| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Sirefef.16896 und TR/ATRAPS.Gen2 im Papierkorb-Verzeichnis (Win7 x64)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.09.2012, 22:54
| #1 |
| |  TR/Sirefef.16896 und TR/ATRAPS.Gen2 im Papierkorb-Verzeichnis (Win7 x64) Hallo, ich habe mich hier angemeldet, weil mein AntiVir (Free Edition) seit gestern Abend alle 5 Minuten (meist gleichzeitig) den Fund des TR/Sirefef.16896 und des TR/ATRAPS.Gen2 meldet. Der erste Fund war allerdings ein "ZeroAccess", den AV als Backdoor identifiziert hatte. Der wurde aber nur einmal und danach nicht mehr gemeldet. Ich habe AntiVir immer mit dem Entfernen der Funde beauftragt und schon versucht, die Dateien per Hand zu löschen. Beides ohne Erfolg. Die beiden Dateien liegen unter "C:\$Recycle.Bin\S-1-5-18\$1b5c9fd7082002ec5681f7984abf8715\U\", soweit ich weiß, ist das doch das Papierkorb-Verzeichnis, oder? Die Endung der Files ist *.@ Außer den Löschversuchen hab ich nichts unternommen bisher. Weiterhin ist mir aufgefallen, als ich heute Nachmittag den Patch für die IE-Lücke laden wollte, dass Windows Update nicht mehr nach neuen Updates suchen kann. Beenden oder neustarten des Dienstes ist nicht möglich, da der Dienst "Windows Update" schlicht gelöscht wurde - er ist nicht mehr da!!! Ich bitte um eine Anleitung zur Entfernung dieses scheußlichen Rootkits, egal wie viel Zeit ich dafür aufwenden muss, Neuinstallationen sind mir ein Graus! Vorab danke für eure Geduld, und hier noch die geforderten Logfiles: Code:
ATTFilter OTL logfile created on: 21.09.2012 23:37:30 - Run 1 OTL by OldTimer - Version 3.2.65.1 Folder = F:\Felix\Ablage 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 59,82% Memory free 5,86 Gb Paging File | 4,15 Gb Available in Paging File | 70,81% Paging File free Paging file location(s): c:\pagefile.sys 1024 4096d:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148,95 Gb Total Space | 102,88 Gb Free Space | 69,07% Space Free | Partition Type: NTFS Drive D: | 149,04 Gb Total Space | 119,87 Gb Free Space | 80,43% Space Free | Partition Type: NTFS Drive E: | 149,04 Gb Total Space | 147,20 Gb Free Space | 98,77% Space Free | Partition Type: NTFS Drive F: | 149,04 Gb Total Space | 115,27 Gb Free Space | 77,34% Space Free | Partition Type: NTFS Computer Name: N5010 | User Name: Felix | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.21 12:55:10 | 000,600,576 | ---- | M] (OldTimer Tools) -- F:\Felix\Ablage\OTL.exe PRC - [2012.09.07 15:14:36 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files (x86)\Orbit Downloader\orbitnet.exe PRC - [2012.08.30 19:02:56 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012.08.01 10:57:26 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\AntiVir\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 15:31:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\AntiVir\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 15:31:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\AntiVir\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.21 14:25:34 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2011.06.21 17:20:16 | 001,984,832 | ---- | M] (FSPro Labs) -- C:\Programme\My Lockbox\mylbx.exe PRC - [2010.11.10 19:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe ========== Modules (No Company Name) ========== MOD - [2012.08.30 19:02:59 | 000,316,928 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2012.08.30 19:02:59 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2012.08.30 19:02:59 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2012.08.30 19:02:59 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2012.08.30 19:02:59 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2012.08.30 19:02:59 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll MOD - [2012.08.30 19:02:58 | 000,783,360 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll MOD - [2012.08.30 19:02:58 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2012.08.30 19:02:58 | 000,099,840 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2012.08.30 19:02:58 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2012.08.30 19:02:58 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2012.08.30 19:02:58 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2012.08.30 19:02:58 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2010.11.21 16:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\FileZilla\fzshellext.dll MOD - [2010.11.10 19:39:08 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\controly.dll MOD - [2010.11.10 19:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe MOD - [2010.06.30 14:03:14 | 000,051,512 | ---- | M] () -- C:\Programme\My Lockbox\FSPFlt.dll MOD - [2009.12.17 00:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Launchy\imageformats\qmng4.dll MOD - [2009.12.16 22:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll MOD - [2009.12.16 21:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll MOD - [2009.12.16 21:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.11.10 05:11:32 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.11.19 15:29:58 | 000,036,160 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2010.02.02 14:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.14 03:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC) SRV - [2012.09.20 21:51:12 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 15:31:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\AntiVir\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 15:31:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\AntiVir\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.02.07 14:18:30 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.12.02 11:37:41 | 002,923,392 