| |
| |||||||
Log-Analyse und Auswertung: Browser funktionieren nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
01.07.2012, 19:39
| #1 |
| |  Browser funktionieren nicht Browser funktionierten nicht. Kurz die Eieruhr, dann nichts mehr. Vom Stick - Portable Apps ging es. Nach Boardeinträgen gesucht - Malwarebyre heruntergeladen - ANWEISUNGEN BEFOLGT UND ES GEHT WIEDER - Danke!!!: hIER MEIN Log VON mALwRAEBYTE: Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.01.07 Windows XP Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 dirk :: DESK [Administrator] Schutz: Aktiviert 01.07.2012 20:08:04 mbam-log-2012-07-01 (20-21-11).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 305158 Laufzeit: 9 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCR\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} (Trojan.FakeMS) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 10 C:\ProgramData\Windows\msseedir.dll (Trojan.FakeMS) -> Keine Aktion durchgeführt. C:\Documents and Settings\dirk\AppData\Local\Temp\233o7hmt.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt. C:\Documents and Settings\dirk\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt. C:\Users\dirk\AppData\Local\Temp\233o7hmt.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt. C:\Users\dirk\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt. C:\Documents and Settings\dirk\Downloads\DownloadManagerSetup.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt. C:\Users\dirk\Downloads\DownloadManagerSetup.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt. C:\ProgramData\Windows\ccdxmmde.dat (Malware.Trace) -> Keine Aktion durchgeführt. C:\ProgramData\Windows\drss.dat (Malware.Trace) -> Keine Aktion durchgeführt. C:\ProgramData\Windows\xessmsxe.dat (Malware.Trace) -> Keine Aktion durchgeführt. (Ende) Alle gelöscht und es geht wieder. Vielleicht hab ich was übersehen - Schaut mal drüber und ne Info wäre nett!  |
|
01.07.2012, 19:44
| #2 |
| /// Malware-holic   | Browser funktionieren nicht Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
02.07.2012, 18:58
| #3 | |
| | Browser funktionieren nicht Hallo markusg
__________________Danke für die schnelle Antort. Alles erledigt. Nur..... Zitat:
Danke. Wer lesen kann ist klar im Vorteil hier die scansOTL Logfile: Code:
ATTFilter OTL logfile created on: 02.07.2012 20:04:26 - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\~\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,75 Gb Total Physical Memory | 12,77 Gb Available Physical Memory | 81,08% Memory free 31,50 Gb Paging File | 28,27 Gb Available in Paging File | 89,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,75 Gb Total Space | 336,51 Gb Free Space | 72,25% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 147,72 Gb Free Space | 31,72% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 13,20 Gb Free Space | 2,83% Space Free | Partition Type: NTFS Drive F: | 3,75 Gb Total Space | 1,28 Gb Free Space | 34,23% Space Free | Partition Type: FAT32 Drive S: | 640,62 Gb Total Space | 470,91 Gb Free Space | 73,51% Space Free | Partition Type: NTFS Drive T: | 756,64 Gb Total Space | 179,96 Gb Free Space | 23,78% Space Free | Partition Type: NTFS Drive U: | 232,88 Gb Total Space | 105,04 Gb Free Space | 45,10% Space Free | Partition Type: NTFS Drive Z: | 4,88 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: DESK | User Name: ~ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\~\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\ProgDVB\ProgLauncher.exe () PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Windows\TeViiRC.exe (TeVii Technology Ltd.) PRC - C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.) PRC - C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe () PRC - C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\Psion\PsiWin\Psconsv.exe (Symbian Ltd.) PRC - C:\PROGRA~2\Psion\PsiWin\Elogerr.exe (Symbian Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll () MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\Program Files (x86)\ProgDVB\ProgLauncher.exe () MOD - C:\Program Files (x86)\ProgDVB\Modules\tevii.ebda () MOD - C:\Program Files (x86)\ProgDVB\Modules\bda.device () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll () MOD - C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll () MOD - C:\Program Files (x86)\Tobit Radio.fx\Client\TOBITCLT.dll () MOD - C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client$.ger () MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\SysWOW64\APOMngr.DLL () MOD - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\de-DE\THXAudio.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll () MOD - C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll () MOD - C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll () MOD - C:\Program Files (x86)\Psion\PsiWin\pwwpres.DLL () MOD - C:\Program Files (x86)\Psion\PsiWin\wprtsv.stm () MOD - C:\Program Files (x86)\Psion\PsiWin\PDRLIB.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (vToolbarUpdater11.1.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BBSvc.exe (Microsoft Corporation.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (ProgDVBService) -- C:\Programme\ProgDVB\ProgDvbService.