23:45:49 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 23:45:49 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 17:04:24 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 17:04:24 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 17:04:18 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 17:03:52 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 17:03:52 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 17:03:52 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 17:03:41 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 17:03:41 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 17:03:41 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 17:03:41 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
2012-03-28 16:36:38 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-10 16:49:07 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
.
============= FINISH: 22:08:59,28 ===============
|
|
29.03.2012, 21:55
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Rogue.FakeHDD - System Check Virus - Keine Dateien und Links mehr sichtbarZitat:
Nutzt keinesfalls Combofix auf eigene Faust !!
__________________ |
|
30.03.2012, 18:39
| #3 |
| | Rogue.FakeHDD - System Check Virus - Keine Dateien und Links mehr sichtbar Hallo Arne,
__________________ich habe drei Threads mit gleichen Virus genau verfolgt. Nach einsender der Logs kam immer direkt die Anweisung ComboFix auszuführen. Nach den Teilerfolgen der Wiederherstellung, hab ich mich hinreisen lassen, das auch noch auszuführen, damit alle Daten für den nächsten Schritt gleich vorliegen. Dick genug ist es zweifels ohne... Gruß, Sigi |
|
30.03.2012, 19:56
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rogue.FakeHDD - System Check Virus - Keine Dateien und Links mehr sichtbarZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.03.2012, 20:27
| #5 |
| | Rogue.FakeHDD - System Check Virus - Keine Dateien und Links mehr sichtbar Hallo Arne, das ist ein Client für eine Amateurfunkanwendung. Das Problem ist bekannt, dass die Datei als vermeindlicher Virus angesehen wird, keine Gefahr. Damit Avira nicht immer anmeckert, habe ich die Zip Datei einfach auf ZAP geändert. Gruß, Sigi |
|
30.03.2012, 21:06
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rogue.FakeHDD - System Check Virus - Keine Dateien und Links mehr sichtbar Ja sowas wollte ich hören, das ist ein klassischer Fehlalarm dann CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Rogue.FakeHDD - System Check Virus - Keine Dateien und Links mehr sichtbar |
|
30.03.2012, 22:02
| #7 |
| | Rogue.FakeHDD - System Check Virus - Keine Dateien und Links mehr sichtbar Hallo Arne, hier die Logfiles:OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.03.2012 22:19:39 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sigi\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 68,58% Memory free 7,98 Gb Paging File | 6,54 Gb Available in Paging File | 81,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,31 Gb Total Space | 117,26 Gb Free Space | 60,04% Space Free | Partition Type: NTFS Drive D: | 292,97 Gb Total Space | 225,08 Gb Free Space | 76,83% Space Free | Partition Type: NTFS Drive E: | 443,13 Gb Total Space | 431,71 Gb Free Space | 97,42% Space Free | Partition Type: NTFS Computer Name: SIGI-PC | User Name: Sigi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.03.30 22:15:37 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sigi\Desktop\OTL.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.06.30 19:31:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.27 19:07:58 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.01.07 08:05:52 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.06.29 16:43:46 | 000,364,544 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe PRC - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2006.11.17 17:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTSched.exe ========== Modules (No Company Name) ========== MOD - [2009.08.26 06:29:28 | 000,150,016 | ---- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll MOD - [2009.03.26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007.02.12 12:45:26 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.06.30 19:31:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 19:07:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 23:42:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.02.19 