|
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.gen(2) und WeitereWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.07.2012, 14:02 | #1 |
| TR/ATRAPS.gen(2) und Weitere Hallo an die Helfer hier, auf meinen Laptop befinden sich irgendwo TR/ATRAPS.gen, TR/ATRAPS.gen2, TR/ZAccess.H, TR/cutwail.jhg, TR/Spy.Zbot.ovk.4. Ich bin natürlich überfordert und hoffe auf Hilfe, für die ich mich schonmal im Vorraus bedanke. Hier die Logs: OTL Code:
ATTFilter OTL logfile created on: 10.07.2012 14:17:46 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,95 Gb Total Physical Memory | 4,29 Gb Available Physical Memory | 72,15% Memory free 11,90 Gb Paging File | 9,93 Gb Available in Paging File | 83,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447,59 Gb Total Space | 393,20 Gb Free Space | 87,85% Space Free | Partition Type: NTFS Drive D: | 17,87 Gb Total Space | 1,92 Gb Free Space | 10,76% Space Free | Partition Type: NTFS Drive E: | 620,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ***-HP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.10 14:17:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.30 22:00:28 | 000,049,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe PRC - [2011.06.14 17:11:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011.05.21 16:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.03.22 12:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.17 23:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe PRC - [2011.02.17 23:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe PRC - [2011.02.17 23:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe PRC - [2011.01.27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.01.13 04:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.12.22 22:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.22 22:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.11.09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 15:53:21 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll MOD - [2012.06.14 11:56:42 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 11:56:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.28 11:11:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.28 11:11:01 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll MOD - [2012.05.28 11:11:00 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.28 11:10:47 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.28 11:10:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.28 11:10:44 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.28 11:10:39 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.09.02 10:41:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.25 14:02:52 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2011.09.30 22:06:14 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.07.09 01:33:01 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011.06.14 17:11:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011.05.21 16:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.03.11 12:23:16 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2011.03.01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.02.17 23:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService) SRV - [2011.02.16 22:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto) SRV - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.12.22 22:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.12.22 22:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010.10.11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 14:02:52 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2012.04.25 14:02:52 | 000,030,488 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.06 02:19:33 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.10.01 00:58:34 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.09.30 21:28:46 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.09.02 11:00:37 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.09.02 11:00:37 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.08.09 08:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.03.11 12:23:16 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.02.17 03:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.01.13 02:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2010.12.17 04:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.10 23:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 23:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.14 20:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.07.28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{C0B93072-C5B9-4412-9A37-4012A29AE9D3}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{C0B93072-C5B9-4412-9A37-4012A29AE9D3}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{C0B93072-C5B9-4412-9A37-4012A29AE9D3}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Validator] C:\Users\Can\AppData\Roaming\vlc\{7B66986D-C931-43B8-9A2B-3BEDF2692354}\Validator.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0600259F-A26B-4A6A-B93E-B09E3EA9E48A}: DhcpNameServer = 172.168.21.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7798534C-828B-4FE7-A7EE-3F11018D58F8}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.03.11 15:39:46 | 000,077,824 | R--- | M] (InstallShield Software Corporation) - E:\autoplay.exe -- [ UDF ] O32 - AutoRun File - [2011.03.11 15:39:45 | 000,000,381 | R--- | M] () - E:\autoplay.ini -- [ UDF ] O32 - AutoRun File - [2011.03.11 15:39:45 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{cbac13e5-a689-11e1-9732-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{cbac13e5-a689-11e1-9732-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autoplay.exe -- [2011.03.11 15:39:46 | 000,077,824 | R--- | M] (InstallShield Software Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.10 14:17:00 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Can\Desktop\OTL.exe [2012.07.03 13:40:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Help [2012.07.03 13:36:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2012.07.03 13:36:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.06.30 13:30:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\logs [2012.06.28 17:56:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2012.06.25 14:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paradox Interactive [2012.06.25 14:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive [2012.06.14 00:23:57 | 000,000,000 | ---D | C] -- C:\Windows\Sun ========== Files - Modified Within 30 Days ========== [2012.07.10 14:17:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Can\Desktop\OTL.exe [2012.07.10 14:15:29 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.07.10 14:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.10 11:57:30 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.10 11:57:30 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.10 11:54:00 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.10 11:54:00 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.10 11:54:00 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.10 11:54:00 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.10 11:54:00 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.10 11:49:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.10 11:48:59 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys [2012.07.07 15:06:34 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCan.job [2012.06.25 14:55:03 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Europa Universalis III.lnk [2012.06.14 11:52:41 | 000,293,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.07.10 14:15:29 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.07.10 11:54:36 | 000,232,960 | ---- | C] () -- C:\Users\***\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\00000008.@ [2012.07.10 11:54:36 | 000,095,744 | ---- | C] () -- C:\Users\***\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\80000032.@ [2012.07.10 11:54:35 | 000,080,896 | ---- | C] () -- C:\Users\***\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\80000064.@ [2012.07.10 11:54:29 | 000,016,896 | ---- | C] () -- C:\Users\***\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\80000000.@ [2012.07.10 11:54:28 | 000,002,048 | ---- | C] () -- C:\Users\***\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\00000004.@ [2012.07.09 01:33:10 | 000,001,632 | ---- | C] () -- C:\Users\***\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\000000cb.@ [2012.06.25 14:55:03 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\Europa Universalis III.lnk [2012.05.25 21:27:59 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\@ [2011.12.06 02:23:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.06 02:15:29 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.12.06 02:14:30 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.12.06 02:14:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.12.06 02:10:15 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.09.30 22:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.09.02 01:43:05 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011.08.09 08:30:02 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.09 08:23:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.08.09 07:58:38 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.03.17 13:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.03.03 22:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2010.12.17 04:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll ========== LOP Check ========== [2012.05.27 17:44:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Grand Ages Rome [2012.05.25 20:13:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IDT [2012.05.26 18:09:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Imperium Romanum [2012.05.25 21:25:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.05.25 20:40:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.05.25 20:10:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synaptics [2012.07.03 13:36:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.05.26 16:25:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\_MDLogs [2012.06.20 16:14:25 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.07.2012 14:17:46 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,95 Gb Total Physical Memory | 4,29 Gb Available Physical Memory | 72,15% Memory free 11,90 Gb Paging File | 9,93 Gb Available in Paging File | 83,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447,59 Gb Total Space | 393,20 Gb Free Space | 87,85% Space Free | Partition Type: NTFS Drive D: | 17,87 Gb Total Space | 1,92 Gb Free Space | 10,76% Space Free | Partition Type: NTFS Drive E: | 620,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ***-HP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{CD4B022C-5BA7-4AD6-9C83-E8F444CF5B6B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{EFA17821-620B-4D4E-8C17-750DDA5DF74A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1F284524-6393-44E0-A62D-ABE7274A261A}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | "{39F77DA4-D90B-4644-80F4-D16C7EDD1965}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{3F054D4E-52ED-4369-9F26-FD9C9D30BEE4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{66704375-FF79-4952-BB8B-9DEA8349D946}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{6B109C57-F5DB-4F25-8015-9BB8FE537B39}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{9215EF7E-C332-4693-BD5C-F21812943AC7}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | "{9B6B2A2B-F5F5-4294-A133-92356B73D34D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{B57806F5-7F3E-4AED-B5D6-2DAEA86FF362}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{FBCC8C60-70DC-4AB8-BAA3-0ACED52EFB2F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "TCP