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Radio.fx) -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys () DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (SAllBDA) -- C:\Windows\SysNative\drivers\TeViiS2.sys (TeVii Technology Ltd.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MPEVirtual) -- C:\Windows\SysNative\drivers\TeViiData64.sys (TeVii Technology, Ltd.) DRV:64bit: - (RTLE8023x64) Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) -- C:\Windows\SysNative\drivers\Rtenic64.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (ahcix64) -- C:\Windows\SysNative\drivers\ahcix64.sys (Advanced Micro Devices, Inc) DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (Ph3xIB64) -- C:\Windows\SysNative\drivers\Ph3xIB64.sys (NXP Semiconductors) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH) DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (CrystalSysInfo) -- C:\Programme\MediaCoder\SysInfoX64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 7F 34 52 6D F2 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={E76B576D-539A-464C-9005-2E1104C00B69}&mid=47c49196507647d1ad65d16c6450c2c5-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=ts024&pr=sa&d=2012-02-23 23:16:53&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.web.de" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: d:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.03.10 00:32:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012.06.12 23:33:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.03.10 00:17:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.01 10:54:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 18:44:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.03.19 21:02:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.07.01 10:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\~\AppData\Roaming\mozilla\Extensions [2012.07.02 19:31:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\~\AppData\Roaming\mozilla\Firefox\Profiles\e4g1jgro.default\extensions [2012.07.01 20:28:13 | 000,000,000 | ---D | M] (WOT) -- C:\Users\~\AppData\Roaming\mozilla\Firefox\Profiles\e4g1jgro.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.07.01 10:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2009.09.13 00:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2009.09.13 00:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2009.09.13 00:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2009.09.13 00:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2009.09.13 00:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2009.09.13 00:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.12 23:32:48 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TeViiRC] C:\Windows\TeViiRC.exe (TeVii Technology Ltd.) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [ASRockIES] C:\Program Files (x86)\ASRock Utility\IES\AsrIes.exe (ASRock Incorporation) O4 - HKCU..\Run: [ASRockOCTuner] File not found O4 - HKCU..\Run: [ProgLauncher] C:\Program Files (x86)\ProgDVB\ProgLauncher.exe () O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [zASRockInstantBoot] C:\Program Files (x86)\ASRock Utility\InstantBoot\InstantBoot.exe (ASRock) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E73B34FE-B19A-4740-B9E9-D8AD8190A1AE}: NameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll () O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.02.27 18:55:53 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O32 - Unable to obtain root file information for disk F:\ O32 - AutoRun File - [2011.01.15 20:23:08 | 000,000,000 | ---- | M] () - T:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.02.27 18:55:53 | 000,000,000 | ---- | M] () - U:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.04.16 14:34:04 | 000,000,468 | R--- | M] () - Z:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2010.04.16 14:34:04 | 000,000,012 | R--- | M] () - Z:\autorun.tag -- [ CDFS ] O32 - AutoRun File - [2009.02.13 11:59:52 | 000,935,768 | R--- | M] (mirabyte GmbH & Co. KG) - Z:\autostart.exe -- [ CDFS ] O33 - MountPoints2\{f54e8fdd-5b27-11e1-8c58-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f54e8fdd-5b27-11e1-8c58-806e6f6e6963}\Shell\AutoRun\command - "" = Z:\autostart.exe -- [2009.02.13 11:59:52 | 000,935,768 | R--- | M] (mirabyte GmbH & Co. KG) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9C03BBF0-26DE-132A-1334-99FFBE1463EE} - Themes Setup ActiveX: {AAA6EDB8-0F92-EA7D-0963-FC0B6B9E1DC4} - Internet Explorer ActiveX: {BB94C243-583F-B3E0-1D3C-19B247ADA04C} - Microsoft Windows Media Player 12.0 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Radio.fx.LNK - C:\PROGRA~2\TOBITR~1.FX\Client\RFX-CL~1.EXE - (Tobit.Software) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.02 19:30:23 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\~\Desktop\OTL.exe [2012.07.01 20:05:45 | 000,000,000 | ---D | C] -- C:\Users\~\AppData\Roaming\Malwarebytes [2012.07.01 20:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.01 20:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.01 20:05:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.01 20:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.01 19:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012.07.01 19:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012.07.01 19:53:06 | 000,000,000 | ---D | C] -- C:\Users\~\Documents\Anti-Malware [2012.07.01 18:49:44 | 000,000,000 | ---D | C] -- C:\Users\~\AppData\Roaming\AVG Secure Search [2012.07.01 18:49:43 | 000,000,000 | ---D | C] -- C:\Users\~\AppData\Local\ZoneAlarm-Sicherheit [2012.07.01 10:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.07.01 10:52:04 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.07.01 10:51:07 | 000,000,000 | ---D | C] -- C:\Users\~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.07.01 10:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2012.07.01 10:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.07.01 10:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.07.01 10:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.07.01 10:44:12 | 000,000,000 | ---D | C] -- C:\Users\~\AppData\Roaming\Mozilla [2012.06.26 23:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows [2012.06.23 11:28:28 | 000,000,000 | ---D | C] -- C:\Users\~\AppData\Local\Macromedia [2012.06.17 21:14:00 | 000,000,000 | ---D | C] -- C:\Users\~\Desktop\GH [2012.06.16 19:31:59 | 000,000,000 | ---D | C] -- C:\Users\~\Desktop\Musik ~ [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\~\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\~\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\~\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\~\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2012.07.02 19:55:42 | 000,003,758 | ---- | M] () -- C:\Users\~\Desktop\otlfix.jpg [2012.07.02 19:45:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.02 19:34:43 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.02 19:34:43 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.02 19:33:06 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.02 19:33:06 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.02 19:33:06 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.02 19:33:06 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.02 19:33:06 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.02 19:30:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\~\Desktop\OTL.exe [2012.07.02 19:26:53 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job [2012.07.02 19:26:36 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys [2012.07.02 19:26:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.02 19:25:50 | 4093,042,686 | -HS- | M] () -- C:\hiberfil.sys [2012.07.01 20:05:37 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.01 19:53:20 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.07.01 14:12:19 | 000,026,624 | ---- | M] () -- C:\Users\~\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.01 10:54:54 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.01 10:51:07 | 000,001,885 | ---- | M] () -- C:\Users\~\Desktop\CCleaner.lnk [2012.07.01 10:44:49 | 000,001,258 | ---- | M] () -- C:\Users\~\Desktop\Spybot - Search & Destroy.lnk [2012.06.29 22:17:59 | 000,002,092 | ---- | M] () -- C:\Users\~\Desktop\Avira Antivirus Premium 2012 Profil Suche nach Rootkits und aktiver Malware.LNK [2012.06.23 12:14:05 | 000,659,458 | ---- | M] () -- C:\Users\~\Desktop\bart2.jpg [2012.06.17 11:48:54 | 000,001,477 | ---- | M] () -- C:\Users\~\AppData\Local\RecConfig.xml [2012.06.15 06:49:56 | 000,337,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.07.02 19:55:41 | 000,003,758 | ---- | C] () -- C:\Users\~\Desktop\otlfix.jpg [2012.07.01 20:05:37 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.01 19:53:20 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.07.01 10:54:18 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.01 10:54:17 | 000,001,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.07.01 10:51:07 | 000,001,885 | ---- | C] () -- C:\Users\~\Desktop\CCleaner.lnk [2012.07.01 10:44:49 | 000,001,258 | ---- | C] () -- C:\Users\~\Desktop\Spybot - Search & Destroy.lnk [2012.06.29 22:17:59 | 000,002,092 | ---- | C] () -- C:\Users\~\Desktop\Avira Antivirus Premium 2012 Profil Suche nach Rootkits und aktiver Malware.LNK [2012.06.23 12:14:05 | 000,659,458 | ---- | C] () -- C:\Users\~\Desktop\bart2.jpg [2012.05.20 13:40:14 | 000,001,445 | ---- | C] () -- C:\Users\~\AppData\Local\recently-used.xbel [2012.05.19 18:54:34 | 002,648,064 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2012.05.08 16:31:53 | 000,000,023 | ---- | C] () -- C:\Windows\dvzxlt.ini [2012.04.29 00:24:58 | 000,012,569 | ---- | C] () -- C:\ProgramData\ndhlopzv.syn [2012.04.28 22:52:15 | 000,004,982 | ---- | C] () -- C:\ProgramData\mxnhytee.feu [2012.04.22 04:58:51 | 000,001,477 | ---- | C] () -- C:\Users\~\AppData\Local\RecConfig.xml [2012.03.28 12:14:17 | 000,026,624 | ---- | C] () -- C:\Users\~\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.28 10:35:42 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.03.28 10:29:14 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.03.12 19:35:09 | 000,339,968 | ---- | C] () -- C:\Windows\vsnpstd.exe [2012.03.12 19:35:09 