| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SLD.EXE Wer oder was ist das?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.02.2010, 15:31
| #1 |
 |  SLD.EXE Wer oder was ist das? Hey Community! Ich habe seid kurzen Win7 drauf und ich denke ich hab mir auch schon irgendwas eingefangen. Avast Home findet nix und Ad Aware hat nur paar Cookies gelöscht. Trotzdem läuft immer mal wieder eine Sld.exe, die auf meiner Platte rumrödelt und irgendwas macht. Tante google hat mir nich sonderlich geholfen. Irgendwas mit Virus Melt und Remover Tools, die aus fragwürdiger Quelle stammen. Eigentlich sollte ich vielleicht direkt neu installieren, hab aber grad Prüfungsphase und da keine Zeit für. Was kann man nu machen? Was is das? Was braucht ihr um das festzustellen? MfG Knutowskie |
|
15.02.2010, 15:35
| #2 |
  |  SLD.EXE Wer oder was ist das? Hi,
__________________prüfen lassen: Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter SLD.EXE
Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop * Doppelklick auf die OTL.exe * Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen * Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output * Unter Extra Registry, wähle bitte Use SafeList * Klicke nun auf Run Scan links oben * Wenn der Scan beendet wurde werden 2 Logfiles erstellt * Poste die Logfiles hier in den Thread. chris
__________________ |
|
15.02.2010, 16:19
| #3 |
| | SLD.EXE Wer oder was ist das? Hab die SLD.exe derweile Lokalisiert und einfach mal gelöscht. Da war auch noch eine SLC und eine SLB die zum selben Zeitpunkt erstellt wurden. Alles im Datennirvana jetzt.
__________________Achso, angefangen hat es mit msa.exe Hatte mir ein "spiel" heruntergeladen, welches wohl kostenlos sei und als ich die Setup.exe ausgeführt habe, passierte nix, aber die setup.exe war weg. Toll dachte ich mir. Am nächsten morgen hatte ich 20 IE Fenster mit toller Werbung offen (Rechner läuft 24/7) Also geguckt was is und msa.exe beseitigt. Mit msconfig mal so rumgesucht, was noch so startet: [Los Alamos] und Sld.exe... Also regedit und alles Platt gemacht was so heißt. Sld.exe wie oben schon gesagt auch direkt gelöscht, nich nur den Run eintrag. Nun denke ich alles beseitigt zu haben. Ich werde nu aber trotzdem gleich mal deine Schritte oben einleiten. Hier derweile mal ein HijackThis Logfile von eben. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:08:59, on 15.02.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Windows\SysWOW64\studnet\studnet.exe C:\Program Files (x86)\MSI\TV@nywhere Pro\HyperMediaCenter 3.5\DTVR\Scheduled.exe C:\Program Files (x86)\Orbitdownloader\orbitdm.exe C:\Program Files (x86)\MSI\TV@nywhere Pro\TV@nywhere Pro Utilities\HMCP3XCtl.exe C:\Program Files (x86)\Folding@home\Folding@home-gpu\Folding@home.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe C:\Users\***\AppData\Roaming\Folding@home-gpu\FahCore_11.exe C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/? LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader \orbitcth.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java \jre6\bin\jp2ssv.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader \GrabPro.dll O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKCU\..\Run: [studNET-Autologin] C:\Windows\SysWOW64\studnet\studnet.exe /auto O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Center Agent] C:\Program Files (x86)\MSI\TV@nywhere Pro\HyperMediaCenter 3.5\DTVR\Scheduled.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Folding@home_GPU.lnk = ? O4 - Global Startup: Orbit.lnk = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe O4 - Global Startup: Remote Control.lnk = C:\Program Files (x86)\MSI\TV@nywhere Pro\TV@nywhere Pro Utilities \HMCP3XCtl.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader \orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader \orbitmxt.dll/202 O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis \Schedule2\schedul2.exe O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis \CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software \Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Folding@home-CPU-[1] - Unknown owner - C:\Program Files (x86)\Folding@Home Windows SMP Client V1.01\Folding@home-Win32-x86.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\ \lxdnserv.exe O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\SMP\smpd.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows \system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer \Version5\TeamViewer_Service.exe O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player \vmware-ufad.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows \system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows \system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem \WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9690 bytes Die O23 seien wohl normal, da es Windows 7 x64 ist... Bis gleich! Geändert von Knutowskie (15.02.2010 um 16:30 Uhr) |
|
15.02.2010, 16:28
| #4 |
| | SLD.EXE Wer oder was ist das? so MAM und OTL laufen grad. abwarten und tee trinken heißt es nun. |
|
15.02.2010, 16:30
| #5 |
| | SLD.EXE Wer oder was ist das? Hi, lass MAM laufen und nutzt statt HJ OTL und poste jeweils die Logs... Hast Du ein 64Bit-System? chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
15.02.2010, 16:33
| #6 |
| | SLD.EXE Wer oder was ist das? ja 64 bit is am start. Hier das OTL.txt: OTL logfile created on: 15.02.2010 16:26:02 - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\%Username%\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 26,29 Gb Free Space | 53,84% Space Free | Partition Type: NTFS Drive D: | 107,89 Gb Total Space | 13,77 Gb Free Space | 12,76% Space Free | Partition Type: NTFS Drive E: | 76,17 Gb Total Space | 3,62 Gb Free Space | 4,75% Space Free | Partition Type: NTFS Drive F: | 71,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded Drive H: | 3,84 Gb Total Space | 0,67 Gb Free Space | 17,53% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: KNATTERKASTEN Current User Name: %Username% Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\%Username%\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\%Username%\AppData\Roaming\Folding@home-gpu\FahCore_11.exe () PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) PRC - C:\Program Files (x86)\Folding@home\Folding@home-gpu\Folding@home.exe () PRC - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () PRC - C:\Program Files (x86)\MSI\TV@nywhere Pro\HyperMediaCenter 3.5\DTVR\Scheduled.exe () PRC - C:\Program Files (x86)\MSI\TV@nywhere Pro\TV@nywhere Pro Utilities\HMCP3XCtl.exe () PRC - C:\Windows\SysWOW64\studnet\studnet.exe (Dossin-Brade GbR) PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe () PRC - C:\SMP\smpd.exe () ========== Modules (SafeList) ========== MOD - C:\Users\%Username%\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\Unlocker\UnlockerHook.dll () MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV:64bit: - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV:64bit: - (lxdnCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe () SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( ) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 04:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 04:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (lxdn_device) -- C:\Windows\SysWow64\lxdncoms.exe ( ) SRV - (mpich2_smpd) -- C:\SMP\smpd.