Query User{02509269-B3D8-4030-9EFF-862BAF87F594}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{A4F2FFC5-B2A3-4CEF-BB89-91E9F0521590}C:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "UDP Query User{67FD2343-888F-4D7B-898E-982DF2E25CAC}C:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "UDP Query User{7F027EAD-C699-4DC2-A5AD-023B0D41F0B0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI "{1876545F-47B1-80A7-2F98-D175DA98A392}" = ccc-utility64 "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit) "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}" = AMD Catalyst Install Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{7B4DEBE1-E3E3-45BD-88E6-6C3CA9EEED36}" = HP 3D DriveGuard "{7C54D017-21BB-43AE-9746-33E78AF4A425}" = Validity WBF DDK "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{03B1F1B3-057C-44D4-93BA-CB2F003C34DF}_is1" = 100 Spiele für Windows 7 "{07AF6797-0CF6-FFBB-FDE3-CC51D3B5F342}" = Catalyst Control Center Graphics Previews Common "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08523528-BA2F-43BB-87E3-252C081872B9}" = Catalyst Control Center - Branding "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{120F4744-38ED-FB1E-F313-A7A7E419A71E}" = CCC Help Chinese Traditional "{135AAD7D-FB4A-800C-E7F2-58D02B936C38}" = Catalyst Control Center Localization All "{178EA4CE-9622-76B4-308F-73FEC150DBB4}" = CCC Help Norwegian "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1AE85A98-397D-B62B-0D21-3F7DC93F4F3A}" = CCC Help Swedish "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{339F5A1B-8DB7-E4F8-0A07-EF35B60EBE53}" = CCC Help Portuguese "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}" = HP Documentation "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{412308A1-73B4-A26B-57A8-BE827ADA9BF9}" = Catalyst Control Center Profiles Mobile "{483539DB-FA71-4C45-8438-55D3DCFDECC8}" = HP Software Framework "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6937DA-DABE-31C9-C433-D67C640B7BED}" = CCC Help Italian "{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4 "{52594AFD-2797-356A-CC6F-57047524F1E1}" = CCC Help Japanese "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{56709CD7-06E8-B205-56A6-110DC5090A9A}" = PX Profile Update "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III "{5C7F3D35-9018-A839-3B9C-E50B517B9458}" = CCC Help Hungarian "{5CA75999-3DDE-7B58-3394-38A4E82D8466}" = Catalyst Control Center InstallProxy "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5E63C0AB-19B0-47D4-842E-6B324EB0614B}" = HP Connection Manager "{60CD8628-DDD9-B498-A368-D01A4793CCFA}" = CCC Help Dutch "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6866ADAD-71F1-D306-B979-6371D8C4411A}" = CCC Help German "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76D0E682-0183-E295-FA4C-DA6763669CCA}" = CCC Help English "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DB85CDE-EC37-A333-05B1-23846D03F08D}" = CCC Help Russian "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F6285DB-2536-7EDE-23D2-CA10E2D6399C}" = CCC Help French "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA16FAFC-CCD3-899B-2860-A709BDE31CDC}" = CCC Help Korean "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B357B619-36C5-7C1E-063B-92677609CB14}" = CCC Help Danish "{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011 "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{BDEB2CF5-C1C5-BCC8-DF29-1EE4CF389F9D}" = CCC Help Turkish "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C5D8263A-4D81-8979-91DE-B10120642FC5}" = Catalyst Control Center "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CEEE5B98-96F1-2F1E-0627-853C5F98DE41}" = CCC Help Finnish "{CF48FF43-B417-637C-C804-0F285FD7ED05}" = CCC Help Spanish "{CF6A05D4-E715-BCF4-9ED2-A3307E386D28}" = CCC Help Czech "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DB2C5E6A-CFDD-D6FD-480E-692EBEC17BFC}" = CCC Help Greek "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E59E0B3D-F840-5910-DF8C-73CFA82613C2}" = CCC Help Polish "{E635F3DC-E92B-6E68-A2E7-BF77298E8584}" = PX Profile Update "{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012 "{E77268D6-5E7F-6DE1-34AC-A1A276710C21}" = CCC Help Chinese Standard "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver "{F5C7356C-463C-75BC-E4E0-324E4516EB73}" = CCC Help Thai "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira Free Antivirus "Civitas3" = Grand Ages Rome 1.11 "EasyBits Magic Desktop" = Magic Desktop "HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43 "Imperium Romanum" = Imperium Romanum 1.04 Gold Edition "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "Opera 12.00.1467" = Opera 12.00 "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08.07.2012 06:42:13 | Computer Name = ***-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: eu3game.exe, Version: 0.0.0.0, Zeitstempel: 0x4cf60d33 Name des fehlerhaften Moduls: eu3game.exe, Version: 0.0.0.0, Zeitstempel: 0x4cf60d33 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00532dfa ID des fehlerhaften Prozesses: 0x12c8 Startzeit der fehlerhaften Anwendung: 0x01cd5cecb7ebef5b Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Paradox Interactive\Europa Universalis III\eu3game.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Paradox Interactive\Europa Universalis III\eu3game.exe Berichtskennung: 93627845-c8e9-11e1-9f28-082e5f808a50 Error - 08.07.2012 07:34:01 | Computer Name = ***-HP | Source = WinMgmt | ID = 10 Description = Error - 08.07.2012 10:14:46 | Computer Name = ***-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: eu3game.exe, Version: 0.0.0.0, Zeitstempel: 0x4cf60d33 Name des fehlerhaften Moduls: eu3game.exe, Version: 0.0.0.0, Zeitstempel: 0x4cf60d33 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00532dfa ID des fehlerhaften Prozesses: 0x1314 Startzeit der fehlerhaften Anwendung: 0x01cd5d000dfa80d8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Paradox Interactive\Europa Universalis III\eu3game.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Paradox Interactive\Europa Universalis III\eu3game.exe Berichtskennung: 44f3adca-c907-11e1-97d7-082e5f808a50 Error - 08.07.2012 13:59:55 | Computer Name = ***-HP | Source = WinMgmt | ID = 10 Description = Error - 08.07.2012 18:01:05 | Computer Name = ***-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: eu3game.exe, Version: 0.0.0.0, Zeitstempel: 0x4cf60d33 Name des fehlerhaften Moduls: eu3game.exe, Version: 0.0.0.0, Zeitstempel: 0x4cf60d33 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00532dfa ID des fehlerhaften Prozesses: 0x11bc Startzeit der fehlerhaften Anwendung: 0x01cd5d3511de7c58 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Paradox Interactive\Europa Universalis III\eu3game.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Paradox Interactive\Europa Universalis III\eu3game.exe Berichtskennung: 69e22500-c948-11e1-91a8-082e5f808a50 Error - 08.07.2012 18:39:35 | Computer Name = ***-HP | Source = WinMgmt | ID = 10 Description = Error - 09.07.2012 06:19:32 | Computer Name = ***-HP | Source = WinMgmt | ID = 10 Description = Error - 09.07.2012 10:02:54 | Computer Name = ***-HP | Source = WinMgmt | ID = 10 Description = Error - 09.07.2012 11:27:18 | Computer Name = ***-HP | Source = WinMgmt | ID = 10 Description = Error - 09.07.2012 11:41:56 | Computer Name = ***-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: eu3game.exe, Version: 0.0.0.0, Zeitstempel: 0x4cf60d33 Name des fehlerhaften Moduls: eu3game.exe, Version: 0.0.0.0, Zeitstempel: 0x4cf60d33 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00532dfa ID des fehlerhaften Prozesses: 0x9ec Startzeit der fehlerhaften Anwendung: 0x01cd5de83c2a34b9 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Paradox Interactive\Europa Universalis III\eu3game.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Paradox Interactive\Europa Universalis III\eu3game.exe Berichtskennung: 9c7598a1-c9dc-11e1-9f36-082e5f808a50 [ HP Connection Manager Events ] Error - 17.06.2012 12:49:45 | Computer Name = ***-HP | Source = hpCMSrv | ID = 5 Description = 2012/06/17 18:49:45.994|0000133C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 17.06.2012 18:18:48 | Computer Name = ***-HP | Source = hpCMSrv | ID = 5 Description = 2012/06/18 00:18:48.220|000003FC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 18.06.2012 01:37:21 | Computer Name = ***-HP | Source = hpCMSrv | ID = 5 Description = 2012/06/18 07:37:21.009|00000858|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 18.06.2012 01:37:21 | Computer Name = ***-HP | Source = hpCMSrv | ID = 5 Description = 2012/06/18 07:37:21.009|00000858|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 18.06.2012 01:37:21 | Computer Name = ***-HP | Source = hpCMSrv | ID = 5 Description = 2012/06/18 07:37:21.009|00000858|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 18.06.2012 08:52:02 | Computer Name = ***-HP | Source = hpCMSrv | ID = 5 Description = 2012/06/18 14:52:02.226|00000DCC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 18.06.2012 08:52:06 | Computer Name = ***-HP | Source = hpCMSrv | ID = 5 Description = 2012/06/18 14:52:06.673|00000DCC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 18.06.2012 15:48:30 | Computer Name = ***-HP | Source = hpCMSrv | ID = 5 Description = 2012/06/18 21:48:30.122|0000021C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 18.06.2012 18:31:23 | Computer Name = ***-HP | Source = hpCMSrv | ID = 5 Description = 2012/06/19 00:31:23.486|00000E48|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 18.06.2012 18:31:24 | Computer Name = ***-HP | Source = hpCMSrv | ID = 5 Description = 2012/06/19 00:31:24.500|00000E48|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] [ System Events ] Error - 03.07.2012 08:47:40 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7038 Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 03.07.2012 08:47:40 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7000 Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 03.07.2012 08:47:40 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7038 Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 03.07.2012 08:47:40 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7000 Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 04.07.2012 15:02:50 | Computer Name = ***-HP | Source = DCOM | ID = 10010 Description = Error - 04.07.2012 18:14:18 | Computer Name = ***-HP | Source = DCOM | ID = 10010 Description = Error - 05.07.2012 18:48:15 | Computer Name = ***-HP | Source = DCOM | ID = 10010 Description = Error - 06.07.2012 06:23:47 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Appinfo erreicht. Error - 06.07.2012 06:23:53 | Computer Na = 0 me = ***-HP | Source = DCOM | ID = 10010 Description = Error - 06.07.2012 06:37:08 | Computer Name = ***-HP | Source = WMPNetworkSvc | ID = 866300 Description = < End of report > Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.10.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-HP [Administrator] Schutz: Aktiviert 10.07.2012 15:34:50 mbam-log-2012-07-10 (15-34-50).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205643 Laufzeit: 1 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\***\Desktop\DownloadManagerSetup.exe (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\ICReinstall_DownloadManagerSetup (1).exe (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\msimg32.dll (Trojan.Phex.THAGen1) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\~!#BEAE.tmp (Trojan.Phex.THAGen1) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
11.07.2012, 16:25 | #2 |
/// Selecta Jahrusso | TR/ATRAPS.gen(2) und WeitereMein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
11.07.2012, 19:15 | #3 |
| TR/ATRAPS.gen(2) und Weitere Hallo Daniel, ich danke dir für deine Hilfe.