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini [2012.03.12 19:35:05 | 000,390,784 | ---- | C] () -- C:\Windows\SysWow64\drivers\snpstd.sys [2012.03.12 19:35:03 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd.dll [2012.03.12 19:35:03 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\csnpstd.dll [2012.03.12 19:35:03 | 000,036,864 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd.dll [2012.03.12 19:35:03 | 000,020,480 | ---- | C] () -- C:\Windows\usnpstd.exe [2012.02.23 22:20:06 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll [2012.02.23 22:19:32 | 000,002,856 | ---- | C] () -- C:\Windows\mgxoschk.ini [2012.02.20 22:56:04 | 000,001,112 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2012.02.20 22:56:04 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2012.02.20 22:56:04 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2012.02.20 22:56:01 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.02.20 22:56:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.02.20 22:31:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.20 22:29:51 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.02.19 22:02:36 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.12 02:13:18 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\~\AppData\Local\lame_enc.dll [2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\~\AppData\Local\vorbisenc.dll [2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\~\AppData\Local\vorbisfile.dll [2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\~\AppData\Local\vorbis.dll [2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\~\AppData\Local\ogg.dll [2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\~\AppData\Local\no23xwrapper.dll ========== LOP Check ========== [2012.05.08 19:00:15 | 000,000,000 | ---D | M] -- C:\Users\~\AppData\Roaming\Audacity [2012.07.01 18:49:44 | 000,000,000 | ---D | M] -- C:\Users\~\AppData\Roaming\AVG Secure Search [2012.03.28 10:59:10 | 000,000,000 | ---D | M] -- C:\Users\~\AppData\Roaming\Broad Intelligence [2012.05.15 09:23:32 | 000,000,000 | ---D | M] -- C:\Users\~\AppData\Roaming\Canneverbe Limited [2012.03.10 00:17:49 | 000,000,000 | ---D | M] -- C:\Users\~\AppData\Roaming\CheckPoint [2012.04.29 00:16:34 | 000,000,000 | ---D | M] -- C:\Users\~\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__ [2012.05.15 09:22:03 | 000,000,000 | ---D | M] -- C:\Users\~\AppData\Roaming\DeepBurner [2012.05.07 12:03:30 | 000,000,000 | ---D | M] -- C:\Users\~\AppData\Roaming\FreePDF [2012.03.06 03:56:29 | 000,000,000 | ---D | M] -- C:\Users\~\AppData\Roaming\ICAClient [2012.06.29 22:09:15 | 000,000,000 | ---D | M] -- C:\Users\~\AppData\Roaming\IrfanView [2012.03.19 21:02:20 | 000,000,000 | ---D | M] -- C:\Users\~\AppData\Roaming\Thunderbird [2012.05.19 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\~\AppData\Roaming\Tobit [2012.05.08 16:15:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.02 19:26:53 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.07.01 19:15:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.05.08 16:13:32 | 000,000,000 | ---D | M] -- C:\b669fa5aa6591a158d57d4fc3bf61d [2012.02.19 20:30:43 | 000,000,000 | -HSD | M] -- C:\Boot [2012.02.23 23:01:48 | 000,000,000 | ---D | M] -- C:\c3d927d4ee62956ece548762 [2012.06.13 23:34:17 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.02.19 20:39:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.05.23 22:10:24 | 000,000,000 | ---D | M] -- C:\EPOC [2012.02.27 00:17:12 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0 [2012.02.23 22:21:13 | 000,000,000 | ---D | M] -- C:\MAGIX [2012.03.11 15:47:53 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.06.29 22:09:15 | 000,000,000 | ---D | M] -- C:\myTeVii [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.03.28 14:14:48 | 000,000,000 | ---D | M] -- C:\perseus [2012.05.20 13:30:35 | 000,000,000 | R--D | M] -- C:\Program Files [2012.07.01 20:05:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.07.01 20:05:36 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.02.19 20:39:54 | 000,000,000 | -HSD | M] -- C:\Programme [2012.02.19 20:39:54 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.07.02 20:09:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.05.13 11:22:27 | 000,000,000 | R--D | M] -- C:\Users [2012.07.01 18:22:53 | 000,000,000 | ---D | M] -- C:\Windows [2012.02.19 20:19:34 | 000,000,000 | ---D | M] -- C:\Windows.old < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > [2007.01.18 21:09:54 | 000,623,616 | ---- | M] (Ivan Bischof ©2003 - 2005) -- C:\Users\~\AppData\Local\No23 Recorder.