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software) DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.) DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:64bit: - (AtcL001) -- C:\Windows\SysNative\drivers\l160x64.sys (Atheros Communications, Inc.) DRV:64bit: - (3xHybr64) -- C:\Windows\SysNative\drivers\3xHybr64.sys (NXP Semiconductors Germany GmbH) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation) DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation) DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation) DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation) DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s115mgmt.sys (MCCI Corporation) DRV:64bit: - (s115obex) -- C:\Windows\SysNative\drivers\s115obex.sys (MCCI Corporation) DRV:64bit: - (s115mdm) -- C:\Windows\SysNative\drivers\s115mdm.sys (MCCI Corporation) DRV:64bit: - (s115mdfl) -- C:\Windows\SysNative\drivers\s115mdfl.sys (MCCI Corporation) DRV:64bit: - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\Windows\SysNative\drivers\s115bus.sys (MCCI Corporation) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies) DRV - (CSC) -- C:\Windows\CSC [2010.01.05 01:23:27 | 000,000,000 | ---D | M] DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.) DRV - (DSDrv4AMD64) -- C:\PROGRA~2\DScaler\DSDRV4~2.SYS () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 B0 E0 A9 CC 93 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.01.06 21:14:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.01.20 19:02:04 | 000,000,000 | ---D | M] [2010.01.05 02:50:34 | 000,000,000 | ---D | M] -- C:\Users\%Username%\AppData\Roaming\mozilla\Extensions [2010.02.15 06:45:33 | 000,000,000 | ---D | M] -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions [2010.02.06 11:25:11 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2010.02.12 19:13:21 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2010.01.05 02:52:24 | 000,000,000 | ---D | M] (Extended Copy Menu) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{2E18002D-DF43-4c65-9FDA-40D02F066D9E} [2010.01.05 02:52:24 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2010.01.05 02:52:24 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2010.02.15 06:45:05 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.02.13 14:54:41 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010.01.05 02:52:24 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66} [2010.01.05 02:52:24 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2010.01.05 02:52:24 | 000,000,000 | ---D | M] (CSS Validator) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09} [2010.01.05 02:52:25 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010.01.19 19:20:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.01.29 21:50:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.02.12 19:13:23 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.02.12 19:13:21 | 000,000,000 | ---D | M] -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.01.05 02:52:23 | 000,000,000 | ---D | M] -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\FFClickOnce@softwarepunk.com [2010.01.05 02:52:23 | 000,000,000 | ---D | M] -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\resizeabletextarea@bristol.ac.uk [2010.02.15 06:45:06 | 000,000,000 | ---D | M] -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\validator@totalvalidator.com [2010.02.15 06:45:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.01.06 01:14:17 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2009.12.02 09:31:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.12.02 09:31:53 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2009.12.02 09:31:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2009.12.02 09:31:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2009.12.02 09:31:53 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [Center Agent] C:\Program Files (x86)\MSI\TV@nywhere Pro\HyperMediaCenter 3.5\DTVR\Scheduled.exe () O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [studNET-Autologin] C:\Windows\SysWOW64\studnet\studnet.exe (Dossin-Brade GbR) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\%Username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home_GPU.lnk = C:\Users\%Username%\AppData\Roaming\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_41346D1BD9E98636678C85.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 139.18.25.3 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.04.30 16:42:22 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.08.01 11:52:16 | 000,000,196 | ---- | M] () - H:\Autorun.inf -- [ FAT32 ] O33 - MountPoints2\{6bbd4be2-f990-11de-90b0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6bbd4be2-f990-11de-90b0-806e6f6e6963}\Shell\AutoRun\command - "" = G:\tools\shelexec.exe html\index.htm -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found 64bit: O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.02.15 16:25:15 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\%Username%\Desktop\OTL.exe [2010.02.15 16:23:44 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Roaming\Malwarebytes [2010.02.15 16:23:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.02.15 16:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.02.15 16:23:39 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.02.15 16:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.02.15 15:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010.02.15 15:10:43 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Roaming\Thunderbird [2010.02.12 13:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis [2010.02.12 13:27:23 | 000,251,488 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys [2010.02.12 13:27:21 | 001,477,728 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm258.sys [2010.02.12 13:27:19 | 000,943,712 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys [2010.02.12 13:27:14 | 000,257,120 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys [2010.02.12 13:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis [2010.02.12 13:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis [2010.02.10 11:00:33 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2010.02.10 11:00:33 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2010.02.10 