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.06.23 15:42:28 | 000,607,040 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.11.19 15:32:52 | 001,403,200 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.11.19 15:29:54 | 000,030,016 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.07.01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Widcomm Bluetooth\btwdins.exe -- (btwdins) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 15:31:13 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 15:31:13 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.19 14:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.11.10 05:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.11.10 04:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.07.25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2011.07.20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 02:49:52 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2010.11.20 02:43:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.11 12:34:44 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT) DRV:64bit: - [2010.07.22 17:13:28 | 000,054,848 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter) DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010.02.02 14:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2010.02.02 14:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL) DRV:64bit: - [2010.02.02 14:13:04 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.01.05 04:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2009.09.17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.07.02 22:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.07.02 22:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.07.02 22:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.07.02 22:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2010.03.09 04:52:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010.02.24 13:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = F:\Felix\Ablage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {5718365C-8932-4FA7-B6CA-9316A40AEC59} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{5718365C-8932-4FA7-B6CA-9316A40AEC59}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\JAVA\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () [2011.07.22 23:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\Mozilla\Extensions [2011.07.22 23:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com O1 HOSTS File: ([2012.02.14 16:28:42 | 000,001,021 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 ar.atwola.com O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbit Downloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Wondershare YouTube Downloader) - {133232D2-DAE3-4B6F-AAC2-17CD87495682} - C:\Program Files (x86)\All My Tube\SVRIEPlugin.dll (Wondershare Software Co., Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\JAVA\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbit Downloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbit Downloader\GrabPro.dll () O4:64bit: - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\AntiVir\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKCU..\Run: [$Volumouse$] C:\Program Files\Volumouse\vmouse.exe (NirSoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Widcomm Bluetooth\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Widcomm Bluetooth\btsendto_ie.htm () O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Widcomm Bluetooth\btsendto_ie_ctx.htm () O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Widcomm Bluetooth\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\Widcomm Bluetooth\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Widcomm Bluetooth\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Widcomm Bluetooth\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Widcomm Bluetooth\btsendto_ie.htm () O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Widcomm Bluetooth\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Widcomm Bluetooth\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B276BE50-62EA-44B5-8F41-374BB862AF55}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.21 23:15:28 | 000,000,000 | ---D | C] -- C:\Users\Felix\Desktop\WUR [2012.09.21 22:54:20 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2012.09.21 22:54:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker [2012.09.20 21:59:18 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum [2012.09.16 20:50:07 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\BatteryBar [2012.09.16 20:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\BatteryBar [2012.09.16 20:35:57 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Launchy [2012.09.16 20:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launchy [2012.09.16 20:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launchy [2012.09.16 14:52:16 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\Microsoft Games [2012.09.16 14:51:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [2012.09.16 14:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games [2012.09.14 14:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rtmpExplorer [2012.09.12 23:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.09.08 21:49:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orbit Downloader [2012.09.08 00:29:40 | 000,000,000 | ---D | C] -- C:\Users\Felix\Documents\DonationCoder [2012.09.08 00:29:40 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\DonationCoder [2012.09.08 00:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2012.09.08 00:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap [2012.09.08 00:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URL Snooper [2012.09.08 00:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\URL Snooper [2012.09.08 00:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DonationCoder [2012.09.07 23:30:59 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\Wondershare [2012.09.07 23:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare [2012.09.07 23:30:55 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Wondershare [2012.09.07 23:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllMyTube [2012.09.07 23:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\All My Tube [2012.09.07 23:10:57 | 000,000,000 | ---D | C] -- C:\rtmpdump ========== Files - Modified Within 30 Days ========== [2012.09.21 23:36:25 | 000,000,000 | ---- | M] () -- C:\Users\Felix\defogger_reenable [2012.09.21 23:35:26 | 000,001,905 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk [2012.09.21 23:15:15 | 000,280,571 | ---- | M] () -- C:\Users\Felix\Desktop\winUpdRestore!v28.exe [2012.09.21 22:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.21 22:47:26 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.21 22:47:26 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.21 22:44:24 | 001,622,552 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.21 22:44:24 | 000,700,080 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.21 22:44:24 | 000,654,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.21 22:44:24 | 000,149,996 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.21 22:44:24 | 000,122,632 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.21 22:39:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.21 22:39:27 | 3113,238,528 | -HS- | M] () -- C:\hiberfil.sys [2012.09.21 07:31:11 | 000,001,238 | ---- | M] () -- C:\Users\Felix\Desktop\Felix.lnk [2012.09.21 07:30:11 | 000,002,296 | ---- | M] () -- C:\Users\Felix\Desktop\Windows Mail.lnk [2012.09.21 07:29:24 | 000,001,573 | ---- | M] () -- C:\Users\Felix\Desktop\Skype.lnk [2012.09.21 07:29:14 | 000,001,761 | ---- | M] () -- C:\Users\Felix\Desktop\Microsoft Word.lnk [2012.09.21 07:28:59 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2012.09.20 16:26:27 | 000,005,632 | ---- | M] () -- C:\Users\Felix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.19 16:49:09 | 000,439,357 | ---- | M] () -- C:\Windows\SysWow64\20120215-3-1.jpg [2012.09.19 16:44:34 | 000,000,768 | ---- | M] () -- C:\Windows\ulead32.ini [2012.09.17 01:47:23 | 213,605,486 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.09.16 21:38:21 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit.INI [2012.09.16 20:35:54 | 000,001,022 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2012.09.08 22:51:14 | 000,333,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.08 00:29:40 | 000,000,046 | ---- | M] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat [2012.08.26 18:52:07 | 000,001,087 | ---- | M] () -- C:\Users\Felix\Desktop\EVEREST.lnk [2012.08.26 18:46:19 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry DS.lnk [2012.08.25 15:56:04 | 000,000,669 | ---- | M] () -- C:\Users\Felix\.swfinfo [2012.08.25 00:06:05 | 000,002,036 | ---- | M] () -- C:\Users\Felix\Desktop\AntiVir Update.lnk ========== Files Created - No Company Name ========== [2012.09.21 23:36:25 | 000,000,000 | ---- | C] () -- C:\Users\Felix\defogger_reenable [2012.09.21 23:15:15 | 000,280,571 | ---- | C] () -- C:\Users\Felix\Desktop\winUpdRestore!v28.exe [2012.09.19 16:49:09 | 000,439,357 | ---- | C] () -- C:\Windows\SysWow64\20120215-3-1.jpg [2012.09.16 20:35:54 | 000,001,022 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2012.09.09 10:09:55 | 000,001,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk [2012.09.08 00:29:40 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat [2012.07.01 23:09:01 | 000,005,632 | ---- | C] () -- C:\Users\Felix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.11 23:03:58 | 001,591,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.20 15:49:13 | 000,007,605 | ---- | C] () -- C:\Users\Felix\AppData\Local\Resmon.ResmonCfg [2011.11.21 15:11:27 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit.INI [2011.11.10 04:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.11.10 04:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.10.02 23:08:48 | 000,000,216 | ---- | C] () -- C:\Windows\EurekaLog.ini [2011.09.17 15:39:22 | 000,000,000 | ---- | C] () -- C:\Windows\AutoRun.INI [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.23 22:48:40 | 000,000,669 | ---- | C] () -- C:\Users\Felix\.swfinfo [2011.07.16 15:10:07 | 000,006,537 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.07.13 02:32:51 | 000,000,768 | ---- | C] () -- C:\Windows\ulead32.ini [2011.06.23 14:58:01 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.06.23 14:58:01 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.06.23 14:58:01 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini [2011.06.23 14:57:57 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI [2011.06.20 18:32:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini ========== LOP Check ========== [2012.09.08 21:37:19 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\.minecraft [2012.09.21 08:17:14 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Audacity [2012.09.16 20:50:17 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\BatteryBar [2012.09.08 00:29:40 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\DonationCoder [2012.03.17 01:20:56 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\DVDVideoSoft [2012.02.07 22:07:47 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers [2011.07.13 01:28:15 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\FileTypeChecker [2012.08.29 21:39:43 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\FileZilla [2012.05.06 13:32:32 