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Documents and Settings\~\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120223T223002345078\internal_ide_channel\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Documents and Settings\~\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120223T223002345078\pci\cc_0101\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Documents and Settings\~\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120225T120023112705\internal_ide_channel\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Documents and Settings\~\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120225T120023112705\pci\cc_0101\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Documents and Settings\~\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120225T131619500767\internal_ide_channel\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Documents and Settings\~\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120225T131619500767\pci\cc_0101\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\~\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120223T223002345078\internal_ide_channel\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\~\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120223T223002345078\pci\cc_0101\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\~\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120225T120023112705\internal_ide_channel\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\~\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120225T120023112705\pci\cc_0101\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\~\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120225T131619500767\internal_ide_channel\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\~\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120225T131619500767\pci\cc_0101\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows.old\Windows\explorer.exe [2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.07.02 20:11:56 | 001,835,008 | -HS- | M] () -- C:\Users\~\ntuser.dat [2012.07.02 20:11:56 | 000,262,144 | -HS- | M] () -- C:\Users\~\ntuser.dat.LOG1 [2012.02.19 20:40:00 | 000,000,000 | -HS- | M] () -- C:\Users\~\ntuser.dat.LOG2 [2012.02.19 20:57:13 | 000,065,536 | -HS- | M] () -- C:\Users\~\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.02.19 20:57:13 | 000,524,288 | -HS- | M] () -- C:\Users\~\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.02.19 20:57:13 | 000,524,288 | -HS- | M] () -- C:\Users\~\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.04.23 00:29:46 | 000,065,536 | -HS- | M] () -- C:\Users\~\ntuser.dat{26f06e53-8c1e-11e1-92a3-002522b42b36}.TM.blf [2012.04.23 00:29:46 | 000,524,288 | -HS- | M] () -- C:\Users\~\ntuser.dat{26f06e53-8c1e-11e1-92a3-002522b42b36}.TMContainer00000000000000000001.regtrans-ms [2012.04.23 00:29:46 | 000,524,288 | -HS- | M] () -- C:\Users\~\ntuser.dat{26f06e53-8c1e-11e1-92a3-002522b42b36}.TMContainer00000000000000000002.regtrans-ms [2012.02.29 00:02:51 | 000,065,536 | -HS- | M] () -- C:\Users\~\ntuser.dat{523097bc-624f-11e1-be25-8ce86f7edbdc}.TM.blf [2012.02.29 00:02:51 | 000,524,288 | -HS- | M] () -- C:\Users\~\ntuser.dat{523097bc-624f-11e1-be25-8ce86f7edbdc}.TMContainer00000000000000000001.regtrans-ms [2012.02.29 00:02:51 | 000,524,288 | -HS- | M] () -- C:\Users\~\ntuser.dat{523097bc-624f-11e1-be25-8ce86f7edbdc}.TMContainer00000000000000000002.regtrans-ms [2012.02.19 22:31:36 | 000,065,536 | -HS- | M] () -- C:\Users\~\ntuser.dat{53a2719b-5b33-11e1-8690-002522b42b36}.TM.blf [2012.02.19 22:31:36 | 000,524,288 | -HS- | M] () -- C:\Users\~\ntuser.dat{53a2719b-5b33-11e1-8690-002522b42b36}.TMContainer00000000000000000001.regtrans-ms [2012.02.19 22:31:36 | 000,524,288 | -HS- | M] () -- C:\Users\~\ntuser.dat{53a2719b-5b33-11e1-8690-002522b42b36}.TMContainer00000000000000000002.regtrans-ms [2012.02.28 20:02:26 | 000,065,536 | -HS- | M] () -- C:\Users\~\ntuser.dat{c1e35db8-6230-11e1-9092-002522b42b36}.TM.blf [2012.02.28 20:02:26 | 000,524,288 | -HS- | M] () -- C:\Users\~\ntuser.dat{c1e35db8-6230-11e1-9092-002522b42b36}.TMContainer00000000000000000001.regtrans-ms [2012.02.28 20:02:26 | 000,524,288 | -HS- | M] () -- C:\Users\~\ntuser.dat{c1e35db8-6230-11e1-9092-002522b42b36}.TMContainer00000000000000000002.regtrans-ms [2012.07.01 18:09:32 | 000,065,536 | -HS- | M] () -- C:\Users\~\ntuser.dat{e3ae7e5e-c390-11e1-9788-002522b42b36}.TM.blf [2012.07.01 18:09:32 | 000,524,288 | -HS- | M] () -- C:\Users\~\ntuser.dat{e3ae7e5e-c390-11e1-9788-002522b42b36}.TMContainer00000000000000000001.regtrans-ms [2012.07.01 18:09:32 | 000,524,288 | -HS- | M] () -- C:\Users\~\ntuser.dat{e3ae7e5e-c390-11e1-9788-002522b42b36}.TMContainer00000000000000000002.regtrans-ms [2012.02.19 20:40:00 | 000,000,020 | -HS- | M] () -- C:\Users\~\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD < End of report > undOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.07.2012 19:33:00 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\~\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,75 Gb Total Physical Memory | 12,75 Gb Available Physical Memory | 80,93% Memory free
31,50 Gb Paging File | 28,31 Gb Available in Paging File | 89,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 339,47 Gb Free Space | 72,89% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 147,72 Gb Free Space | 31,72% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 13,20 Gb Free Space | 2,83% Space Free | Partition Type: NTFS
Drive F: | 3,75 Gb Total Space | 1,28 Gb Free Space | 34,23% Space Free | Partition Type: FAT32
Drive S: | 640,62 Gb Total Space | 470,91 Gb Free Space | 73,51% Space Free | Partition Type: NTFS
Drive T: | 756,64 Gb Total Space | 179,96 Gb Free Space | 23,78% Space Free | Partition Type: NTFS