__________________Ich habe TDSSKiller.exe gedownloaded und den Scan gestartet, dabei wurde allerdings nichts gefunden. |
11.07.2012, 19:39 | #4 | |
/// Selecta Jahrusso | TR/ATRAPS.gen(2) und WeitereCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
11.07.2012, 20:04 | #5 |
| TR/ATRAPS.gen(2) und Weitere Gut, ich habe Avira deaktiviert und Combofix gestartet. Die erwartete Fehlermeldung ist erschienen und nach Neustart verschwunden. Hier das Logfile: Code:
ATTFilter ComboFix 12-07-11.03 - Can 11.07.2012 20:44:21.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6092.4325 [GMT 2:00] ausgeführt von:: c:\users\***\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\***\AppData\Roaming\Help\coredb\storage . . ((((((((((((((((((((((( Dateien erstellt von 2012-06-11 bis 2012-07-11 )))))))))))))))))))))))))))))) . . 2012-07-10 13:33 . 2012-07-10 13:33 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes 2012-07-10 13:33 . 2012-07-10 13:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-10 13:33 . 2012-07-10 13:33 -------- d-----w- c:\programdata\Malwarebytes 2012-07-10 13:33 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-10 13:29 . 2012-07-10 13:29 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-07-10 13:29 . 2012-07-10 13:29 -------- d--h--w- c:\programdata\Common Files 2012-07-06 05:13 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2012-07-03 11:36 . 2012-07-03 11:36 -------- d-----w- c:\users\***\AppData\Roaming\vlc 2012-07-03 11:36 . 2012-07-03 11:36 -------- d-----w- c:\users\***\AppData\Roaming\TeamViewer 2012-06-30 11:30 . 2012-06-30 11:30 -------- d-----w- c:\windows\SysWow64\logs 2012-06-28 15:56 . 2012-06-28 15:56 -------- d--h--w- c:\programdata\CanonBJ 2012-06-28 15:55 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL 2012-06-25 12:44 . 2012-06-25 12:44 -------- d-----w- c:\program files (x86)\Paradox Interactive 2012-06-25 12:43 . 2001-09-05 01:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll 2012-06-25 12:43 . 2001-09-05 01:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2012-06-25 12:43 . 2001-09-05 01:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2012-06-25 12:43 . 2001-09-05 01:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2012-06-25 12:43 . 2011-03-11 13:43 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2012-06-22 04:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 04:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 04:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 04:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 04:40 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-22 04:40 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-22 04:40 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-22 04:40 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-22 04:40 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-13 22:23 . 2012-06-13 22:23 -------- d-----w- c:\windows\Sun 2012-06-13 07:54 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 07:54 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 07:54 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 07:54 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-13 07:54 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-13 07:54 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-13 07:54 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-13 07:53 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 07:53 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 07:53 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-13 07:53 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-13 07:53 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 07:53 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 07:53 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 07:53 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-13 07:53 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-13 07:53 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-08 23:33 . 2012-05-26 00:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-08 23:33 . 2012-05-26 00:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-25 20:10 . 2012-05-25 20:10 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-05-25 20:10 . 2011-09-01 23:44 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-25 20:02 . 2010-06-24 09:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-05-02 13:24 . 2012-05-25 18:56 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-04-27 08:20 . 2012-05-25 18:56 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-04-25 12:02 . 2012-04-25 12:02 43800 ----a-w- c:\windows\system32\drivers\Accelerometer.sys 2012-04-25 12:02 . 2012-04-25 12:02 31000 ----a-w- c:\windows\system32\hpservice.exe 2012-04-25 12:02 . 2012-04-25 12:02 21272 ----a-w- c:\windows\system32\accelerometerdll.DLL 2012-04-25 12:02 . 2012-04-25 12:02 18200 ----a-w- c:\windows\system32\HPMDPCoInst12.dll 2012-04-25 12:02 . 2011-01-26 15:01 30488 ----a-w- c:\windows\system32\drivers\hpdskflt.sys 2012-04-24 22:32 . 2012-05-25 18:56 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-06-14 103992] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-30 343168] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 257224] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584] R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-06-14 1098296] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-30 204288] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-04-25 31000] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-30 9981952] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-30 310272] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 23:33] . 2012-07-07 c:\windows\Tasks\HPCeeScheduleForCan.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.178.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKCU-Run-Validator - c:\users\Can\AppData\Roaming\vlc\{7B66986D-C931-43B8-9A2B-3BEDF2692354}\Validator.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-07-11 20:54:33 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-07-11 18:54 . Vor Suchlauf: 10 Verzeichnis(se), 421.041.311.744 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 421.314.027.520 Bytes frei . - - End Of File - - C3ED1A1F06F2EEF290A8498F58FB7D21 |
14.07.2012, 12:56 | #6 |
/// Selecta Jahrusso | TR/ATRAPS.gen(2) und Weitere Sorry, Iwie hab ich dich überlesen Macht der Rechner noch Probleme ? ESET Online Scanner
__________________ --> TR/ATRAPS.gen(2) und Weitere |
15.07.2012, 13:36 | #7 |
| TR/ATRAPS.gen(2) und Weitere Ist nicht schlimm, kann mal passieren. ESET-Logfile: Code:
ATTFilter C:\Documents and Settings\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\00000008.@ Win64/Agent.BA trojan C:\Documents and Settings\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\80000000.@ Win64/Sirefef.AE trojan C:\Documents and Settings\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\80000032.@ a variant of Win32/Sirefef.FD trojan C:\Documents and Settings\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\80000064.@ Win64/Sirefef.AN trojan C:\Users\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\00000008.@ Win64/Agent.BA trojan C:\Users\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\80000000.@ Win64/Sirefef.AE trojan C:\Users\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\80000032.@ a variant of Win32/Sirefef.FD trojan C:\Users\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\80000064.@ Win64/Sirefef.AN trojan |
15.07.2012, 16:45 | #8 |
/// Selecta Jahrusso | TR/ATRAPS.gen(2) und Weitere Lösche bitte die vorhandene Combofix Version und downloade dir von hier eine neue Version. Speichere diese auf dem Desktop. Gehe sicher, dass all deine Anti Virus und anderen Schutzprogramme abgeschalten sind. Starte Combofix und folge ggf den Anweisungen auf dem Desktop. Poste die C:\Combofix.txt bitte hier.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
15.07.2012, 18:22 | #9 |
| TR/ATRAPS.gen(2) und WeitereCode:
ATTFilter ComboFix 12-07-14.01 - Can 15.07.2012 19:05:48.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6092.4380 [GMT 2:00] ausgeführt von:: c:\users\***\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . ((((((((((((((((((((((( Dateien erstellt von 2012-06-15 bis 2012-07-15 )))))))))))))))))))))))))))))) . . 2012-07-15 17:10 . 2012-07-15 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-14 16:14 . 2012-07-14 16:14 -------- d-----w- c:\program files (x86)\ESET 2012-07-11 23:34 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-10 13:33 . 2012-07-10 13:33 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes 2012-07-10 13:33 . 2012-07-10 13:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-10 13:33 . 2012-07-10 13:33 -------- d-----w- c:\programdata\Malwarebytes 2012-07-10 13:33 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-10 13:29 . 2012-07-10 13:29 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-07-10 13:29 . 2012-07-10 13:29 -------- d--h--w- c:\programdata\Common Files 2012-07-06 05:13 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2012-07-03 11:36 . 2012-07-03 11:36 -------- d-----w- c:\users\***\AppData\Roaming\vlc 2012-07-03 11:36 . 2012-07-03 11:36 -------- d-----w- c:\users\***\AppData\Roaming\TeamViewer 2012-06-30 11:30 . 2012-06-30 11:30 -------- d-----w- c:\windows\SysWow64\logs 2012-06-28 15:56 . 2012-06-28 15:56 -------- d--h--w- c:\programdata\CanonBJ 2012-06-28 15:55 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL 2012-06-25 12:44 . 2012-06-25 12:44 -------- d-----w- c:\program files (x86)\Paradox Interactive 2012-06-25 12:43 . 2001-09-05 01:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll 2012-06-25 12:43 . 2001-09-05 01:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2012-06-25 12:43 . 2001-09-05 01:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2012-06-25 12:43 . 2001-09-05 01:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2012-06-25 12:43 . 2011-03-11 13:43 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2012-06-22 04:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 04:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 04:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 04:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 04:40 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-22 04:40 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-22 04:40 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-22 04:40 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-22 04:40 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 12:12 . 