11:00:33 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2010.02.10 11:00:32 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2010.02.10 11:00:32 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2010.02.10 11:00:32 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2010.02.10 11:00:32 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2010.02.10 11:00:32 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2010.02.10 11:00:32 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2010.02.10 11:00:32 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2010.02.10 11:00:32 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2010.02.10 11:00:32 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2010.02.10 11:00:32 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2010.02.10 11:00:32 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2010.02.10 11:00:32 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2010.02.10 11:00:32 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2010.02.10 10:59:59 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2010.02.10 10:59:58 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2010.02.10 10:59:58 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll [2010.02.10 10:59:58 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll [2010.02.10 10:59:58 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll [2010.02.10 10:59:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll [2010.02.10 10:59:58 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll [2010.02.10 10:59:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll [2010.02.10 10:59:58 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll [2010.02.08 14:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.02.08 12:49:11 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010.02.08 12:49:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010.02.08 12:48:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} [2010.02.08 12:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.02.08 12:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2010.02.07 18:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend [2010.02.07 18:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson USB [2010.02.07 16:58:17 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Roaming\HFM [2010.02.07 16:58:16 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Local\harlam357 [2010.02.07 16:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HFM.NET [2010.01.27 10:44:05 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010.01.27 10:44:05 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2010.01.27 10:44:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2010.01.22 11:51:53 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2010.01.22 11:51:52 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2010.01.22 11:51:52 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2010.01.22 11:51:52 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2010.01.22 11:51:52 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2010.01.22 11:51:52 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2010.01.20 19:02:10 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2010.01.20 19:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2010.01.20 19:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2010.01.20 19:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2010.01.20 18:22:54 | 000,163,840 | ---- | C] (CyberLink) -- C:\Windows\SysNative\MpgMux.ax [2010.01.20 18:22:54 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dump.ax [2010.01.20 18:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elecard [2010.01.20 18:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Elecard [2010.01.20 17:50:13 | 000,000,000 | ---D | C] -- C:\Users\%Username%\Documents\DVDVideoSoft [2010.01.20 17:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2010.01.20 17:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2010.01.19 12:10:24 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX [2010.01.19 12:10:24 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX [2010.01.19 12:10:24 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2010.01.19 12:10:22 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2010.01.19 12:10:22 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2010.01.19 12:10:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2010.01.19 12:10:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2010.01.18 03:49:48 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Roaming\Foxit Software [2010.01.17 23:05:21 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Roaming\DScaler4 [2010.01.17 23:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DScaler [2010.01.17 22:35:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B} [2010.01.17 22:35:05 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Roaming\Stardock [2010.01.17 22:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock [2010.01.17 22:34:54 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Local\PackageAware [2010.01.17 20:35:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dvrms editor [2010.01.17 20:07:56 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Local\Apps [2010.01.17 20:07:55 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Local\Deployment [2010.01.17 19:56:39 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll [2010.01.17 19:56:39 | 000,318,976 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll [2010.01.17 19:56:38 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2010.01.17 19:56:38 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll [2010.01.17 19:56:38 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5 [2010.01.17 19:56:25 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll [2010.01.17 19:56:25 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax [2010.01.17 19:56:25 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax [2010.01.17 19:56:25 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax [2010.01.17 19:56:25 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax [2010.01.17 19:56:25 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax [2010.01.17 19:56:25 | 000,054,784 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLAPEDec.ax [2010.01.17 19:56:25 | 000,037,888 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLMPCDec.ax [2010.01.17 19:56:25 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll [2010.01.17 19:56:24 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax [2010.01.17 19:56:24 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll [2010.01.17 19:56:24 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax [2010.01.17 19:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft [2010.01.05 20:11:53 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll [2010.01.05 20:11:53 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll [2010.01.05 20:11:53 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll [2010.01.05 20:11:53 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll [2010.01.05 20:11:53 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll [2010.01.05 20:11:52 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll [2010.01.05 20:11:52 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll [2010.01.05 20:11:52 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll [2010.01.05 20:11:52 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll [2010.01.05 20:11:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll ========== Files - Modified Within 30 Days ========== [2010.02.15 16:28:24 | 002,097,152 | -HS- | M] () -- C:\Users\%Username%\NTUSER.DAT [2010.02.15 16:25:17 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\%Username%\Desktop\OTL.exe [2010.02.15 16:23:43 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.02.15 16:12:10 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.02.15 16:12:10 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.02.15 16:09:09 | 001,480,120 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.02.15 16:09:09 | 000,646,312 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.02.15 16:09:09 | 000,609,676 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.02.15 16:09:09 | 000,127,398 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.02.15 16:09:09 | 000,104,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.02.15 16:05:25 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.02.15 16:05:25 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2010.02.15 16:05:25 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2010.02.15 16:05:25 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job [2010.02.15 16:05:25 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2010.02.15 16:05:04 | 000,001,889 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk [2010.02.15 16:04:57 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2010.02.15 16:04:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.02.15 16:04:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.02.15 16:03:55 | 001,975,704 | -H-- | M] () -- C:\Users\%Username%\AppData\Local\IconCache.db [2010.02.15 15:33:33 | 000,002,097 | ---- | M] () -- C:\Users\%Username%\Desktop\HijackThis.lnk [2010.02.12 13:34:10 | 000,007,658 | ---- | M] () -- C:\Users\%Username%\AppData\Local\Resmon.ResmonCfg [2010.02.12 13:27:23 | 000,251,488 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys [2010.02.12 13:27:21 | 001,477,728 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm258.sys [2010.02.12 13:27:19 | 000,943,712 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys [2010.02.12 13:27:14 | 000,257,120 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys [2010.02.08 14:28:29 | 000,001,394 | ---- | M] () -- C:\Users\%Username%\Desktop\1NSANE Swissknife.exe.lnk [2010.02.08 12:49:00 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe [2010.02.08 12:48:49 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010.02.07 23:24:19 | 000,175,104 | ---- | M] () -- C:\Windows\SysWow64\sshnas21.dll [2010.02.07 18:55:07 | 000,002,915 | ---- | M] () -- C:\Users\%Username%\Desktop\Clusterball Gold.lnk [2010.02.07 16:56:34 | 000,069,485 | ---- | M] () -- C:\Users\%Username%\Desktop\multimedia GK1__prüfungshilfe.pdf [2010.02.03 00:36:23 | 000,108,982 | ---- | M] () -- C:\Users\%Username%\Desktop\Spicker.pdf [2010.02.02 02:22:19 | 018,499,623 | ---- | M] () -- C:\Users\%Username%\Desktop\vlc-1.0.5-win32.exe [2010.02.01 22:40:40 | 000,506,606 | ---- | M] () -- C:\Users\%Username%\Desktop\Analysis I.docx [2010.01.29 14:44:06 | 000,808,881 | ---- | M] () -- C:\Users\%Username%\Desktop\screenie_HP_1.png [2010.01.25 21:03:38 | 000,027,943 | ---- | M] () -- C:\Users\%Username%\Desktop\test.exe [2010.01.23 18:12:49 | 000,006,406 | ---- | M] () -- C:\Users\%Username%\Desktop\UPN_Projekt.c [2010.01.22 16:35:06 | 000,213,014 | ---- | M] () -- C:\Users\%Username%\Desktop\auto.jpg [2010.01.21 21:32:02 | 000,423,424 | ---- | M] () -- C:\Windows\SysWow64\Folding@home-Win32-x86.exe [2010.01.20 18:28:03 | 000,000,517 | ---- | M] () -- C:\Users\%Username%\AppData\Roaming\WtvWatcher.settings [2010.01.20 17:56:11 | 000,020,710 | ---- | M] () -- C:\Users\%Username%\Desktop\VMFAH.png [2010.01.20 17:03:56 | 000,182,164 | ---- | M] () -- C:\Users\%Username%\Desktop\screenie_HP.png [2010.01.20 15:53:47 | 000,000,941 | ---- | M] () -- C:\Users\%Username%\Desktop\hit70s.pls [2010.01.19 12:16:32 | 000,075,331 | ---- | M] () -- C:\Users\%Username%\Desktop\eBanking Private Edition - Einkommensnachweis.pdf [2010.01.19 10:05:57 | 000,424,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2010.01.19 10:05:57 | 000,422,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2010.01.19 10:05:57 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2010.01.19 10:05:57 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2010.01.19 10:00:44 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2010.01.19 10:00:43 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2010.01.19 10:00:37 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2010.01.19 10:00:37 | 000,306,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2010.01.19 00:29:31 | 000,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2010.01.19 00:29:31 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2010.01.19 00:29:31 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2010.01.19 00:29:30 | 000,369,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2010.01.19 00:28:33 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2010.01.19 00:28:33 | 000,277,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2010.01.19 00:28:30 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2010.01.19 00:28:30 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2010.01.17 23:02:43 | 000,003,584 | ---- | M] () -- C:\Users\%Username%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.17 23:02:28 | 011,642,880 | ---- | M] () -- C:\Users\%Username%\Documents\TV Antenna 34_TV_20100117_230204.mpg ========== Files Created - No Company Name ========== [2010.02.15 16:23:43 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.02.15 15:33:33 | 000,002,097 | ---- | C] () -- C:\Users\%Username%\Desktop\HijackThis.lnk [2010.02.12 23:46:55 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.02.12 23:46:55 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2010.02.12 23:46:55 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2010.02.12 23:46:55 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job [2010.02.12 23:46:55 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2010.02.12 13:30:53 | 000,001,889 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk [2010.02.08 14:28:05 | 000,001,394 | ---- | C] () -- C:\Users\%Username%\Desktop\1NSANE Swissknife.exe.lnk [2010.02.08 13:26:17 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe [2010.02.07 23:24:24 | 000,000,322 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2010.02.07 23:24:19 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\sshnas21.dll [2010.02.07 18:55:07 | 000,002,915 | ---- | C] () -- C:\Users\%Username%\Desktop\Clusterball Gold.lnk [2010.02.07 16:56:33 | 000,069,485 | ---- | C] () -- C:\Users\%Username%\Desktop\multimedia GK1__prüfungshilfe.pdf [2010.02.03 00:32:43 | 000,108,982 | ---- | C] () -- C:\Users\%Username%\Desktop\Spicker.pdf [2010.02.02 02:22:00 | 018,499,623 | ---- | C] () -- C:\Users\%Username%\Desktop\vlc-1.0.5-win32.exe [2010.02.01 22:39:24 | 000,506,606 | ---- | C] () -- C:\Users\%Username%\Desktop\Analysis I.docx [2010.01.29 14:44:02 | 000,808,881 | ---- | C] () -- C:\Users\%Username%\Desktop\screenie_HP_1.png [2010.01.25 21:03:26 | 000,027,943 | ---- | C] () -- C:\Users\%Username%\Desktop\test.exe [2010.01.23 18:12:49 | 000,006,406 | ---- | C] () -- C:\Users\%Username%\Desktop\UPN_Projekt.c [2010.01.22 16:34:30 | 000,213,014 | ---- | C] () -- C:\Users\%Username%\Desktop\auto.jpg [2010.01.21 11:31:05 | 000,005,352 | ---- | C] () -- C:\Users\%Username%\Desktop\Kub_rkoch.java [2010.01.20 17:56:10 | 000,020,710 | ---- | C] () -- C:\Users\%Username%\Desktop\VMFAH.png [2010.01.20 17:03:56 | 000,182,164 | ---- | C] () -- C:\Users\%Username%\Desktop\screenie_HP.png [2010.01.20 15:53:46 | 000,000,941 | ---- | C] () -- C:\Users\%Username%\Desktop\hit70s.pls [2010.01.19 12:16:31 | 000,075,331 | ---- | C] () -- C:\Users\%Username%\Desktop\eBanking Private Edition - Einkommensnachweis.pdf [2010.01.19 12:10:24 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll [2010.01.17 23:02:43 | 000,003,584 | ---- | C] () -- C:\Users\%Username%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.17 23:02:05 | 011,642,880 | ---- | C] () -- C:\Users\%Username%\Documents\TV Antenna 34_TV_20100117_230204.mpg [2010.01.17 20:08:25 | 000,000,517 | ---- | C] () -- C:\Users\%Username%\AppData\Roaming\WtvWatcher.settings [2010.01.17 19:56:38 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.01.17 19:56:25 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax [2010.01.17 19:56:24 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax [2010.01.17 19:56:24 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax [2010.01.17 19:56:24 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax [2010.01.15 14:20:30 | 000,001,267 | ---- | C] () -- C:\Windows\TVP3XDrv.ini [2010.01.06 02:44:21 | 000,007,658 | ---- | C] () -- C:\Users\%Username%\AppData\Local\Resmon.ResmonCfg [2010.01.05 20:11:53 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll [2010.01.05 20:11:53 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll [2010.01.05 18:51:05 | 000,032,345 | ---- | C] () -- C:\Windows\unvpeye.ini [2010.01.05 05:19:19 | 001,380,352 | ---- | C] () -- C:\Windows\SysWow64\mpich2shmp.dll [2010.01.05 05:19:19 | 001,196,032 | ---- | C] () -- C:\Windows\SysWow64\mpich2.dll [2010.01.05 05:19:19 | 001,175,552 | ---- | C] () -- C:\Windows\SysWow64\mpich2shm.dll [2010.01.05 05:19:19 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\mpich2mpi.dll [2010.01.05 03:30:38 | 000,000,246 | ---- | C] () -- C:\Windows\aimpr.ini [2010.01.05 03:06:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.01.05 01:45:22 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.07.23 15:49:06 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdndrs.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.05.14 09:46:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdncaps.dll [2007.10.02 10:51:10 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdncnv4.dll [2002.05.28 02:52:36 | 000,106,496 | ---- | C] () -- C:\Windows\japi.dll [2001.06.24 10:32:44 | 000,172,032 | ---- | C] () -- C:\Windows\japi2.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 < End of report > |
|
15.02.2010, 16:36
| #7 |
| | SLD.EXE Wer oder was ist das? Die Extras.txt: OTL Extras logfile created on: 15.02.2010 16:26:02 - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\%Username%\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 26,29 Gb Free Space | 53,84% Space Free | Partition Type: NTFS Drive D: | 107,89 Gb Total Space | 13,77 Gb Free Space | 12,76% Space Free | Partition Type: NTFS Drive E: | 76,17 Gb Total Space | 3,62 Gb Free Space | 4,75% Space Free | Partition Type: NTFS Drive F: | 71,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded Drive H: | 3,84 Gb Total Space | 0,67 Gb Free Space | 17,53% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: KNATTERKASTEN Current User Name: %Username% Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "AntiSpyWareDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "UacDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4F77F6EE-2C99-49F7-940A-2E9C208C3BE2}" = Paint.NET v3.5.2 "{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}" = Debugging Tools for Windows (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "Lexmark 2600 Series" = Lexmark 2600 Series "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences "{1A7C2340-D1AC-4742-BCFF-1EA6CADFDC8B}" = Microsoft Windows Debugging Symbols "{1F55C9E0-27B1-475D-B4B1-A4A6E1F05552}_is1" = QIP 2005 psYNovA-Edition "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16 "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java(TM) SE Development Kit 6 Update 17 "{49F864F5-1A85-4E69-8764-C7E4EABD8BA0}" = MSI TV@nywhere Pro Utilities "{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}" = Folding@home-gpu "{5410E13A-C394-4C33-835E-597D66E28F56}" = Clusterball Gold "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home "{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86 "{74DAA2E2-A7DB-4CA3-8F99-62EB23BA3377}" = TV@nywhere Pro Teletext "{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E52A993-2C62-4470-9FE0-8F931496A985}" = PC VGA Camer@ "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{A30EE8A6-6B9F-4973-B5ED-2A60B40576E4}_is1" = StudNET Login Client "{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E295268C-8B17-4D66-8DFE-7CE7C346F9F5}" = HFM.NET 0.4.8.121 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10 "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "7-Zip" = 7-Zip 4.65 "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "avast!" = avast! Antivirus "CCleaner" = CCleaner "Clusterball®_is1" = Clusterball® 1.300 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DScaler 4 Test Version_is1" = DScaler 4 Test Version "Elecard XMuxer SRD 1.1.80723 Eval" = Elecard XMuxer SRD Eval "FahMon" = FahMon - Folding@home client monitoring software "Fences" = Fences "Folding@Home Windows SMP