23:12:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.06.29 16:43:46 | 000,364,544 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.06.30 19:31:21 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.30 19:31:21 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.07.12 20:39:32 | 000,042,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0) DRV:64bit: - [2010.07.12 19:29:41 | 000,012,096 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2) DRV:64bit: - [2009.10.06 12:54:18 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt) DRV:64bit: - [2009.10.06 12:53:56 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:64bit: - [2009.10.06 12:53:56 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2009.10.06 12:53:54 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.06 03:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008.05.12 08:09:06 | 000,064,512 | ---- | M] (Microchip Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mchpusb64.sys -- (MCHPUSB) DRV:64bit: - [2007.06.28 12:45:26 | 000,632,704 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkCMini.sys -- (StkCMini) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1764490533-1300020538-1248404746-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de IE - HKU\S-1-5-21-1764490533-1300020538-1248404746-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1764490533-1300020538-1248404746-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 96 D1 39 AD B1 CA 01 [binary data] IE - HKU\S-1-5-21-1764490533-1300020538-1248404746-1001\..\SearchScopes,DefaultScope = {22A260AF-F7E8-4320-88C4-A03E43BF2672} IE - HKU\S-1-5-21-1764490533-1300020538-1248404746-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1764490533-1300020538-1248404746-1001\..\SearchScopes\{22A260AF-F7E8-4320-88C4-A03E43BF2672}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1764490533-1300020538-1248404746-1001\..\SearchScopes\{7657ED8F-911E-460B-94FE-315FBACEC2E2}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKU\S-1-5-21-1764490533-1300020538-1248404746-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: syncmlplugin@funambol.com:1.0b3 FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20110718 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.26 23:31:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.03.03 23:58:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sigi\AppData\Roaming\mozilla\Extensions [2010.03.03 23:58:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sigi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} () (No name found) -- C:\USERS\SIGI\APPDATA\ROAMING\THUNDERBIRD\86R9QHTH.DEFAULT\EXTENSIONS\{4C9FE6FE-2C83-11DC-90B4-DC8456D89593}.XPI [2012.03.12 19:24:46 | 000,000,000 | ---D | M] (Lightning) -- C:\USERS\SIGI\APPDATA\ROAMING\THUNDERBIRD\86R9QHTH.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103} [2012.02.13 19:04:15 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\USERS\SIGI\APPDATA\ROAMING\THUNDERBIRD\86R9QHTH.DEFAULT\EXTENSIONS\DE_DE@DICTS.J3E.DE [2011.08.26 17:17:58 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\USERS\SIGI\APPDATA\ROAMING\THUNDERBIRD\86R9QHTH.DEFAULT\EXTENSIONS\EN-GB@DICTIONARIES.ADDONS.MOZILLA.ORG () (No name found) -- C:\USERS\SIGI\APPDATA\ROAMING\THUNDERBIRD\86R9QHTH.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI O1 HOSTS File: ([2012.03.28 20:49:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKU\S-1-5-21-1764490533-1300020538-1248404746-1001..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1764490533-1300020538-1248404746-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1764490533-1300020538-1248404746-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEAB29A9-421C-4C97-9028-D0760BB037E6}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.02.04 16:09:16 | 003,725,043 | ---- | M] () - D:\Autofahrerinnen.wmv -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {583E6A63-350E-4873-B9BF-B37B424DB37F} - Microsoft Windows Media Player ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.I420 - File not found Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.30 22:15:37 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Sigi\Desktop\OTL.exe [2012.03.28 22:07:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Sigi\Desktop\dds.com [2012.03.28 21:55:41 | 000,000,000 | -H-D | C] -- C:\Windows\autorec [2012.03.28 20:52:40 