2012-05-26 00:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 12:12 . 2012-05-26 00:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-25 20:10 . 2012-05-25 20:10 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-05-25 20:10 . 2011-09-01 23:44 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-25 20:02 . 2010-06-24 09:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-05-04 11:06 . 2012-06-13 07:54 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 07:54 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 07:54 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-02 13:24 . 2012-05-25 18:56 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-05-01 05:40 . 2012-06-13 07:54 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-13 07:53 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-27 08:20 . 2012-05-25 18:56 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-04-26 05:41 . 2012-06-13 07:54 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 07:54 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 07:54 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-25 12:02 . 2012-04-25 12:02 43800 ----a-w- c:\windows\system32\drivers\Accelerometer.sys 2012-04-25 12:02 . 2012-04-25 12:02 31000 ----a-w- c:\windows\system32\hpservice.exe 2012-04-25 12:02 . 2012-04-25 12:02 21272 ----a-w- c:\windows\system32\accelerometerdll.DLL 2012-04-25 12:02 . 2012-04-25 12:02 18200 ----a-w- c:\windows\system32\HPMDPCoInst12.dll 2012-04-25 12:02 . 2011-01-26 15:01 30488 ----a-w- c:\windows\system32\drivers\hpdskflt.sys 2012-04-24 22:32 . 2012-05-25 18:56 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-04-24 05:37 . 2012-06-13 07:53 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-13 07:53 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-13 07:53 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 07:53 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 07:53 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-13 07:53 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-11_18.50.27 ))))))))))))))))))))))))))))))))))))))))) . - 2012-05-25 19:28 . 2011-11-17 05:28 96768 c:\windows\SysWOW64\sspicli.dll + 2012-07-11 10:37 . 2012-06-02 04:34 96768 c:\windows\SysWOW64\sspicli.dll + 2012-07-11 10:37 . 2012-06-02 04:40 22016 c:\windows\SysWOW64\secur32.dll - 2012-05-25 19:28 . 2011-11-17 05:34 22016 c:\windows\SysWOW64\secur32.dll - 2012-06-14 06:54 . 2012-05-17 22:25 73216 c:\windows\SysWOW64\mshtmled.dll + 2012-07-11 23:31 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll + 2012-07-11 23:31 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll - 2012-06-14 06:54 . 2012-05-17 22:31 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll + 2012-07-11 23:31 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll - 2012-06-14 06:54 . 2012-05-17 22:31 65024 c:\windows\SysWOW64\jsproxy.dll - 2009-07-14 04:54 . 2012-07-09 12:47 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-07-12 12:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-07-12 12:12 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-09 12:47 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-12 12:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-07-09 12:47 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-07-11 23:31 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll - 2012-06-14 06:54 . 2012-05-18 01:51 96768 c:\windows\system32\mshtmled.dll - 2012-06-14 06:54 . 2012-05-18 01:56 86528 c:\windows\system32\migration\WininetPlugin.dll + 2012-07-11 23:31 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll + 2012-07-11 23:31 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll - 2012-06-14 06:54 . 2012-05-18 01:56 85504 c:\windows\system32\jsproxy.dll + 2012-07-11 10:37 . 2012-06-02 05:48 95600 c:\windows\system32\drivers\ksecdd.sys - 2012-05-25 19:28 . 2011-11-17 06:49 95600 c:\windows\system32\drivers\ksecdd.sys + 2012-05-25 16:54 . 2012-07-15 11:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-05-25 16:54 . 2012-07-11 13:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-05-25 16:54 . 2012-07-15 11:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-05-25 16:54 . 2012-07-11 13:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-11 13:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-15 11:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-07-12 19:59 94744 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-07-11 10:37 . 2010-06-26 03:24 2048 c:\windows\SysWOW64\msxml3r.dll - 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\SysWOW64\msxml3r.dll + 2012-07-11 10:37 . 2010-06-26 03:55 2048 c:\windows\system32\msxml3r.dll - 2009-07-14 00:41 . 2009-07-14 01:30 2048 c:\windows\system32\msxml3r.dll + 2012-07-15 17:11 . 2012-07-15 17:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-11 18:49 . 2012-07-11 18:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-11 18:49 . 2012-07-11 18:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-15 17:11 . 2012-07-15 17:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-14 06:54 . 2012-05-17 22:33 231936 c:\windows\SysWOW64\url.dll + 2012-07-11 23:31 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll + 2012-07-11 10:37 . 2012-06-02 04:40 225280 c:\windows\SysWOW64\schannel.dll - 2009-07-13 23:33 . 2009-07-14 01:16 219136 c:\windows\SysWOW64\ncrypt.dll + 2012-07-11 10:37 . 2012-06-02 04:39 219136 c:\windows\SysWOW64\ncrypt.dll + 2012-07-12 12:12 . 2012-07-12 12:12 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe + 2012-07-12 11:45 . 2012-07-12 11:45 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe + 2012-07-12 11:45 . 2012-07-12 11:45 465096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll + 2012-05-26 00:31 . 2012-07-12 12:12 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe + 2012-07-11 23:31 . 2012-06-02 08:19 716800 c:\windows\SysWOW64\jscript.dll - 2012-06-14 06:54 . 2012-05-17 22:29 716800 c:\windows\SysWOW64\jscript.dll - 2012-06-14 06:54 . 2012-05-17 22:29 142848 c:\windows\SysWOW64\ieUnatt.exe + 2012-07-11 23:31 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe + 2012-07-11 23:31 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll - 2012-06-14 06:54 . 2012-05-17 22:20 176640 c:\windows\SysWOW64\ieui.dll - 2010-11-21 03:24 . 2010-11-21 03:24 805376 c:\windows\SysWOW64\cdosys.dll + 2012-07-11 10:37 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll + 2012-07-11 23:31 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll - 2012-06-14 06:54 . 2012-05-18 01:58 237056 c:\windows\system32\url.dll - 2012-05-25 19:28 . 2011-11-17 06:35 340992 c:\windows\system32\schannel.dll + 2012-07-11 10:37 . 2012-06-02 05:45 340992 c:\windows\system32\schannel.dll - 2009-07-14 02:36 . 2012-07-11 16:05 616008 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-07-15 16:54 616008 c:\windows\system32\perfh009.dat + 2011-09-02 08:43 . 2012-07-15 16:54 654166 c:\windows\system32\perfh007.dat - 2011-09-02 08:43 . 2012-07-11 16:05 654166 c:\windows\system32\perfh007.dat - 2009-07-14 02:36 . 2012-07-11 16:05 106388 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-07-15 16:54 106388 c:\windows\system32\perfc009.dat + 2011-09-02 08:43 . 2012-07-15 16:54 130006 c:\windows\system32\perfc007.dat - 2011-09-02 08:43 . 2012-07-11 16:05 130006 c:\windows\system32\perfc007.dat + 2012-07-11 10:37 . 2012-06-02 05:44 307200 c:\windows\system32\ncrypt.dll - 2009-07-13 23:49 . 2009-07-14 01:41 307200 c:\windows\system32\ncrypt.dll + 2012-07-12 12:12 . 2012-07-12 12:12 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_Plugin.exe + 2012-07-12 11:45 . 2012-07-12 11:45 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.exe + 2012-07-12 11:45 . 2012-07-12 11:45 512200 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.dll - 2012-06-14 06:54 . 2012-05-18 01:55 818688 c:\windows\system32\jscript.dll + 2012-07-11 23:31 . 2012-06-02 12:00 818688 c:\windows\system32\jscript.dll - 2012-06-14 06:54 . 2012-05-18 01:55 173056 c:\windows\system32\ieUnatt.exe + 2012-07-11 23:31 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe - 2012-06-14 06:54 . 2012-05-18 01:47 248320 c:\windows\system32\ieui.dll + 2012-07-11 23:31 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll - 2009-07-14 04:45 . 2012-06-14 09:52 293832 c:\windows\system32\FNTCACHE.DAT + 2009-07-14 04:45 . 2012-07-12 04:26 293832 c:\windows\system32\FNTCACHE.DAT + 2012-07-11 10:37 . 2012-06-02 05:48 151920 c:\windows\system32\drivers\ksecpkg.sys + 2012-07-11 10:37 . 2012-06-02 05:50 458704 c:\windows\system32\drivers\cng.sys + 2009-07-14 05:01 . 2012-07-15 17:10 277996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-07-11 18:49 277996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2012-06-14 06:54 . 2012-05-17 22:35 1129472 c:\windows\SysWOW64\wininet.dll + 2012-07-11 23:31 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll + 2012-07-11 23:31 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll - 2012-06-14 06:54 . 2012-05-17 22:36 1103872 c:\windows\SysWOW64\urlmon.dll + 2012-07-11 10:37 . 2012-06-06 05:05 1390080 c:\windows\SysWOW64\msxml6.dll - 2010-11-21 03:24 . 2010-11-21 03:24 1390080 c:\windows\SysWOW64\msxml6.dll + 2012-07-11 10:37 . 2012-06-06 05:05 1236992 c:\windows\SysWOW64\msxml3.dll - 2010-11-21 03:24 . 2010-11-21 03:24 1236992 c:\windows\SysWOW64\msxml3.dll + 2012-07-12 12:12 . 2012-07-12 12:12 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll + 2012-07-12 12:12 . 2012-07-12 12:12 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe + 2012-07-11 23:31 . 2012-06-02 08:33 1800192 c:\windows\SysWOW64\jscript9.dll - 2012-06-14 06:54 . 2012-05-17 22:45 1800192 c:\windows\SysWOW64\jscript9.dll + 2012-07-11 23:31 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll - 2012-06-14 06:54 . 2012-05-17 22:27 1793024 c:\windows\SysWOW64\iertutil.dll + 2012-07-11 23:31 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll - 2012-06-14 06:54 . 2012-05-17 22:48 9737728 c:\windows\SysWOW64\ieframe.dll - 2012-06-14 06:54 . 2012-05-18 01:59 1392128 c:\windows\system32\wininet.dll + 2012-07-11 23:31 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll - 2012-06-14 06:54 . 2012-05-18 01:59 1346048 c:\windows\system32\urlmon.dll + 2012-07-11 23:31 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll - 2010-11-21 03:24 . 