Drive U: | 232,88 Gb Total Space | 105,04 Gb Free Space | 45,10% Space Free | Partition Type: NTFS
Drive Z: | 4,88 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: DESK | User Name: ~ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "d:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "d:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05529185-2469-4B86-9B94-C97DB6949DF7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09AC2272-762F-4A91-A93F-51C1CA5E9E6E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{09CE5EA1-D538-4BFB-82DC-AC8D9A1BA423}" = lport=137 | protocol=17 | dir=in | app=system |
"{16461F59-4620-493F-9304-2EC7B373BD5A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1FB24EAA-4F1C-47E9-AC99-B84F68F47906}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20D16A8A-7C96-48ED-9538-827054FE35B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{37CFCA5D-4A6A-4BF4-AA1C-6791C146D992}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3DC02C3B-A913-423D-9661-5D30A1EF8379}" = lport=139 | protocol=6 | dir=in | app=system |
"{3E36579C-4F79-4E33-8281-18097E080581}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4F97A7CB-57CA-4B3C-BFBE-621F63A80435}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5A282D83-62C0-4E5F-A8C0-37C5B42ED511}" = rport=445 | protocol=6 | dir=out | app=system |
"{935E5E71-02D7-4C40-97D4-516EF760F1E3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{950C2238-4D33-45FB-A022-884CEB61EEFE}" = lport=445 | protocol=6 | dir=in | app=system |
"{A177A3C3-CB99-4811-AE2A-83D7FD72DFAE}" = rport=138 | protocol=17 | dir=out | app=system |
"{A654913B-8010-49E5-AE87-AAE7CFE9C57F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4A311A4-4194-4316-B871-D10B1594F3E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BB6A91F1-C707-4BD3-B5C3-D90017E62E79}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF81DB1D-3969-456E-94E9-84112C7B1814}" = rport=139 | protocol=6 | dir=out | app=system |
"{E66EEFBC-E3FA-43C3-8C20-F887EF2BD718}" = lport=138 | protocol=17 | dir=in | app=system |
"{F8987B27-E24E-4A98-91F1-2AB3F94479BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026692CE-0282-487D-9AB7-907C1E131567}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15D56222-D567-4861-82CA-57749FEA3952}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17556566-5DD9-49A5-BA1D-89B27A1E025F}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe |
"{26091211-4ABC-4F94-8522-169B6EC4700B}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe |
"{4C214BCD-C6AE-4B1E-8F47-DA553F0BF5D7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{51388823-AB5B-4384-A939-179430552204}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe |
"{52A4DCC4-4C8C-4177-A92C-104523E373AD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{74A53118-B404-494D-ABDB-9C0327D7A5E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B1D9FF4-9E95-4223-87BA-E9F459785DA3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A1A1BA72-B005-4256-AD5A-8CB0BE8463AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A69D90F4-DD66-4D57-AADB-5932605894E1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA9D1450-A025-44F8-8ECC-F08D7C1C5975}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D297D6BC-1AC3-4B09-AD26-D151DECE0F01}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE2E03B1-4BB5-4276-821B-E6C7EB5C5212}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E37515C2-5D68-4361-8C88-1C584D5CF5B3}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe |
"{F295147D-F593-421F-9599-785D179D579D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FB042F05-EE68-4B49-BB9C-0E929E21B5E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{9D6F4456-55CF-4154-A850-E60F82A39D14}C:6\programme\pinnacle\mediacenter\pmc.tools.recorder.exe" = protocol=6 | dir=in | app=c:6\programme\pinnacle\mediacenter\pmc.tools.recorder.exe |
"UDP Query User{67063BBF-B570-4B27-9EF5-BFB0F0950AF3}C:6\programme\pinnacle\mediacenter\pmc.tools.recorder.exe" = protocol=17 | dir=in | app=c:6\programme\pinnacle\mediacenter\pmc.tools.recorder.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{438767B1-B5E4-0727-0BF4-A33C4096FF8A}" = AMD Fuel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C15B3C29-0808-24C8-180A-334492F75823}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E00BA4E0-AC49-F9AD-D342-F88A02E893BE}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"GIMP-2_is1" = GIMP 2.8.0
"GPL Ghostscript 9.04" = GPL Ghostscript
"MediaCoder x64" = MediaCoder x64 2011
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProgDVB" = ProgDVB
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0636DCFD-8D99-4198-BC3B-9CDF3E562BB4}" = CCC Help Danish
"{0911E53F-7532-E522-89F7-54F413395FE6}" = CCC Help Finnish
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix Online Plug-in (Web)
"{12FAF8C2-0061-429D-B7B4-FF1C9C58A99C}" = THX TruStudio Pro
"{183DFB4C-8043-A48C-E229-A9DE3BA0AFBD}" = CCC Help Turkish
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2686B42C-2335-8421-4101-A382585F1283}" = CCC Help Chinese Standard
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2D85A23D-06EF-4df2-BF09-B39AEDAE9140}_is1" = Tipard TS Converter 6.1.22