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\GrabPro [2011.10.16 16:41:26 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\HDRsoft [2012.09.13 23:06:09 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\ICQ [2012.09.16 20:37:59 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Launchy [2012.09.20 16:23:09 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Mp3tag [2012.09.21 23:43:50 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\NetSpeedMonitor [2011.08.01 00:11:17 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Nokia [2011.06.20 19:15:54 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Opera [2012.09.21 23:37:04 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Orbit [2012.05.24 12:28:18 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\PC Suite [2011.07.07 18:46:22 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\ProgSense [2012.05.31 18:15:05 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Research In Motion [2012.05.14 11:54:15 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\TeamViewer [2011.07.13 02:05:24 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Timerle [2011.07.22 23:24:43 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\TomTom [2011.06.23 15:41:44 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\TuneUp Software [2012.05.17 14:55:50 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\uTorrent [2012.09.09 15:53:27 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Vso [2012.09.07 23:31:03 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Wondershare [2012.05.02 00:44:27 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\XnView ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.09.2012 23:37:30 - Run 1
OTL by OldTimer - Version 3.2.65.1 Folder = F:\Felix\Ablage
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 59,82% Memory free
5,86 Gb Paging File | 4,15 Gb Available in Paging File | 70,81% Paging File free
Paging file location(s): c:\pagefile.sys 1024 4096d:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 102,88 Gb Free Space | 69,07% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 119,87 Gb Free Space | 80,43% Space Free | Partition Type: NTFS
Drive E: | 149,04 Gb Total Space | 147,20 Gb Free Space | 98,77% Space Free | Partition Type: NTFS
Drive F: | 149,04 Gb Total Space | 115,27 Gb Free Space | 77,34% Space Free | Partition Type: NTFS
Computer Name: N5010 | User Name: Felix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiSpyWareDisableNotify" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}" = Oracle VM VirtualBox 4.1.8
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"My Lockbox_is1" = My Lockbox 2.6
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.7
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.7 Build #6547 Banner Remover 1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28BEAB0A-065D-4D5A-8982-ABE08E0C1215}" = Dir-It!
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2BC21CD2-8053-406A-80F6-9AB61717B49D}" = ODF Add-In für Microsoft Office
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5A065EA0-0EEC-4E94-A2A0-40812576C122}" = Ulead PhotoImpact 10 SE
"{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.0
"{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7C459192-BBB7-446C-9DC8-E502E02FEB51}_is1" = Timerle 1.04
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.2.0
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEA24B3-59BC-4C57-BD1C-4A261F269748}" = TASTstar 5.0 Demo
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
"{D179B513-AD43-4013-AC50-C16107A0A02D}" = LogMeIn Hamachi
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DA94A899-F439-44D1-90B6-DB02A7341170}" = BlackBerry Desktop Software 7.0
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"asmart10_is1" = Adenix S.M.A.R.T. Explorer 1.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.0
"Cartoonist_is1" = Cartoonist 1.3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"FileZilla Client" = FileZilla Client 3.3.5.1
"FLV Player" = FLV Player 2.0 (build 25)
"Fly on Desktop Screensaver_is1" = Fly on Desktop Screensaver 1.2
"Free Studio_is1" = Free Studio version 5.3.3
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.22.602
"Free Video to Nokia Phones Converter_is1" = Free Video to Nokia Phones Converter version 2.3.4.920
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"Launchy_21344213_is1" = Launchy 2.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mp3tag" = Mp3tag v2.52
"nfsBalls3DHD New Free Screensaver_is1" = NewFreeScreensaver nfsBalls3DHD
"nfsDigitalClock07 New Free Screensaver_is1" = NewFreeScreensaver nfsDigitalClock07
"nfsDigitalPaintClockWhite New Free Screensaver_is1" = NewFreeScreensaver nfsDigitalPaintClockWhite
"Opera 12.02.1578" = Opera 12.02
"Orbit_is1" = Orbit Downloader
"Rigs of Rods" = Rigs of Rods 0.36.2
"Samsung Printer Live Update" = Samsung Printer Live Update
"SpeedFan" = SpeedFan (remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"TomTom HOME" = TomTom HOME 2.8.3.2499
"TuneUp Utilities" = TuneUp Utilities
"Universal Extractor_is1" = Universal Extractor 1.6
"Unlocker" = Unlocker 1.8.9
"URLSnooper 2_is1" = URL Snooper v2.30.01
"uTorrent" = µTorrent
"VSO Image Resizer_is1" = VSO Image Resizer 1.1.14
"WinPcapInst" = WinPcap 4.1.2
"Wondershare AllMyTube_is1" = Wondershare AllMyTube(Build 2.2.4.0)
"XnView_is1" = XnView 1.98.8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Live Security Platinum" = Live Security Platinum
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.09.2012 17:06:44 | Computer Name = N5010 | Source = ESENT | ID = 455
Description = Windows (3704) Windows: Fehler -1811 (0xfffff8ed) beim Öffnen von
Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.