2010-11-21 03:24 2004480 c:\windows\system32\msxml6.dll + 2012-07-11 10:37 . 2012-06-06 06:06 2004480 c:\windows\system32\msxml6.dll + 2012-07-11 10:37 . 2012-06-06 06:06 1881600 c:\windows\system32\msxml3.dll + 2012-07-11 23:31 . 2012-06-02 12:12 2311680 c:\windows\system32\jscript9.dll - 2012-06-14 06:54 . 2012-05-18 02:06 2311680 c:\windows\system32\jscript9.dll - 2012-06-14 06:54 . 2012-05-18 01:54 2144768 c:\windows\system32\iertutil.dll + 2012-07-11 23:31 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll + 2012-07-11 10:37 . 2012-06-06 06:02 1133568 c:\windows\system32\cdosys.dll - 2010-11-21 03:23 . 2010-11-21 03:23 1133568 c:\windows\system32\cdosys.dll + 2009-07-14 04:45 . 2012-07-12 04:29 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-07-06 09:45 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2011-12-06 00:39 . 2012-07-15 17:10 2755472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-12-06 00:39 . 2012-07-11 18:49 2755472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2012-05-25 19:59 . 2012-07-11 16:00 2889396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4173586647-3111459378-2006385964-1000-8192.dat + 2012-05-25 19:59 . 2012-07-15 16:23 2889396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4173586647-3111459378-2006385964-1000-8192.dat + 2012-07-11 10:37 . 2012-06-09 04:41 12873728 c:\windows\SysWOW64\shell32.dll - 2012-06-14 06:54 . 2012-05-17 23:11 12314624 c:\windows\SysWOW64\mshtml.dll + 2012-07-11 23:31 . 2012-06-02 09:07 12314624 c:\windows\SysWOW64\mshtml.dll + 2009-07-14 02:34 . 2012-07-12 04:25 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT - 2012-05-25 19:28 . 2012-01-04 10:44 14172672 c:\windows\system32\shell32.dll + 2012-07-11 10:37 . 2012-06-09 05:43 14172672 c:\windows\system32\shell32.dll - 2012-06-14 06:54 . 2012-05-18 02:47 17807360 c:\windows\system32\mshtml.dll + 2012-07-11 23:31 . 2012-06-02 12:49 17807360 c:\windows\system32\mshtml.dll + 2012-05-25 19:36 . 2012-07-11 23:32 59701280 c:\windows\system32\MRT.exe + 2012-07-12 12:12 . 2012-07-12 12:12 12314312 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll + 2012-07-11 23:31 . 2012-06-02 12:17 10924032 c:\windows\system32\ieframe.dll - 2012-06-14 06:54 . 2012-05-18 02:16 10924032 c:\windows\system32\ieframe.dll . -- Snapshot auf jetziges Datum zurückgesetzt -- . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-06-14 103992] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-30 343168] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584] R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-06-14 1098296] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-30 204288] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-04-25 31000] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-30 9981952] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-30 310272] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136] . . Inhalt des "geplante Tasks" Ordners . 2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 12:12] . 2012-07-07 c:\windows\Tasks\HPCeeScheduleFor***.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.178.1 . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-07-15 19:15:09 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-07-15 17:15 ComboFix2.txt 2012-07-11 18:54 . Vor Suchlauf: 15 Verzeichnis(se), 421.400.195.072 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 421.321.854.976 Bytes frei . - - End Of File - - 015AC3C8950652301BA81500DE2A12CC |
16.07.2012, 12:41 | #10 |
/// Selecta Jahrusso | TR/ATRAPS.gen(2) und Weitere Scan mit SystemLook Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. Download Mirror #1 -
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
17.07.2012, 10:39 | #11 |
| TR/ATRAPS.gen(2) und WeitereCode:
ATTFilter SystemLook 30.07.11 by jpshortstuff Log created at 11:36 on 17/07/2012 by *** Administrator - Elevation successful ========== filefind ========== Searching for "services.exe" C:\Windows\erdnt\cache64\services.exe --a---- 328704 bytes [18:53 11/07/2012] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB ========== regfind ========== Searching for "{2e34e92e-3eee-d438-e810-2f6ce7d40e25}" No data found. -= EOF =- |
17.07.2012, 13:24 | #12 |
/// Selecta Jahrusso | TR/ATRAPS.gen(2) und Weitere Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter: BleepingComputer.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter Folder:: C:\Users\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25} C:\Documents and Settings\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25} ClearJavaCache:: Wichtig:
Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
18.07.2012, 00:16 | #13 |
| TR/ATRAPS.gen(2) und Weitere Alles wie beschrieben durchgeführt: Combofix Code:
ATTFilter ComboFix 12-07-16.01 - Can 18.07.2012 0:47.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6092.4236 [GMT 2:00] ausgeführt von:: c:\users\Can\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\Can\Desktop\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25} c:\users\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\@ c:\users\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\00000004.@ c:\users\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\00000008.@ c:\users\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\000000cb.@ c:\users\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\80000000.@ c:\users\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\80000032.@ c:\users\Can\AppData\Local\{2e34e92e-3eee-d438-e810-2f6ce7d40e25}\U\80000064.@ . . ((((((((((((((((((((((( Dateien erstellt von 2012-06-17 bis 2012-07-17 )))))))))))))))))))))))))))))) . . 2012-07-17 22:52 . 2012-07-17 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-14 16:14 . 2012-07-14 16:14 -------- d-----w- c:\program files (x86)\ESET 2012-07-11 23:34 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-10 13:33 . 2012-07-10 13:33 -------- d-----w- c:\users\Can\AppData\Roaming\Malwarebytes 2012-07-10 13:33 . 2012-07-10 13:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-10 13:33 . 2012-07-10 13:33 -------- d-----w- c:\programdata\Malwarebytes 2012-07-10 13:33 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-10 13:29 . 2012-07-10 13:29 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-07-10 13:29 . 2012-07-10 13:29 -------- d--h--w- c:\programdata\Common Files 2012-07-06 05:13 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2012-07-03 11:36 . 2012-07-03 11:36 -------- d-----w- c:\users\Can\AppData\Roaming\vlc 2012-07-03 11:36 . 2012-07-03 11:36 -------- d-----w- c:\users\Can\AppData\Roaming\TeamViewer 2012-06-30 11:30 . 2012-06-30 11:30 -------- d-----w- c:\windows\SysWow64\logs 2012-06-28 15:56 . 2012-06-28 15:56 -------- d--h--w- c:\programdata\CanonBJ 2012-06-28 15:55 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL 2012-06-25 12:44 . 2012-06-25 12:44 -------- d-----w- c:\program files (x86)\Paradox Interactive 2012-06-25 12:43 . 2001-09-05 01:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll 2012-06-25 12:43 . 2001-09-05 01:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2012-06-25 12:43 . 2001-09-05 01:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2012-06-25 12:43 . 2001-09-05 01:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2012-06-25 12:43 . 2011-03-11 13:43 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2012-06-22 04:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 04:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 04:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 04:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 04:40 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-22 04:40 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-22 04:40 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-22 04:40 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-22 04:40 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 12:12 . 2012-05-26 00:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 12:12 . 2012-05-26 00:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-25 20:10 . 2012-05-25 20:10 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-05-25 20:10 . 2011-09-01 23:44 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-25 20:02 . 2010-06-24 09:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-05-04 11:06 . 2012-06-13 07:54 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 07:54 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 07:54 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-02 13:24 . 2012-05-25 18:56 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-05-01 05:40 . 2012-06-13 07:54 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-13 07:53 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-27 08:20 . 2012-05-25 18:56 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-04-26 05:41 . 2012-06-13 07:54 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 07:54 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 07:54 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-25 12:02 . 2012-04-25 12:02 43800 ----a-w- c:\windows\system32\drivers\Accelerometer.sys 2012-04-25 12:02 . 2012-04-25 12:02 31000 ----a-w- c:\windows\system32\hpservice.exe 2012-04-25 12:02 . 2012-04-25 12:02 21272 ----a-w- c:\windows\system32\accelerometerdll.DLL 2012-04-25 12:02 . 2012-04-25 12:02 18200 ----a-w- c:\windows\system32\HPMDPCoInst12.dll 2012-04-25 12:02 . 2011-01-26 15:01 30488 ----a-w- c:\windows\system32\drivers\hpdskflt.sys 2012-04-24 22:32 . 2012-05-25 18:56 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-04-24 05:37 . 2012-06-13 07:53 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-13 07:53 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-13 07:53 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 07:53 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 07:53 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-13 07:53 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((( SnapShot_2012-07-15_17.11.48 ))))))))))))))))))))))))))))))))))))))))) . + 2012-05-25 16:54 . 2012-07-17 16:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-05-25 16:54 . 2012-07-15 11:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-05-25 16:54 . 2012-07-17 16:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-05-25 16:54 . 2012-07-15 11:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-17 16:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-07-15 11:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-07-15 17:11 . 