"{2D943F95-2C76-4951-9AEF-0977AF5DE11A}" = AMD Fusion Media Explorer
"{2F089826-D6F2-C6C4-ADD7-8E02B16F48B2}" = CCC Help Dutch
"{3C7F4B2F-8080-ABAF-C4A5-3E736CB79D78}" = CCC Help German
"{3EF04E5D-5F61-C426-8F80-AE691732DAF8}" = CCC Help Hungarian
"{41E340F0-0BD6-4A87-AF29-E9E584471756}" = VideoMate T, M, S Series Driver
"{487856BC-A6A7-FEE8-20B7-EC182C3EC0F4}" = CCC Help Russian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE4A102-C5BA-42D9-06EC-F891D4F16938}" = CCC Help Thai
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix Online Plug-in (USB)
"{57383270-6F61-4DC8-A9B8-C1745FC29F38}" = USB PC Camera (SN9C102)
"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall
"{67B25195-4853-222C-FE7C-543968ECAFEE}" = CCC Help Greek
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix Online Plug-in (HDX)
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{894807FE-45BC-658D-199B-141D764D536C}" = AMD VISION Engine Control Center
"{8B317436-1303-90B1-5CFC-9EEE5A256B21}" = CCC Help Japanese
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9CFD9F78-E763-F0A4-48CF-F9E9EBB814AC}" = CCC Help Chinese Traditional
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A77123CA-AB0D-BF86-AA6D-1715E41447A2}" = CCC Help Norwegian
"{A9739666-2235-42F8-85D6-9B4005DC7951}" = Bing Bar
"{AA4B0401-9B7A-6AC1-A08B-9BA2F9402651}" = Catalyst Control Center Profiles Mobile
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AD46EAEB-9A3B-C066-476D-2A5B8A4423BE}" = CCC Help English
"{AFEA7544-6B97-4867-A94D-1C39BA61B64F}" = Catalyst Control Center - Branding
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B84FB03A-D0CE-9B58-8AC0-F32378E60845}" = CCC Help Korean
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.50 (February 21st, 2012) Version v2012.buil
"{BABD087A-612F-A974-88B3-CFD7C2375C03}" = CCC Help Czech
"{BAFEC90C-8780-59A6-CC1D-69506D3B405D}" = Catalyst Control Center InstallProxy
"{BBE562E2-924B-49CB-A6AD-96A7D8392927}" = CCC Help Italian
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix Online Plug-in (DV)
"{D6CEBC50-B787-9924-6EE9-1310199877E7}" = CCC Help French
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D8E6E0D2-4A58-DB93-968B-CFAD6CBEFAEB}" = CCC Help Polish
"{DD3E5E6A-6B6D-A766-023A-5AABC43ABEEC}" = CCC Help Spanish
"{DE598488-7511-8ABE-79A0-3100DD5C274C}" = Catalyst Control Center Localization All
"{E77481DF-F012-A163-EA97-8FC587FFD90A}" = CCC Help Swedish
"{EE3EFD3B-7A4E-C894-3029-7964541C08AC}" = Catalyst Control Center Graphics Previews Common
"{EE58B564-4B00-FBE5-9020-5E85F3DE3305}" = CCC Help Portuguese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8116030-96CA-401C-BA85-50265E7C0A96}" = SlimDrivers
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Allzeit Atomzeit 2.00" = Allzeit Atomzeit 2.00
"ASRock IES_is1" = ASRock IES v2.0.91
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.4.4
"Audacity_is1" = Audacity 2.0
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"DVBViewer Pro Demo_is1" = DVBViewer Pro DEMO
"DVD Flick_is1" = DVD Flick 1.3.0.7
"FreePDF_XP" = FreePDF (Remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"MAGIX Media Suite - Standard Edition D" = MAGIX Media Suite - Standard Edition (D)
"MAGIX Online Druck Service (FS)" = MAGIX Online Druck Service (FS)
"MAGIX Video deLuxe SE D" = MAGIX Video deLuxe SE (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 11.0 (x86 de)" = Mozilla Thunderbird 11.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTeVii" = myTeVii
"ProgDVB" = ProgDVB
"PsiWin 2.3" = PsiWin 2.3
"SpeedFan" = SpeedFan (remove only)
"Tobit Radio.fx Server" = Radio.fx
"VLC media player" = VLC media player 2.0.0
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm-Sicherheit Toolbar" = ZoneAlarm-Sicherheit Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.07.2012 12:19:25 | Computer Name = desk | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca28 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325,
Zeitstempel: 0x4df2be1e Ausnahmecode: 0xc0000417 Fehleroffset: 0x0008af3e ID des fehlerhaften
Prozesses: 0x45c Startzeit der fehlerhaften Anwendung: 0x01cd57a5472250b7 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\regsvr32.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\MSVCR100.dll Berichtskennung: 85b5c111-c398-11e1-9a4e-002522b42b36
Error - 01.07.2012 12:23:55 | Computer Name = desk | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca28 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325,
Zeitstempel: 0x4df2be1e Ausnahmecode: 0xc0000417 Fehleroffset: 0x0008af3e ID des fehlerhaften
Prozesses: 0xf9c Startzeit der fehlerhaften Anwendung: 0x01cd57a5e8c40536 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\regsvr32.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\MSVCR100.dll Berichtskennung: 26a28cfc-c399-11e1-9a4e-002522b42b36
Error - 01.07.2012 12:24:19 | Computer Name = desk | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca28 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325,
Zeitstempel: 0x4df2be1e Ausnahmecode: 0xc0000417 Fehleroffset: 0x0008af3e ID des fehlerhaften