Client" = Folding@Home Windows SMP Client "foobar2000" = foobar2000 v0.9.6.3 "Foxit Reader" = Foxit Reader "Free Studio_is1" = Free Studio version 4.2 "HijackThis" = HijackThis 2.0.2 "HyperMediaCenter 3.5_is1" = HyperMediaCenter 3.5 "InstallShield_{8E52A993-2C62-4470-9FE0-8F931496A985}" = PC VGA Camer@ "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7) "MPE" = MyPhoneExplorer "Notepad++" = Notepad++ "Orbit_is1" = Orbit Downloader "oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.7.0 "RocketDock_is1" = RocketDock 1.3.5 "SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009) "TeamViewer 5" = TeamViewer 5 "Totalcmd" = Total Commander (Remove or Repair) "TuneUp Utilities" = TuneUp Utilities "TVP3XDrv" = MSI TV@nywhere Plus BDA Driver "Uninstall_is1" = Uninstall 1.0.0.1 "Unlocker" = Unlocker 1.8.7 "VLC media player" = VLC media player 1.0.5 "VMware_Player" = VMware Player ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Advanced IM Password Recovery" = Advanced IM Password Recovery (remove only) "c410f8b870fca0a8" = WtvWatcher "CodeBlocks" = CodeBlocks ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 23.01.2010 12:26:33 | Computer Name = Knatterkasten | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: C_Projekt_UPN.exe, Version: 0.0.0.0, Zeitstempel: 0x4b5b2334 Name des fehlerhaften Moduls: C_Projekt_UPN.exe, Version: 0.0.0.0, Zeitstempel: 0x4b5b2334 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000019a5 ID des fehlerhaften Prozesses: 0xc2c Startzeit der fehlerhaften Anwendung: 0x01ca9c48d170c62b Pfad der fehlerhaften Anwendung: D:\HTWK\ws09_10\AOP C\C_Projekt_UPN\bin\Debug\C_Projekt_UPN.exe Pfad des fehlerhaften Moduls: D:\HTWK\ws09_10\AOP C\C_Projekt_UPN\bin\Debug\C_Projekt_UPN.exe Berichtskennung: 111ad76e-083c-11df-96e0-000cbf0132ae Error - 23.01.2010 12:49:53 | Computer Name = Knatterkasten | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: C_Projekt_UPN.exe, Version: 0.0.0.0, Zeitstempel: 0x4b5b28a5 Name des fehlerhaften Moduls: C_Projekt_UPN.exe, Version: 0.0.0.0, Zeitstempel: 0x4b5b28a5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001521 ID des fehlerhaften Prozesses: 0x1160 Startzeit der fehlerhaften Anwendung: 0x01ca9c4c1237be84 Pfad der fehlerhaften Anwendung: D:\HTWK\ws09_10\AOP C\C_Projekt_UPN\bin\Debug\C_Projekt_UPN.exe Pfad des fehlerhaften Moduls: D:\HTWK\ws09_10\AOP C\C_Projekt_UPN\bin\Debug\C_Projekt_UPN.exe Berichtskennung: 539319f8-083f-11df-96e0-000cbf0132ae Error - 23.01.2010 12:58:35 | Computer Name = Knatterkasten | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: C_Projekt_UPN.exe, Version: 0.0.0.0, Zeitstempel: 0x4b5b2aad Name des fehlerhaften Moduls: C_Projekt_UPN.exe, Version: 0.0.0.0, Zeitstempel: 0x4b5b2aad Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000193e ID des fehlerhaften Prozesses: 0x131c Startzeit der fehlerhaften Anwendung: 0x01ca9c4d4b0877c0 Pfad der fehlerhaften Anwendung: D:\HTWK\ws09_10\AOP C\C_Projekt_UPN\bin\Debug\C_Projekt_UPN.exe Pfad des fehlerhaften Moduls: D:\HTWK\ws09_10\AOP C\C_Projekt_UPN\bin\Debug\C_Projekt_UPN.exe Berichtskennung: 8ab6dd3f-0840-11df-96e0-000cbf0132ae Error - 26.01.2010 21:29:26 | Computer Name = Knatterkasten | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3642, Zeitstempel: 0x4b302c34 Name des fehlerhaften Moduls: GrabXpcom.dll, Version: 0.0.0.0, Zeitstempel: 0x4b4c1bac Ausnahmecode: 0x80000003 Fehleroffset: 0x000173c3 ID des fehlerhaften Prozesses: 0x980 Startzeit der fehlerhaften Anwendung: 0x01ca9eb2d723f6b2 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll Berichtskennung: 67ad8b2c-0ae3-11df-97e0-005056c00008 Error - 08.02.2010 07:48:34 | Computer Name = Knatterkasten | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 11.02.2010 17:06:30 | Computer Name = Knatterkasten | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3642, Zeitstempel: 0x4b302c34 Name des fehlerhaften Moduls: GrabXpcom.dll, Version: 0.0.0.0, Zeitstempel: 0x4b7278e2 Ausnahmecode: 0x80000003 Fehleroffset: 0x000173c3 ID des fehlerhaften Prozesses: 0x91c Startzeit der fehlerhaften Anwendung: 0x01caab5df5d8ba0e Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll Berichtskennung: 53137754-1751-11df-b67f-000cbf0132ae Error - 13.02.2010 01:21:44 | Computer Name = Knatterkasten | Source = Microsoft-Windows-CAPI2 | ID = 4101 Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 13.02.2010 01:21:44 | Computer Name = Knatterkasten | Source = Microsoft-Windows-CAPI2 | ID = 4101 Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt>. Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 13.02.2010 01:21:44 | Computer Name = Knatterkasten | Source = Microsoft-Windows-CAPI2 | ID = 4101 Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 13.02.2010 01:21:44 | Computer Name = Knatterkasten | Source = Microsoft-Windows-CAPI2 | ID = 4101 Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt>. Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . [ System Events ] Error - 12.02.2010 18:46:17 | Computer Name = Knatterkasten | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdnCATSCustConnectService erreicht. Error - 12.02.2010 18:46:17 | Computer Name = Knatterkasten | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lxdnCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 15.02.2010 10:46:54 | Computer Name = Knatterkasten | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Folding@home-CPU-[1]" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 15.02.2010 10:46:55 | Computer Name = Knatterkasten | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdnCATSCustConnectService erreicht. Error - 15.02.2010 10:46:55 | Computer Name = Knatterkasten | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lxdnCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 15.02.2010 10:59:54 | Computer Name = Knatterkasten | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 15.02.2010 10:59:54 | Computer Name = Knatterkasten | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 15.02.2010 11:04:53 | Computer Name = Knatterkasten | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Folding@home-CPU-[1]" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 15.02.2010 11:04:53 | Computer Name = Knatterkasten | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdnCATSCustConnectService erreicht. Error - 15.02.2010 11:04:53 | Computer Name = Knatterkasten | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lxdnCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > |
|
15.02.2010, 16:47
| #8 |
| | SLD.EXE Wer oder was ist das? Hi, Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Users\%Username%\AppData\Roaming\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_41346D1BD9E98636678C85.exe
C:\Windows\SysWow64\devil.dll
C:\Windows\SysWow64\sshnas21.dll
C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job <- mal reinschauen!