2012-07-15 17:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-17 22:53 . 2012-07-17 22:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-17 22:53 . 2012-07-17 22:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-15 17:11 . 2012-07-15 17:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2012-07-15 16:54 616008 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-07-17 21:52 616008 c:\windows\system32\perfh009.dat - 2011-09-02 08:43 . 2012-07-15 16:54 654166 c:\windows\system32\perfh007.dat + 2011-09-02 08:43 . 2012-07-17 21:52 654166 c:\windows\system32\perfh007.dat + 2009-07-14 02:36 . 2012-07-17 21:52 106388 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-07-15 16:54 106388 c:\windows\system32\perfc009.dat - 2011-09-02 08:43 . 2012-07-15 16:54 130006 c:\windows\system32\perfc007.dat + 2011-09-02 08:43 . 2012-07-17 21:52 130006 c:\windows\system32\perfc007.dat - 2009-07-14 05:01 . 2012-07-15 17:10 277996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-17 22:53 277996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-12-06 00:39 . 2012-07-15 17:10 2755472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-12-06 00:39 . 2012-07-17 22:53 2755472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2012-05-25 19:59 . 2012-07-15 16:23 2889396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4173586647-3111459378-2006385964-1000-8192.dat + 2012-05-25 19:59 . 2012-07-17 20:25 2889396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4173586647-3111459378-2006385964-1000-8192.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-06-14 103992] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-30 343168] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584] R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-06-14 1098296] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-30 204288] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-04-25 31000] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-30 9981952] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-30 310272] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136] . . Inhalt des "geplante Tasks" Ordners . 2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 12:12] . 2012-07-07 c:\windows\Tasks\HPCeeScheduleForCan.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.178.1 . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-07-18 00:57:27 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-07-17 22:57 ComboFix2.txt 2012-07-15 17:15 ComboFix3.txt 2012-07-11 18:54 . Vor Suchlauf: 15 Verzeichnis(se), 419.951.087.616 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 420.384.456.704 Bytes frei . - - End Of File - - 131DB019A30AFD25CC7CF5B1C17874E3 Code:
ATTFilter OTL logfile created on: 18.07.2012 01:03:49 - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Can\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,95 Gb Total Physical Memory | 4,30 Gb Available Physical Memory | 72,22% Memory free 11,90 Gb Paging File | 9,88 Gb Available in Paging File | 83,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447,59 Gb Total Space | 391,61 Gb Free Space | 87,49% Space Free | Partition Type: NTFS Drive D: | 17,87 Gb Total Space | 1,92 Gb Free Space | 10,76% Space Free | Partition Type: NTFS Drive E: | 620,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: CAN-HP | User Name: Can | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.10 14:17:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Can\Desktop\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.30 22:00:28 | 000,049,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe PRC - [2011.06.14 17:11:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011.05.21 16:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.03.22 12:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.17 23:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe PRC - [2011.02.17 23:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe PRC - [2011.02.17 23:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe PRC - [2011.01.27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.01.13 04:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.12.22 22:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.22 22:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.11.09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 15:53:21 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll MOD - [2012.06.14 11:56:42 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 11:56:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.28 11:11:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.28 11:11:01 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll MOD - [2012.05.28 11:11:00 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.28 11:10:47 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.28 11:10:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.28 11:10:44 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.28 11:10:39 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.09.02 10:41:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.25 14:02:52 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2011.09.30 22:06:14 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.07.12 14:12:26 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011.06.14 17:11:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011.05.21 16:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.03.11 12:23:16 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2011.03.01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.02.17 23:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService) SRV - [2011.02.16 22:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto) SRV - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.12.22 22:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.12.22 22:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010.10.11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 14:02:52 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2012.04.25 14:02:52 | 000,030,488 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.06 02:19:33 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.10.01 00:58:34 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.09.30 21:28:46 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.09.02 11:00:37 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.09.02 11:00:37 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.08.09 08:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.03.11 12:23:16 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.02.17 03:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.01.13 02:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2010.12.17 04:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.10 23:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 23:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.14 20:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.07.28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{C0B93072-C5B9-4412-9A37-4012A29AE9D3}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{C0B93072-C5B9-4412-9A37-4012A29AE9D3}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{C0B93072-C5B9-4412-9A37-4012A29AE9D3}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2012.07.18 00:52:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0600259F-A26B-4A6A-B93E-B09E3EA9E48A}: DhcpNameServer = 172.168.21.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7798534C-828B-4FE7-A7EE-3F11018D58F8}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.03.11 15:39:46 | 000,077,824 | R--- | M] (InstallShield Software Corporation) - E:\autoplay.exe -- [ UDF ] O32 - AutoRun File - [2011.03.11 15:39:45 | 000,000,381 | R--- | M] () - E:\autoplay.ini -- [ UDF ] O32 - AutoRun File - [2011.03.11 15:39:45 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.18 00:57:29 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.07.18 00:54:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.07.15 19:03:14 | 004,579,127 | R--- | C] (Swearware) -- C:\Users\Can\Desktop\ComboFix.exe [2012.07.14 18:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.07.14 18:13:48 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Can\Desktop\esetsmartinstaller_enu.exe [2012.07.12 01:31:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.12 01:31:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.12 01:31:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.12 01:31:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.12 01:31:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.12 01:31:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.12 01:31:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.12 01:31:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.12 01:31:43 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.12 01:31:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.12 01:31:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.12 01:31:43 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.12 01:31:43 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.11 20:43:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.07.11 20:43:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.07.11 20:43:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.07.11 20:43:40 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.07.11 20:43:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.07.11 20:07:43 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Can\Desktop\tdsskiller.exe [2012.07.11 12:37:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 12:37:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 12:37:22 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 12:37:20 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.11 12:37:19 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.10 15:33:27 | 000,000,000 | ---D | C] -- C:\Users\Can\AppData\Roaming\Malwarebytes [2012.07.10 15:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.10 15:33:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.10 15:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.10 15:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.10 15:29:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.07.10 15:29:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.07.10 14:17:00 