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.03.28 20:49:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.03.28 20:43:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.03.28 20:43:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.03.28 20:43:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.03.28 20:43:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.03.28 20:43:46 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.03.28 20:35:32 | 004,448,457 | R--- | C] (Swearware) -- C:\Users\Sigi\Desktop\Conifix.exe [2012.03.28 19:53:46 | 004,448,457 | ---- | C] (Swearware) -- C:\Users\Sigi\Desktop\ComboFix.exe [2012.03.28 19:37:49 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Sigi\Desktop\unhide.exe [2012.03.28 18:36:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.03.28 17:23:59 | 000,000,000 | ---D | C] -- C:\Users\Sigi\AppData\Roaming\Malwarebytes [2012.03.28 17:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.28 17:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.28 17:23:49 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.03.28 17:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.03.28 17:21:45 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sigi\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.28 16:52:52 | 000,000,000 | ---D | C] -- C:\LogDateien [2012.03.28 16:52:42 | 000,000,000 | ---D | C] -- C:\.Trash-999 ========== Files - Modified Within 30 Days ========== [2012.03.30 22:21:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.30 22:15:37 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sigi\Desktop\OTL.exe [2012.03.30 19:21:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.30 19:04:56 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.30 19:04:56 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.30 19:01:39 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.30 19:01:39 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.30 19:01:39 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.30 19:01:39 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.30 19:01:39 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.30 18:57:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.30 18:57:13 | 3214,233,600 | -HS- | M] () -- C:\hiberfil.sys [2012.03.28 23:10:33 | 000,008,441 | ---- | M] () -- C:\Users\Sigi\Desktop\Logfiles.zip [2012.03.28 22:07:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Sigi\Desktop\dds.com [2012.03.28 21:55:41 | 000,024,456 | ---- | M] () -- C:\Windows\Web-Entwickler.mb1 [2012.03.28 21:55:41 | 000,024,456 | ---- | M] () -- C:\Windows\Technische Autoren.mb1 [2012.03.28 21:55:41 | 000,024,456 | ---- | M] () -- C:\Windows\System-Administrator.mb1 [2012.03.28 21:55:41 | 000,024,456 | ---- | M] () -- C:\Windows\Programmierer.mb1 [2012.03.28 21:55:41 | 000,023,927 | ---- | M] () -- C:\Windows\Fortgeschritten.mb1 [2012.03.28 21:55:41 | 000,023,926 | ---- | M] () -- C:\Windows\Power-Anwender.mb1 [2012.03.28 21:55:41 | 000,011,569 | ---- | M] () -- C:\Windows\System-Administrator.te1 [2012.03.28 21:55:41 | 000,007,356 | ---- | M] () -- C:\Windows\Web-Entwickler.pb1 [2012.03.28 21:55:41 | 000,007,356 | ---- | M] () -- C:\Windows\Technische Autoren.pb1 [2012.03.28 21:55:41 | 000,007,356 | ---- | M] () -- C:\Windows\System-Administrator.pb1 [2012.03.28 21:55:41 | 000,007,356 | ---- | M] () -- C:\Windows\Programmierer.pb1 [2012.03.28 21:55:41 | 000,007,356 | ---- | M] () -- C:\Windows\Power-Anwender.pb1 [2012.03.28 21:55:41 | 000,007,356 | ---- | M] () -- C:\Windows\Fortgeschritten.pb1 [2012.03.28 21:55:41 | 000,004,565 | ---- | M] () -- C:\Windows\Editor-Ersatz.mb1 [2012.03.28 21:55:41 | 000,003,791 | ---- | M] () -- C:\Windows\Editor-Ersatz.pb1 [2012.03.28 21:55:41 | 000,002,888 | ---- | M] () -- C:\Windows\System-Administrator.tb1 [2012.03.28 21:55:41 | 000,002,517 | ---- | M] () -- C:\Windows\Web-Entwickler.tb1 [2012.03.28 21:55:41 | 000,001,960 | ---- | M] () -- C:\Windows\Programmierer.tb1 [2012.03.28 21:55:41 | 000,001,921 | ---- | M] () -- C:\Windows\Editor-Ersatz.te1 [2012.03.28 21:55:41 | 000,001,917 | ---- | M] () -- C:\Windows\Web-Entwickler.te1 [2012.03.28 21:55:41 | 000,001,837 | ---- | M] () -- C:\Windows\Technische Autoren.tb1 [2012.03.28 21:55:41 | 000,001,837 | ---- | M] () -- C:\Windows\Power-Anwender.tb1 [2012.03.28 21:55:41 | 000,001,837 | ---- | M] () -- C:\Windows\Fortgeschritten.tb1 [2012.03.28 21:55:41 | 