Dein DHCP-Server stimmt so? O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 139.18.25.3 Mal sehen was MAM dazu sagt... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
15.02.2010, 16:57
| #9 |
| | SLD.EXE Wer oder was ist das? Der DHCP stimmt so. MAM sagt: Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3741 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 15.02.2010 16:54:54 mbam-log-2010-02-15 (16-54-54).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|) Durchsuchte Objekte: 252445 Laufzeit: 27 minute(s), 5 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 1 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Windows\System32\system32 (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Windows\System32\system32\PhilipsAnalog_TXT.ax (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\system32\PhilipsDVB_TXT.ax (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. |
|
15.02.2010, 17:05
| #10 |
| | SLD.EXE Wer oder was ist das? Hi, das hier könnte ein Fehlalarm sein: C:\Windows\System32\system32\PhilipsAnalog_TXT.ax C:\Windows\System32\system32\PhilipsDVB_TXT.ax, wenn Du eine TV-Karte hast... Sonst sieht das schon recht gut aus  )...Ein Rootkit wird nicht am Start sein, es gibt (noch) keines für 64 Bit, ist aber nur eine Frage der Zeit... Cureit: http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
15.02.2010, 17:05
| #11 |
| | SLD.EXE Wer oder was ist das? File _41346D1BD9E98636678C85.exe received on 2010.02.15 16:00:15 (UTC) Result: 0/41 (0%) Antivirus Version Last Update Result a-squared 4.5.0.50 2010.02.15 - AhnLab-V3 5.0.0.2 2010.02.15 - AntiVir 7.9.1.170 2010.02.15 - Antiy-AVL 2.0.3.7 2010.02.15 - Authentium 5.2.0.5 2010.02.15 - Avast 4.8.1351.0 2010.02.15 - AVG 9.0.0.730 2010.02.15 - BitDefender 7.2 2010.02.15 - CAT-QuickHeal 10.00 2010.02.15 - ClamAV 0.96.0.0-git 2010.02.15 - Comodo 3945 2010.02.15 - DrWeb 5.0.1.12222 2010.02.15 - eSafe 7.0.17.0 2010.02.15 - eTrust-Vet 35.2.7303 2010.02.15 - F-Prot 4.5.1.85 2010.02.15 - F-Secure 9.0.15370.0 2010.02.15 - Fortinet 4.0.14.0 2010.02.15 - GData 19 2010.02.15 - Ikarus T3.1.1.80.0 2010.02.15 - Jiangmin 13.0.900 2010.02.15 - K7AntiVirus 7.10.972 2010.02.12 - Kaspersky 7.0.0.125 2010.02.15 - McAfee 5892 2010.02.14 - McAfee+Artemis 5892 2010.02.14 - McAfee-GW-Edition 6.8.5 2010.02.15 - Microsoft 1.5406 2010.02.15 - NOD32 4868 2010.02.15 - Norman 6.04.08 2010.02.15 - nProtect 2009.1.8.0 2010.02.15 - Panda 10.0.2.2 2010.02.14 - PCTools 7.0.3.5 2010.02.15 - Prevx 3.0 2010.02.15 - Rising 22.34.01.03 2010.02.11 - Sophos 4.50.0 2010.02.15 - Sunbelt 5678 2010.02.15 - Symantec 20091.2.0.41 2010.02.15 - TheHacker 6.5.1.4.194 2010.02.15 - TrendMicro 9.120.0.1004 2010.02.15 - VBA32 3.12.12.2 2010.02.15 - ViRobot 2010.2.13.2186 2010.02.13 - VirusBuster 5.0.21.0 2010.02.15 - Additional information File size: 98477 bytes MD5...: 394157fb315e5186a3ef07f1c99b364e SHA1..: cf5eeddd7f36cabfde2076dfc1071ca9e7f03841 SHA256: 60bca16b6e1c127bff1850fe5e15d651b18b87588fdf82e635752fd09ce1ff89 ssdeep: 3072:FnOW5rIiSTtrfIkGxyHMHdimlS2IPujcj6:W9Ikx85w28c1 PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - pdfid.: - trid..: MPEG Video (100.0%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned |
|
15.02.2010, 17:09
| #12 |
| | SLD.EXE Wer oder was ist das? File devil.dll received on 2010.02.15 16:06:53 (UTC) Result: 0/40 (0%) Antivirus Version Last Update Result a-squared 4.5.0.50 2010.02.15 - AhnLab-V3 5.0.0.2 2010.02.15 - AntiVir 7.9.1.170 2010.02.15 - Antiy-AVL 2.0.3.7 2010.02.15 - Authentium 5.2.0.5 2010.02.15 - Avast 4.8.1351.0 2010.02.15 - AVG 9.0.0.730 2010.02.15 - BitDefender 7.2 2010.02.15 - CAT-QuickHeal 10.00 2010.02.15 - ClamAV 0.96.0.0-git 2010.02.15 - Comodo 3945 2010.02.15 - DrWeb 5.0.1.12222 2010.02.15 - eSafe 7.0.17.0 2010.02.15 - eTrust-Vet 35.2.7303 2010.02.15 - F-Prot 4.5.1.85 2010.02.15 - F-Secure 9.0.15370.0 2010.02.15 - Fortinet 4.0.14.0 2010.02.15 - GData 19 2010.02.15 - Ikarus T3.1.1.80.0 2010.02.15 - Jiangmin 13.0.900 2010.02.15 - K7AntiVirus 7.10.972 2010.02.12 - Kaspersky 7.0.0.125 2010.02.15 - McAfee 5892 2010.02.14 - McAfee+Artemis 5892 2010.02.14 - McAfee-GW-Edition 6.8.5 2010.02.15 - Microsoft 1.5406 2010.02.15 - NOD32 4868 2010.02.15 - Norman 6.04.08 2010.02.15 - nProtect 2009.1.8.0 2010.02.15 - Panda 10.0.2.2 2010.02.14 - PCTools 7.0.3.5 2010.02.15 - Rising 22.34.01.03 2010.02.11 - Sophos 4.50.0 2010.02.15 - Sunbelt 5678 2010.02.15 - Symantec 20091.2.0.41 2010.02.15 - TheHacker 6.5.1.4.194 2010.02.15 - TrendMicro 9.120.0.1004 2010.02.15 - VBA32 3.12.12.2 2010.02.15 - ViRobot 2010.2.13.2186 2010.02.13 - VirusBuster 5.0.21.0 2010.02.15 - Additional information File size: 719872 bytes MD5...: d27959321703b70120025a9356e89a7d SHA1..: f1252382feb6a31a384a840e41e623b72bb3d000 SHA256: 38aed5589e8da0a3b123e754b0c839818627f4fd178df31b556cbb304caefc28 ssdeep: 12288:WI2QVF9rRtYszwn+nZDNMONWvTY6m7fikJ:WIpF9rRtzwn+nZDNMsXfi PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x7851b timedatestamp.....: 0x4038336a (Sun Feb 22 04:43:22 2004) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x80852 0x80a00 6.69 f711d9f2461c7dbc9ccc0e4b989a8c26 .rdata 0x82000 0x1cc9f 0x1ce00 3.01 ef259c4d5932dc94747e3b08c1e9cff2 .data 0x9f000 0xbfcf0 0xb200 5.54 94430492c09d8b57315901ed71d6fbde .rsrc 0x15f000 0x1888 0x1a00 1.85 b3e5ac232ee91006bddcf121cd9b838f .reloc 0x161000 0x52a0 0x5400 6.01 8d3f2fb04a247d8f0e7ce22d1c176357 ( 3 imports ) > MSVCRT.dll: fgetc, fread, fseek, ftell, fclose, fputc, fwrite, vsprintf, fprintf, _setjmp3, longjmp, strncmp, atoi, _pctype, __mb_cur_max, _isctype, fputs, _vsnprintf, sprintf, strftime, localtime, _tzset, time, strtol, exit, _ftol, fopen, sscanf, getenv, qsort, _CIpow, memcpy, memset, calloc, malloc, fabs, pow, strlen, strcpy, fflush, strtod, floor, realloc, vfprintf, rand, __dllonexit, _onexit, _initterm, _adjust_fdiv, abs, free, strncpy, _iob, memcmp, _fstat, _close, _strnicmp, _stricmp, _read, _write, _lseek, ldexp, frexp, _open, _unlink, _swab, printf > KERNEL32.dll: FatalAppExitA, GetSystemTime > USER32.dll: MessageBoxA ( 119 exports ) _icalloc@8, iBindImageTemp, iConvertImage, iConvertPal, iCopyPal, iGetFlipped, ialloc, ifree, ilActiveImage, ilActiveLayer, ilActiveMipmap, ilApplyPal, ilApplyProfile, ilBindImage, ilBlit, ilClearColour, ilClearImage, ilClearImage_, ilCloneCurImage, ilCloseImage, ilClosePal, ilCompressFunc, ilConvertBuffer, ilConvertImage, ilConvertPal, ilCopyImage, ilCopyImageAttr, ilCopyImage_, ilCopyPixels, ilCreateSubImage, ilDefaultImage, ilDeleteImages, ilDisable, ilEnable, ilFormatFunc, ilGenImages, ilGetAlpha, ilGetBoolean, ilGetBooleanv, ilGetBppFormat, ilGetBppPal, ilGetBppType, ilGetClear, ilGetCurImage, ilGetCurName, ilGetDXTCData, ilGetData, ilGetError, ilGetInteger, ilGetIntegerv, ilGetLumpPos, ilGetPalBaseType, ilGetPalette, ilGetString, ilGetTypeBpc, ilHint, ilInit, ilIsDisabled, ilIsEnabled, ilIsImage, ilIsValid, ilIsValidF, ilIsValidL, ilIsValidPal, ilKeyColour, ilLoad, ilLoadData, ilLoadDataF, ilLoadDataL, ilLoadF, ilLoadFromJpegStruct, ilLoadImage, ilLoadL, ilLoadPal, ilNewImage, ilNextPower2, ilOriginFunc, ilOverlayImage, ilPopAttrib, ilPushAttrib, ilRegisterFormat, ilRegisterLoad, ilRegisterMipNum, ilRegisterNumImages, ilRegisterOrigin, ilRegisterPal, ilRegisterSave, ilRegisterType, ilRemoveLoad, ilRemoveSave, ilReplaceCurImage, ilResetMemory, ilResetRead, ilResetWrite, ilResizeImage, ilSave, ilSaveData, ilSaveF, ilSaveFromJpegStruct, ilSaveImage, ilSaveL, ilSavePal, ilSetCurImage, ilSetData, ilSetDuration, ilSetError, ilSetInteger, ilSetMemory, ilSetPal, ilSetPixels, ilSetRead, ilSetString, ilSetWrite, ilShutDown, ilTexImage, ilTexImage_, ilTexSubImage_, ilTypeFromExt, ilTypeFunc RDS...: NSRL Reference Data Set - pdfid.: - trid..: Windows Screen Saver (39.4%) Win32 Executable Generic (25.6%) Win32 Dynamic Link Library (generic) (22.8%) Generic Win/DOS Executable (6.0%) DOS Executable Generic (6.0%) sigcheck: publisher....: Abysmal Software copyright....: Copyright (c) 2000-2002 product......: Developer_s Image Library (DevIL) description..: DevIL: A portable image library in development original name: DevIL.dll internal name: Developer_s Image Library (DevIL) file version.: 1.6.6 comments.....: DevIL: A portable image library in development signers......: - signing date.: - verified.....: Unsigned |
|
15.02.2010, 17:11
| #13 |
| | SLD.EXE Wer oder was ist das? TV Karte hab ich... C:\Windows\SysWow64\sshnas21.dll existiert nich mehr, da gelöscht... CureIt wird gerade geladen. muss dann in safemode. Bis nachher. EDIT: CureIt hat nix gefunden! Kann ich jetzt erstma die nächste Woche sicher Leben? Werd dann auf jeden Fall ne neuinst machen. Aber bis dahin hab ich keine Zeit, wejen Prüfungen undso. Danke dir aber erstma ganz dolle! Geändert von Knutowskie (15.02.2010 um 17:45 Uhr) |
|
16.02.2010, 07:49
| #14 |
| | SLD.EXE Wer oder was ist das? Hi, wenn Du nicht unbedingt Homebanking betreibst, sollte es bis zum Neuaufsetzten ausreichen  chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu SLD.EXE Wer oder was ist das? |
| ad aware, aware, brauch, community, cookies, direkt, google, home, installiere, installieren, kurze, neu, platte, quelle, remover, tan, tante, tools, virus, win, win7 |
Linear-Darstellung