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Can\Desktop\OTL.exe [2012.07.06 07:13:08 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2012.07.03 13:40:59 | 000,000,000 | ---D | C] -- C:\Users\Can\AppData\Roaming\Help [2012.07.03 13:36:44 | 000,000,000 | ---D | C] -- C:\Users\Can\AppData\Roaming\vlc [2012.07.03 13:36:44 | 000,000,000 | ---D | C] -- C:\Users\Can\AppData\Roaming\TeamViewer [2012.06.30 13:30:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\logs [2012.06.28 17:56:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2012.06.25 14:54:55 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2012.06.25 14:54:55 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2012.06.25 14:54:55 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2012.06.25 14:54:55 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2012.06.25 14:54:54 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2012.06.25 14:54:54 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2012.06.25 14:54:54 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2012.06.25 14:54:54 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2012.06.25 14:54:53 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2012.06.25 14:54:52 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2012.06.25 14:54:52 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2012.06.25 14:54:52 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2012.06.25 14:54:52 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2012.06.25 14:54:52 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2012.06.25 14:54:52 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2012.06.25 14:54:51 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2012.06.25 14:54:51 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2012.06.25 14:54:50 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2012.06.25 14:54:50 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2012.06.25 14:54:49 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2012.06.25 14:54:49 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2012.06.25 14:54:48 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2012.06.25 14:54:48 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2012.06.25 14:54:47 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2012.06.25 14:54:47 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2012.06.25 14:54:47 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2012.06.25 14:54:47 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2012.06.25 14:54:47 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2012.06.25 14:54:46 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2012.06.25 14:54:46 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2012.06.25 14:54:44 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2012.06.25 14:54:44 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2012.06.25 14:54:44 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2012.06.25 14:54:42 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2012.06.25 14:54:42 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2012.06.25 14:54:39 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2012.06.25 14:54:39 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2012.06.25 14:54:38 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2012.06.25 14:54:38 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2012.06.25 14:54:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2012.06.25 14:54:38 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2012.06.25 14:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paradox Interactive [2012.06.25 14:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive [2012.06.22 06:40:56 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.22 06:40:56 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.22 06:40:56 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.22 06:40:40 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.22 06:40:40 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.22 06:40:40 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.22 06:40:29 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.22 06:40:29 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe ========== Files - Modified Within 30 Days ========== [2012.07.18 01:07:58 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.18 01:07:58 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.18 01:05:17 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.18 01:05:17 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.18 01:05:17 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.18 01:05:17 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.18 01:05:17 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.18 01:00:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.18 01:00:07 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys [2012.07.18 00:52:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.07.18 00:42:06 | 004,579,127 | R--- | M] (Swearware) -- C:\Users\Can\Desktop\ComboFix.exe [2012.07.18 00:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.17 11:35:39 | 000,165,376 | ---- | M] () -- C:\Users\Can\Desktop\SystemLook_x64.exe [2012.07.14 18:13:49 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Can\Desktop\esetsmartinstaller_enu.exe [2012.07.12 14:12:26 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.12 14:12:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.12 06:26:06 | 000,293,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.11 20:07:44 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Can\Desktop\tdsskiller.exe [2012.07.10 15:33:22 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.10 15:21:52 | 000,001,120 | ---- | M] () -- C:\Users\Can\Desktop\Continue Download Manager Installation.lnk [2012.07.10 14:17:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Can\Desktop\OTL.exe [2012.07.10 14:15:29 | 000,000,000 | ---- | M] () -- C:\Users\Can\defogger_reenable [2012.07.07 15:06:34 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCan.job [2012.06.25 14:55:03 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Europa Universalis III.lnk ========== Files Created - No Company Name ========== [2012.07.17 11:35:39 | 000,165,376 | ---- | C] () -- C:\Users\Can\Desktop\SystemLook_x64.exe [2012.07.11 20:43:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.07.11 20:43:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.07.11 20:43:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.07.11 20:43:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.07.11 20:43:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.07.10 15:33:22 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.10 15:15:21 | 000,001,120 | ---- | C] () -- C:\Users\Can\Desktop\Continue Download Manager Installation.lnk [2012.07.10 14:15:29 | 000,000,000 | ---- | C] () -- C:\Users\Can\defogger_reenable [2012.06.25 14:55:03 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\Europa Universalis III.lnk [2011.12.06 02:23:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.06 02:15:29 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.12.06 02:14:30 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.12.06 02:14:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.12.06 02:10:15 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.09.30 22:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.09.02 01:43:05 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011.08.09 08:30:02 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.09 08:23:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.08.09 07:58:38 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.03.17 13:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.03.03 22:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2010.12.17 04:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.07.2012 01:03:49 - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Can\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,95 Gb Total Physical Memory | 4,30 Gb Available Physical Memory | 72,22% Memory free 11,90 Gb Paging File | 9,88 Gb Available in Paging File | 83,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447,59 Gb Total Space | 391,61 Gb Free Space | 87,49% Space Free | Partition Type: NTFS Drive D: | 17,87 Gb Total Space | 1,92 Gb Free Space | 10,76% Space Free | Partition Type: NTFS Drive E: | 620,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: CAN-HP | User Name: Can | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{CD4B022C-5BA7-4AD6-9C83-E8F444CF5B6B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{EFA17821-620B-4D4E-8C17-750DDA5DF74A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1F284524-6393-44E0-A62D-ABE7274A261A}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | "{39F77DA4-D90B-4644-80F4-D16C7EDD1965}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{3F054D4E-52ED-4369-9F26-FD9C9D30BEE4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{66704375-FF79-4952-BB8B-9DEA8349D946}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{6B109C57-F5DB-4F25-8015-9BB8FE537B39}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{9215EF7E-C332-4693-BD5C-F21812943AC7}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | "{9B6B2A2B-F5F5-4294-A133-92356B73D34D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{B57806F5-7F3E-4AED-B5D6-2DAEA86FF362}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{FBCC8C60-70DC-4AB8-BAA3-0ACED52EFB2F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "TCP Query User{02509269-B3D8-4030-9EFF-862BAF87F594}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{A4F2FFC5-B2A3-4CEF-BB89-91E9F0521590}C:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "UDP Query User{67FD2343-888F-4D7B-898E-982DF2E25CAC}C:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "UDP Query User{7F027EAD-C699-4DC2-A5AD-023B0D41F0B0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI "{1876545F-47B1-80A7-2F98-D175DA98A392}" = ccc-utility64 "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit) "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}" = AMD Catalyst Install Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{7B4DEBE1-E3E3-45BD-88E6-6C3CA9EEED36}" = HP 3D DriveGuard "{7C54D017-21BB-43AE-9746-33E78AF4A425}" = Validity WBF DDK "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{03B1F1B3-057C-44D4-93BA-CB2F003C34DF}_is1" = 100 Spiele für Windows 7 "{07AF6797-0CF6-FFBB-FDE3-CC51D3B5F342}" = Catalyst