000,000,726 | ---- | M] () -- C:\Windows\Technische Autoren.te1 [2012.03.28 21:55:41 | 000,000,509 | ---- | M] () -- C:\Windows\Editor-Ersatz.tb1 [2012.03.28 21:55:41 | 000,000,000 | ---- | M] () -- C:\Windows\Programmierer.te1 [2012.03.28 21:55:41 | 000,000,000 | ---- | M] () -- C:\Windows\Power-Anwender.te1 [2012.03.28 21:55:40 | 000,008,492 | ---- | M] () -- C:\Windows\Web-Entwickler.in1 [2012.03.28 21:55:40 | 000,007,734 | ---- | M] () -- C:\Windows\System-Administrator.in1 [2012.03.28 21:55:40 | 000,006,999 | ---- | M] () -- C:\Windows\Programmierer.in1 [2012.03.28 21:55:40 | 000,006,765 | ---- | M] () -- C:\Windows\Power-Anwender.in1 [2012.03.28 21:55:40 | 000,006,543 | ---- | M] () -- C:\Windows\Technische Autoren.in1 [2012.03.28 21:55:40 | 000,005,843 | ---- | M] () -- C:\Windows\Editor-Ersatz.in1 [2012.03.28 20:49:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.03.28 20:35:49 | 004,448,457 | R--- | M] (Swearware) -- C:\Users\Sigi\Desktop\Conifix.exe [2012.03.28 19:54:06 | 004,448,457 | ---- | M] (Swearware) -- C:\Users\Sigi\Desktop\ComboFix.exe [2012.03.28 19:37:49 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Sigi\Desktop\unhide.exe [2012.03.28 17:23:50 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.28 17:21:47 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sigi\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.28 17:12:21 | 000,000,000 | ---- | M] () -- C:\Users\Sigi\defogger_reenable [2012.03.28 17:11:05 | 000,050,477 | ---- | M] () -- C:\Users\Sigi\Desktop\Defogger.exe [2012.03.15 19:32:06 | 000,290,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.03.28 23:10:33 | 000,008,441 | ---- | C] () -- C:\Users\Sigi\Desktop\Logfiles.zip [2012.03.28 21:55:41 | 000,024,456 | ---- | C] () -- C:\Windows\Web-Entwickler.mb1 [2012.03.28 21:55:41 | 000,024,456 | ---- | C] () -- C:\Windows\Technische Autoren.mb1 [2012.03.28 21:55:41 | 000,024,456 | ---- | C] () -- C:\Windows\System-Administrator.mb1 [2012.03.28 21:55:41 | 000,024,456 | ---- | C] () -- C:\Windows\Programmierer.mb1 [2012.03.28 21:55:41 | 000,023,927 | ---- | C] () -- C:\Windows\Fortgeschritten.mb1 [2012.03.28 21:55:41 | 000,023,926 | ---- | C] () -- C:\Windows\Power-Anwender.mb1 [2012.03.28 21:55:41 | 000,011,569 | ---- | C] () -- C:\Windows\System-Administrator.te1 [2012.03.28 21:55:41 | 000,007,356 | ---- | C] () -- C:\Windows\Web-Entwickler.pb1 [2012.03.28 21:55:41 | 000,007,356 | ---- | C] () -- C:\Windows\Technische Autoren.pb1 [2012.03.28 21:55:41 | 000,007,356 | ---- | C] () -- C:\Windows\System-Administrator.pb1 [2012.03.28 21:55:41 | 000,007,356 | ---- | C] () -- C:\Windows\Programmierer.pb1 [2012.03.28 21:55:41 | 000,007,356 | ---- | C] () -- C:\Windows\Power-Anwender.pb1 [2012.03.28 21:55:41 | 000,007,356 | ---- | C] () -- C:\Windows\Fortgeschritten.pb1 [2012.03.28 21:55:41 | 000,004,565 | ---- | C] () -- C:\Windows\Editor-Ersatz.mb1 [2012.03.28 21:55:41 | 000,003,791 | ---- | C] () -- C:\Windows\Editor-Ersatz.pb1 [2012.03.28 21:55:41 | 000,002,888 | ---- | C] () -- C:\Windows\System-Administrator.tb1 [2012.03.28 21:55:41 | 000,002,517 | ---- | C] () -- C:\Windows\Web-Entwickler.tb1 [2012.03.28 21:55:41 | 000,001,960 | ---- | C] () -- C:\Windows\Programmierer.tb1 [2012.03.28 21:55:41 | 000,001,921 | ---- | C] () -- C:\Windows\Editor-Ersatz.te1 [2012.03.28 21:55:41 | 000,001,917 | ---- | C] () -- C:\Windows\Web-Entwickler.te1 [2012.03.28 21:55:41 | 000,001,837 | ---- | C] () -- C:\Windows\Technische Autoren.tb1 [2012.03.28 21:55:41 | 000,001,837 | ---- | C] () -- C:\Windows\Power-Anwender.tb1 [2012.03.28 21:55:41 | 000,001,837 | ---- | C] () -- C:\Windows\Fortgeschritten.tb1 [2012.03.28 21:55:41 | 000,000,726 | ---- | C] () -- C:\Windows\Technische Autoren.te1 [2012.03.28 21:55:41 | 000,000,509 | ---- | C] () -- C:\Windows\Editor-Ersatz.tb1 [2012.03.28 21:55:41 | 000,000,000 | ---- | C] () -- C:\Windows\Programmierer.te1 [2012.03.28 21:55:41 | 000,000,000 | ---- | C] () -- C:\Windows\Power-Anwender.te1 [2012.03.28 21:55:40 | 000,175,600 | ---- | C] () -- C:\Windows\WORDFILE.UEW [2012.03.28 21:55:40 | 000,043,346 | ---- | C] () -- C:\Windows\TAGLIST.UET [2012.03.28 21:55:40 | 000,008,492 | ---- | C] () -- C:\Windows\Web-Entwickler.in1 [2012.03.28 21:55:40 | 000,007,734 | ---- | C] () -- C:\Windows\System-Administrator.in1 [2012.03.28 21:55:40 | 000,006,999 | ---- | C] () -- C:\Windows\Programmierer.in1 [2012.03.28 21:55:40 | 