Prozesses: 0x3c0 Startzeit der fehlerhaften Anwendung: 0x01cd57a5f76ddf43 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\regsvr32.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\MSVCR100.dll Berichtskennung: 35349947-c399-11e1-9a4e-002522b42b36
Error - 01.07.2012 12:24:48 | Computer Name = desk | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca28 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325,
Zeitstempel: 0x4df2be1e Ausnahmecode: 0xc0000417 Fehleroffset: 0x0008af3e ID des fehlerhaften
Prozesses: 0xb98 Startzeit der fehlerhaften Anwendung: 0x01cd57a608a653bb Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\regsvr32.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\MSVCR100.dll Berichtskennung: 46669583-c399-11e1-9a4e-002522b42b36
Error - 01.07.2012 12:29:43 | Computer Name = desk | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0,
Zeitstempel: 0x44e255aa Name des fehlerhaften Moduls: RootkitRevealer.exe, Version:
1.71.0.0, Zeitstempel: 0x44e255aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x000040cd
ID
des fehlerhaften Prozesses: 0x10f8 Startzeit der fehlerhaften Anwendung: 0x01cd57a6b6cf0f8b
Pfad
der fehlerhaften Anwendung: F:\programme\Rootkit Revealer\RootkitRevealer.exe Pfad
des fehlerhaften Moduls: F:\programme\Rootkit Revealer\RootkitRevealer.exe Berichtskennung:
f60b8199-c399-11e1-9a4e-002522b42b36
Error - 01.07.2012 13:08:53 | Computer Name = desk | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.8.20051.2519 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 17ec Startzeit: 01cd57a6c5c321a5 Endzeit: 15 Anwendungspfad:
F:\programme\PortableApps\Apps\PortableFirefox\firefox\firefox.exe Berichts-ID:
Error - 01.07.2012 13:08:58 | Computer Name = desk | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca28 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325,
Zeitstempel: 0x4df2be1e Ausnahmecode: 0xc0000417 Fehleroffset: 0x0008af3e ID des fehlerhaften
Prozesses: 0x67c Startzeit der fehlerhaften Anwendung: 0x01cd57ac33f314b2 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\regsvr32.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\MSVCR100.dll Berichtskennung: 71e708db-c39f-11e1-9a4e-002522b42b36
Error - 01.07.2012 13:44:12 | Computer Name = desk | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.8.20051.2519 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: ea0 Startzeit: 01cd57b0a1667d6a Endzeit: 0 Anwendungspfad: F:\programme\PortableApps\Apps\PortableFirefox\firefox\firefox.exe
Berichts-ID:
Error - 01.07.2012 14:09:35 | Computer Name = desk | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.8.20051.2519,
Zeitstempel: 0x435eec98 Name des fehlerhaften Moduls: AcXtrnal.DLL, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bd98a Ausnahmecode: 0xc0000005 Fehleroffset: 0x00008a66 ID des fehlerhaften
Prozesses: 0xfc4 Startzeit der fehlerhaften Anwendung: 0x01cd57b1226a882f Pfad der
fehlerhaften Anwendung: F:\programme\PortableApps\Apps\PortableFirefox\firefox\firefox.exe
Pfad
des fehlerhaften Moduls: C:\Windows\AppPatch\AcXtrnal.DLL Berichtskennung: e997e3b5-c3a7-11e1-9a4e-002522b42b36
Error - 01.07.2012 14:24:35 | Computer Name = desk | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2012 13:26:29 | Computer Name = desk | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 28.02.2012 13:18:20 | Computer Name = desk | Source = MCUpdate | ID = 0
Description = 18:18:20 - Fehler beim Herstellen der Internetverbindung. 18:18:20
- Serververbindung konnte nicht hergestellt werden..
Error - 28.02.2012 13:19:00 | Computer Name = desk | Source = MCUpdate | ID = 0
Description = 18:18:49 - Fehler beim Herstellen der Internetverbindung. 18:18:49
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 01.07.2012 08:37:49 | Computer Name = desk | Source = volsnap | ID = 393224
Description = Das Zeitlimit für den Lösch- und Speicherschreibvorgang für Volume
"C:" wurde beim Warten auf eine Schreibvorgangfreigabe überschritten.
Error - 01.07.2012 11:16:00 | Computer Name = desk | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2533552)
Error - 01.07.2012 11:16:06 | Computer Name = desk | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2620704)
Error - 01.07.2012 14:25:39 | Computer Name = desk | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 01.07.2012 15:01:48 | Computer Name = desk | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2533552)
Error - 01.07.2012 15:02:00 | Computer Name = desk | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2620704)
Error - 01.07.2012 15:02:49 | Computer Name = desk | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2620704)
Error - 01.07.2012 15:03:39 | Computer Name = desk | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2533552)
Error - 01.07.2012 18:16:45 | Computer Name = desk | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2533552)
Error - 01.07.2012 18:16:52 | Computer Name = desk | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2620704)
< End of report >
Geändert von dgd2511 (02.07.2012 um 19:31 Uhr) |
|
02.07.2012, 21:25
| #4 | |
| /// Malware-holic | Browser funktionieren nichtCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Hybrid-Darstellung