Control Center Graphics Previews Common "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08523528-BA2F-43BB-87E3-252C081872B9}" = Catalyst Control Center - Branding "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{120F4744-38ED-FB1E-F313-A7A7E419A71E}" = CCC Help Chinese Traditional "{135AAD7D-FB4A-800C-E7F2-58D02B936C38}" = Catalyst Control Center Localization All "{178EA4CE-9622-76B4-308F-73FEC150DBB4}" = CCC Help Norwegian "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1AE85A98-397D-B62B-0D21-3F7DC93F4F3A}" = CCC Help Swedish "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{339F5A1B-8DB7-E4F8-0A07-EF35B60EBE53}" = CCC Help Portuguese "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}" = HP Documentation "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{412308A1-73B4-A26B-57A8-BE827ADA9BF9}" = Catalyst Control Center Profiles Mobile "{483539DB-FA71-4C45-8438-55D3DCFDECC8}" = HP Software Framework "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6937DA-DABE-31C9-C433-D67C640B7BED}" = CCC Help Italian "{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4 "{52594AFD-2797-356A-CC6F-57047524F1E1}" = CCC Help Japanese "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{56709CD7-06E8-B205-56A6-110DC5090A9A}" = PX Profile Update "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III "{5C7F3D35-9018-A839-3B9C-E50B517B9458}" = CCC Help Hungarian "{5CA75999-3DDE-7B58-3394-38A4E82D8466}" = Catalyst Control Center InstallProxy "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5E63C0AB-19B0-47D4-842E-6B324EB0614B}" = HP Connection Manager "{60CD8628-DDD9-B498-A368-D01A4793CCFA}" = CCC Help Dutch "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6866ADAD-71F1-D306-B979-6371D8C4411A}" = CCC Help German "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76D0E682-0183-E295-FA4C-DA6763669CCA}" = CCC Help English "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DB85CDE-EC37-A333-05B1-23846D03F08D}" = CCC Help Russian "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F6285DB-2536-7EDE-23D2-CA10E2D6399C}" = CCC Help French "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA16FAFC-CCD3-899B-2860-A709BDE31CDC}" = CCC Help Korean "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B357B619-36C5-7C1E-063B-92677609CB14}" = CCC Help Danish "{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011 "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{BDEB2CF5-C1C5-BCC8-DF29-1EE4CF389F9D}" = CCC Help Turkish "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C5D8263A-4D81-8979-91DE-B10120642FC5}" = Catalyst Control Center "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CEEE5B98-96F1-2F1E-0627-853C5F98DE41}" = CCC Help Finnish "{CF48FF43-B417-637C-C804-0F285FD7ED05}" = CCC Help Spanish "{CF6A05D4-E715-BCF4-9ED2-A3307E386D28}" = CCC Help Czech "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DB2C5E6A-CFDD-D6FD-480E-692EBEC17BFC}" = CCC Help Greek "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E59E0B3D-F840-5910-DF8C-73CFA82613C2}" = CCC Help Polish "{E635F3DC-E92B-6E68-A2E7-BF77298E8584}" = PX Profile Update "{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012 "{E77268D6-5E7F-6DE1-34AC-A1A276710C21}" = CCC Help Chinese Standard "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver "{F5C7356C-463C-75BC-E4E0-324E4516EB73}" = CCC Help Thai "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira Free Antivirus "Civitas3" = Grand Ages Rome 1.11 "EasyBits Magic Desktop" = Magic Desktop "ESET Online Scanner" = ESET Online Scanner v3 "HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43 "Imperium Romanum" = Imperium Romanum 1.04 Gold Edition "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Opera 12.00.1467" = Opera 12.00 "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 09.07.2012 10:02:54 | Computer Name = Can-HP | Source = WinMgmt | ID = 10 Description = Error - 09.07.2012 11:27:18 | Computer Name = Can-HP | Source = WinMgmt | ID = 10 Description = Error - 09.07.2012 11:41:56 | Computer Name = Can-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: eu3game.exe, Version: 0.0.0.0, Zeitstempel: 0x4cf60d33 Name des fehlerhaften Moduls: eu3game.exe, Version: 0.0.0.0, Zeitstempel: 0x4cf60d33 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00532dfa ID des fehlerhaften Prozesses: 0x9ec Startzeit der fehlerhaften Anwendung: 0x01cd5de83c2a34b9 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Paradox Interactive\Europa Universalis III\eu3game.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Paradox Interactive\Europa Universalis III\eu3game.exe Berichtskennung: 9c7598a1-c9dc-11e1-9f36-082e5f808a50 Error - 10.07.2012 01:10:36 | Computer Name = Can-HP | Source = WinMgmt | ID = 10 Description = Error - 10.07.2012 04:30:41 | Computer Name = Can-HP | Source = WinMgmt | ID = 10 Description = Error - 10.07.2012 05:49:24 | Computer Name = Can-HP | Source = WinMgmt | ID = 10 Description = Error - 10.07.2012 07:47:05 | Computer Name = Can-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: eu3game.exe, Version: 0.0.0.0, Zeitstempel: 0x4cf60d33 Name des fehlerhaften Moduls: eu3game.exe, Version: 0.0.0.0, Zeitstempel: 0x4cf60d33 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00532dfa ID des fehlerhaften Prozesses: 0xdf8 Startzeit der fehlerhaften Anwendung: 0x01cd5e88671aaa01 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Paradox Interactive\Europa Universalis III\eu3game.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Paradox Interactive\Europa Universalis III\eu3game.exe Berichtskennung: f82b012a-ca84-11e1-a71e-082e5f808a50 Error - 10.07.2012 10:05:15 | Computer Name = Can-HP | Source = WinMgmt | ID = 10 Description = Error - 10.07.2012 10:53:54 | Computer Name = Can-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: eu3game.exe, Version: 0.0.0.0, Zeitstempel: 0x4cf60d33 Name des fehlerhaften Moduls: eu3game.exe, Version: 0.0.0.0, Zeitstempel: 0x4cf60d33 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00532dfa ID des fehlerhaften Prozesses: 0x4b8 Startzeit der fehlerhaften Anwendung: 0x01cd5ea5d12e8150 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Paradox Interactive\Europa Universalis III\eu3game.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Paradox Interactive\Europa Universalis III\eu3game.exe Berichtskennung: 117929c5-ca9f-11e1-a873-082e5f808a50 Error - 10.07.2012 11:16:45 | Computer Name = Can-HP | Source = WinMgmt | ID = 10 Description = [ HP Connection Manager Events ] Error - 16.07.2012 14:09:01 | Computer Name = Can-HP | Source = hpCMSrv | ID = 5 Description = 2012/07/16 20:09:01.101|000012B4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 17.07.2012 07:32:53 | Computer Name = Can-HP | Source = hpCMSrv | ID = 5 Description = 2012/07/17 13:32:53.226|0000110C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 17.07.2012 07:33:05 | Computer Name = Can-HP | Source = hpCMSrv | ID = 5 Description = 2012/07/17 13:33:05.518|0000110C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 17.07.2012 07:33:07 | Computer Name = Can-HP | Source = hpCMSrv | ID = 5 Description = 2012/07/17 13:33:07.858|0000110C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 17.07.2012 07:33:16 | Computer Name = Can-HP | Source = hpCMSrv | ID = 5 Description = 2012/07/17 13:33:16.610|0000110C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 17.07.2012 07:33:17 | Computer Name = Can-HP | Source = hpCMSrv | ID = 5 Description = 2012/07/17 13:33:17.187|0000110C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 17.07.2012 11:16:39 | Computer Name = Can-HP | Source = hpCMSrv | ID = 5 Description = 2012/07/17 17:16:39.404|00001038|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 17.07.2012 16:25:19 | Computer Name = Can-HP | Source = hpCMSrv | ID = 5 Description = 2012/07/17 22:25:19.130|000011AC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 17.07.2012 16:25:26 | Computer Name = Can-HP | Source = hpCMSrv | ID = 5 Description = 2012/07/17 22:25:26.821|000011AC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 17.07.2012 16:25:46 | Computer Name = Can-HP | Source = hpCMSrv | ID = 5 Description = 2012/07/17 22:25:46.820|000011AC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] [ System Events ] Error - 05.07.2012 18:48:15 | Computer Name = Can-HP | Source = DCOM | ID = 10010 Description = Error - 06.07.2012 06:23:47 | Computer Name = Can-HP | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Appinfo erreicht. Error - 06.07.2012 06:23:53 | Computer Name = Can-HP | Source = DCOM | ID = 10010 Description = Error - 06.07.2012 06:37:08 | Computer Name = Can-HP | Source = WMPNetworkSvc | ID = 866300 Description = Error - 11.07.2012 14:46:30 | Computer Name = Can-HP | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 11.07.2012 14:48:32 | Computer Name = Can-HP | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 11.07.2012 14:48:55 | Computer Name = Can-HP | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 11.07.2012 14:49:51 | Computer Name = Can-HP | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: %%126 Error - 11.07.2012 14:52:16 | Computer Name = Can-HP | Source = Service Control Manager | ID = 7000 Description = Der Dienst "HP Support Assistant Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error - 11.07.2012 19:31:29 | Computer Name = Can-HP | Source = DCOM | ID = 10010 Description = < End of report > |
18.07.2012, 13:41 | #14 |
/// Selecta Jahrusso | TR/ATRAPS.gen(2) und Weitere Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Wenn es sonst keine weiteren Probleme mehr gibt, sind wir hier fertig. Bitte folge diesen letzten paar Schritten. Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
19.07.2012, 13:02 | #15 |
| TR/ATRAPS.gen(2) und Weitere Alles klar. Ich danke dir sehr für deine Hilfe! Kompetent und unkompliziert, so muss es sein. Du kannst dieses Thema aus deinen Abonnements löschen. |
Themen zu TR/ATRAPS.gen(2) und Weitere |
adobe, antivir, autorun, avira, bho, bingbar, error, explorer, failed, firefox, flash player, format, helper, heuristiks/extra, heuristiks/shuriken, home, icreinstall, igdpmd64.sys, index, install.exe, launch, logfile, msimg32.dll, plug-in, pup.adware.installcore, realtek, registry, rundll, scan, searchscopes, security, services.exe, software, tr/cutwail.jhg, tr/zaccess.h, trojan.phex.thagen, trojan.phex.thagen1, udp, usb, usb 3.0, windows, wrapper |