000,006,765 | ---- | C] () -- C:\Windows\Power-Anwender.in1 [2012.03.28 21:55:40 | 000,006,543 | ---- | C] () -- C:\Windows\Technische Autoren.in1 [2012.03.28 21:55:40 | 000,005,843 | ---- | C] () -- C:\Windows\Editor-Ersatz.in1 [2012.03.28 20:43:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.03.28 20:43:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.03.28 20:43:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.03.28 20:43:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.03.28 20:43:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.03.28 20:31:40 | 000,002,316 | ---- | C] () -- C:\Users\Public\Desktop\Creative-Produktregistrierung.lnk [2012.03.28 20:31:40 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.03.28 20:31:40 | 000,002,180 | ---- | C] () -- C:\Users\Public\Desktop\MPLAB IDE v8.50.lnk [2012.03.28 20:31:40 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2012.03.28 20:31:40 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk [2012.03.28 20:31:40 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk [2012.03.28 20:31:40 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.03.28 20:31:40 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.03.28 20:31:40 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012.03.28 20:31:40 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [2012.03.28 20:31:40 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2012.03.28 20:31:40 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.03.28 20:31:40 | 000,001,324 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk [2012.03.28 20:31:40 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2012.03.28 20:31:40 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2012.03.28 20:31:40 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2012.03.28 20:31:40 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Debut Video Capture Software.lnk [2012.03.28 20:31:39 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.03.28 20:31:39 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.03.28 20:31:39 | 000,001,126 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk [2012.03.28 17:23:50 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.28 17:12:21 | 000,000,000 | ---- | C] () -- C:\Users\Sigi\defogger_reenable [2012.03.28 17:11:05 | 000,050,477 | ---- | C] () -- C:\Users\Sigi\Desktop\Defogger.exe [2011.09.06 21:25:28 | 000,057,344 | ---- | C] () -- C:\Windows\StkUnist.exe [2011.06.11 11:27:19 | 000,000,000 | ---- | C] () -- C:\Users\Sigi\AppData\Local\{62C80243-4D40-4C40-A11B-694C0AF4794D} [2010.05.31 20:56:02 | 000,004,311 | ---- | C] () -- C:\Windows\scad3.INI [2010.04.05 06:40:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\MPMapTrace.dll [2010.04.05 06:05:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\mpPathan.dll ========== LOP Check ========== [2010.05.31 19:55:36 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\CadSoft [2010.10.26 21:20:27 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\FlexRadio Systems [2010.03.26 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\Funambol [2010.09.15 19:05:12 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\Microchip [2011.06.22 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\MusE [2010.03.24 20:17:37 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\Nokia [2010.03.21 20:28:31 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\OpenOffice.org [2010.03.24 20:17:38 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\PC Suite [2011.08.26 17:20:23 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\thunderbird [2012.01.27 20:05:28 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.02.10 18:49:32 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\Adobe [2011.01.04 21:31:40 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\Avira [2010.05.31 19:55:36 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\CadSoft [2010.03.22 21:48:53 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\Creative [2010.10.26 21:20:27 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\FlexRadio Systems [2010.03.26 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\Funambol [2010.02.19 23:06:02 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\Identities [2010.03.23 21:35:16 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\IDMComp [2011.09.24 20:13:21 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\InstallShield [2010.02.19 23:44:49 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\Macromedia [2012.03.28 17:23:59 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\Malwarebytes [2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\Media Center Programs [2010.09.15 19:05:12 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\Microchip [2012.02.10 18:49:32 | 000,000,000 | --SD | M] -- C:\Users\Sigi\AppData\Roaming\Microsoft [2010.03.03 23:58:53 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\Mozilla [2011.06.22 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\MusE [2011.11.06 17:59:16 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\NCH Software [2010.03.24 20:17:37 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\Nokia [2010.03.21 20:28:31 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\OpenOffice.org [2010.03.24 20:17:38 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\PC Suite [2011.07.26 19:35:25 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\SolidWorks [2011.08.26 17:20:23 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\thunderbird [2010.07.12 19:32:50 | 000,000,000 | ---D | M] -- C:\Users\Sigi\AppData\Roaming\UltraVNC < %APPDATA%\*.exe /s > [2010.10.26 21:16:42 | 000,002,238 | R--- | M] () -- C:\Users\Sigi\AppData\Roaming\Microsoft\Installer\{244B700E-263D-4CB4-813D-E477E540A8FE}\_38A30E5B452DEEAA616D81.exe [2010.10.26 21:16:42 | 000,002,238 | R--- | M] () -- C:\Users\Sigi\AppData\Roaming\Microsoft\Installer\{244B700E-263D-4CB4-813D-E477E540A8FE}\_6FEFF9B68218417F98F549.exe [2010.10.26 21:16:42 | 000,002,238 | R--- | M] () -- C:\Users\Sigi\AppData\Roaming\Microsoft\Installer\{244B700E-263D-4CB4-813D-E477E540A8FE}\_C1D57C3B9D63D9612FB4E4.exe [2011.07.11 20:53:34 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Users\Sigi\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\ARPPRODUCTICON.exe [2011.07.11 20:53:34 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\Sigi\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\EchoLink.chm_B5759EDEA3D244BBB2AAF1B15E1EC021.exe [2011.07.11 20:53:34 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Users\Sigi\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\EchoLink.exe11_B5759EDEA3D244BBB2AAF1B15E1EC021.exe [2011.07.11 20:53:34 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Users\Sigi\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\EchoLink.exe1_B5759EDEA3D244BBB2AAF1B15E1EC021.exe [2011.07.11 20:53:34 | 000,053,248 | R--- | M] (Macrovision Corporation) -- C:\Users\Sigi\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\EchoLink_Support.u_B5759EDEA3D244BBB2AAF1B15E1EC021.exe [2011.07.11 20:53:34 | 000,053,248 | R--- | M] (Macrovision Corporation) -- C:\Users\Sigi\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\EchoLink_Web_Site._B5759EDEA3D244BBB2AAF1B15E1EC021.exe [2007.11.27 09:41:32 | 000,405,504 | ---- | M] () -- C:\Users\Sigi\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe [2011.08.12 14:59:48 | 001,085,952 | ---- | M] () -- C:\Users\Sigi\AppData\Roaming\NCH Software\Components\x264enc\x264enc.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.03.2012 22:19:39 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sigi\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 68,58% Memory free
7,98 Gb Paging File | 6,54 Gb Available in Paging File | 81,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 117,26 Gb Free Space | 60,04% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 225,08 Gb Free Space | 76,83% Space Free | Partition Type: NTFS
Drive E: | 443,13 Gb Total Space | 431,71 Gb Free Space | 97,42% Space Free | Partition Type: NTFS
Computer Name: SIGI-PC | User Name: Sigi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Ultravnc2_is1" = UltraVNC 1.0.8.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{244B700E-263D-4CB4-813D-E477E540A8FE}" = PowerSDR v2.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3717C4F2-7412-4793-9BB8-D73D2817B3D6}" = USB Video/Audio Device Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{DC33421C-0E1C-470A-BE37-7B7C82677812}" = EchoLink
"{E32E631C-0EF6-4B42-95E3-2379A0F282BB}" = MPLAB Tools v8.50
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BouquetWizard" = Bouquet Wizard
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Dbox2 Bootmanager" = Dbox2 Bootmanager
"Debut" = Debut Video Capture Software