Error - 13.09.2012 17:06:44 | Computer Name = N5010 | Source = Windows Search Service | ID = 9000
Description =
Error - 13.09.2012 17:06:44 | Computer Name = N5010 | Source = Windows Search Service | ID = 7040
Description =
Error - 13.09.2012 17:06:44 | Computer Name = N5010 | Source = Windows Search Service | ID = 7042
Description =
Error - 13.09.2012 17:06:44 | Computer Name = N5010 | Source = Windows Search Service | ID = 1006
Description =
Error - 16.09.2012 14:58:36 | Computer Name = N5010 | Source = Application Hang | ID = 1002
Description = Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1234 Startzeit: 01cd943d0f49bf1e Endzeit: 20 Anwendungspfad:
C:\Windows\system32\rundll32.exe Berichts-ID:
Error - 17.09.2012 18:06:19 | Computer Name = N5010 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: orbitdm.exe, Version: 4.1.1.2, Zeitstempel:
0x50499f93 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00036a98 ID des fehlerhaften Prozesses:
0x920 Startzeit der fehlerhaften Anwendung: 0x01cd95209cbbc007 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Orbit Downloader\orbitdm.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: e8052979-0113-11e2-a13a-1c659d5d4d1f
Error - 19.09.2012 14:24:42 | Computer Name = N5010 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: orbitdm.exe, Version: 4.1.1.2, Zeitstempel:
0x50499f93 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00036a98 ID des fehlerhaften Prozesses:
0x9b0 Startzeit der fehlerhaften Anwendung: 0x01cd9693f93710b7 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Orbit Downloader\orbitdm.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 471e27fd-0287-11e2-b041-a710b1dcf968
Error - 21.09.2012 16:10:27 | Computer Name = N5010 | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 9.0.0.3822 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12bc Startzeit:
01cd983487fdd7b1 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
Berichts-ID:
6029e49f-0428-11e2-b041-a710b1dcf968
Error - 21.09.2012 16:40:19 | Computer Name = N5010 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: orbitdm.exe, Version: 4.1.1.2, Zeitstempel:
0x50499f93 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00036a98 ID des fehlerhaften Prozesses:
0x850 Startzeit der fehlerhaften Anwendung: 0x01cd983941ef470e Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Orbit Downloader\orbitdm.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 8e76aee3-042c-11e2-abe6-b836ccdcb06f
Error - 21.09.2012 17:44:07 | Computer Name = N5010 | Source = VSS | ID = 12310
Description =
[ System Events ]
Error - 18.04.2012 10:22:17 | Computer Name = N5010 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR14
gefunden.
Error - 18.04.2012 10:22:17 | Computer Name = N5010 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR14
gefunden.
Error - 18.04.2012 10:22:18 | Computer Name = N5010 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR14
gefunden.
Error - 18.04.2012 10:22:18 | Computer Name = N5010 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR14
gefunden.
Error - 18.04.2012 10:22:19 | Computer Name = N5010 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR14
gefunden.
Error - 18.04.2012 10:22:20 | Computer Name = N5010 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR14
gefunden.
Error - 18.04.2012 10:22:20 | Computer Name = N5010 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR14
gefunden.
Error - 18.04.2012 10:22:21 | Computer Name = N5010 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR14
gefunden.
Error - 18.04.2012 10:22:21 | Computer Name = N5010 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR14
gefunden.
Error - 18.04.2012 12:06:58 | Computer Name = N5010 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
< End of report >
|
| Themen zu TR/Sirefef.16896 und TR/ATRAPS.Gen2 im Papierkorb-Verzeichnis (Win7 x64) |
| 5 minuten, 7-zip, antivir, avira, backdoor, entfernen, flash player, home, install.exe, nicht möglich, nodrives, ntdll.dll, plug-in, recycle.bin, registry, security, sketchup, software, updates, virtualbox, visual studio, windows, youtube downloader |
Baum-Darstellung