"Diagnostics 4_5" = Creative-Diagnose
"EAGLE 5.11.0" = EAGLE 5.11.0
"Freemake Video Converter_is1" = Freemake Video Converter Version 2.4.0
"Host OpenAL" = Host OpenAL
"InstallShield_{E32E631C-0EF6-4B42-95E3-2379A0F282BB}" = MPLAB Tools v8.50
"LTspice IV" = LTspice IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"minirk12_is1" = mini Ringkern-Rechner 1.2
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MuseScore" = MuseScore 1.0 MuseScore score typesetter
"Nokia PC Suite" = Nokia PC Suite
"USB2.0 ATV" = USB2.0 ATV
"WaveStudio 7" = Creative WaveStudio 7
"Windows7FirewallControl_is1" = Windows7FirewallControl (i386) 3.0.3.21
"Win-Test for Windows_is1" = Win-Test for Windows version 4.9.1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.03.2012 12:50:26 | Computer Name = Sigi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.03.2012 12:50:51 | Computer Name = Sigi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.03.2012 14:16:31 | Computer Name = Sigi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.03.2012 14:16:31 | Computer Name = Sigi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.03.2012 14:26:32 | Computer Name = Sigi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.03.2012 15:12:15 | Computer Name = Sigi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.03.2012 15:12:40 | Computer Name = Sigi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.03.2012 15:12:41 | Computer Name = Sigi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.03.2012 15:12:43 | Computer Name = Sigi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.03.2012 15:12:55 | Computer Name = Sigi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ Media Center Events ]
Error - 12.05.2011 12:50:58 | Computer Name = Sigi-PC | Source = MCUpdate | ID = 0
Description = 18:50:58 - Fehler beim Herstellen der Internetverbindung. 18:50:58
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 28.03.2012 15:02:49 | Computer Name = Sigi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DS1410D" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 28.03.2012 15:02:49 | Computer Name = Sigi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PortTalk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 29.03.2012 14:30:58 | Computer Name = Sigi-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 29.03.2012 14:30:58 | Computer Name = Sigi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 29.03.2012 14:31:02 | Computer Name = Sigi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DS1410D" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 29.03.2012 14:31:02 | Computer Name = Sigi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PortTalk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 30.03.2012 12:57:17 | Computer Name = Sigi-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 30.03.2012 12:57:17 | Computer Name = Sigi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 30.03.2012 12:57:25 | Computer Name = Sigi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DS1410D" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 30.03.2012 12:57:25 | Computer Name = Sigi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PortTalk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
|
|
30.03.2012, 23:04
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rogue.FakeHDD - System Check Virus - Keine Dateien und Links mehr sichtbar Ist ziemlich unauffällig. Wollen wir tiefer graben?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.03.2012, 13:15
| #9 |
| | Rogue.FakeHDD - System Check Virus - Keine Dateien und Links mehr sichtbar Hallo Arne, System läuf schnell und stabil, die paar fehlenden Links habe ich bereits wieder eingerichtet, von meiner Seite aus OK, kann abgeschlossen werden. Muss ich mit dem Defogger wieder was reaktivieren, odere andere Files/Tools löschen oder dekativieren? Has du ne Idee wo der Quälgeist durchgekommen ist? Java war 4 Tage nicht auf dem neusten Stand!? Gruß, Sigi |
|
| Themen zu Rogue.FakeHDD - System Check Virus - Keine Dateien und Links mehr sichtbar |
| acrobat update, adobe, antivir, antivir guard, avira, defender, desktop, dll, explorer, generic, helper, keine dateien, libusb0.sys, log, malware, pdf, plug-in, problem, pum.hijack.startmenu, realtek, rogue.fakehdd, rundll, scan, security, suche, super, svchost.exe, system, updates, usb, virus, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
