| |
| |||||||
Log-Analyse und Auswertung: Laptop plötzlich langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
27.03.2010, 18:15
| #1 |
 |  Laptop plötzlich langsam Hallo, Ich habe seit ca. 2 Monaten mir einen Laptop angeschafft und seit ca. 1 Woche Probleme Spiele zu spielen. Vorher verlief alles reibungslos, jedoch ist das Spielen jetzt nicht mehr möglich. Mein Laptop hat folgende Eigenschaften: CPU: Pent. T4400 Dual Core 2x 2,2ghz VGA: Nvidia Geforce GT 220M, Vram: 1GB Memory: 4GB Display: 17,3 HD+ OS: Windows 7 Premium Bisher habe ich schon einen Spyware,Virus,Malware check durchgeführt, konnte aber nichts finden. Google konnte mir bisher auch nicht weiterhelfen und das schließen von unwichtigen Programmen im Task-Manager behebt das Problem auch nicht. Defragmentierung etc hat auch nicht geholfen. Eine Besonderheit ist mir jedoch aufgefallen. Seitdem mein Laptop so langsam ist, öffnet sich ab und zu von alleine der Internet Explorer, ohne dass ich etwas mache. Nun hab ich mir ein Hijack-log erstellen lassen und hoffe, dass mir jemand bei meinem Problem helfen kann. Der log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:40:21, on 27.03.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\ICQ6.5\ICQ.exe C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\***\Desktop\SoftonicDownloader34177.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = (url) [asus.msn.com] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = (url) [go.microsoft.com] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = (url) [www.crossfire.nu] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = (url) [go.microsoft.com] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = (url) [go.microsoft.com] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = (url) [go.microsoft.com] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = (url) [go.microsoft.com] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [qlnis] "c:\users\deniz\appdata\local\qlnis.exe" qlnis O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Global Startup: SRS Premium Sound.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10493 bytes Falls ich etwas falsch gemacht habe beim erstellen dieses Threads, bitte ich um nachsicht. Ich werde versuchen es dann zu verbessern. lg deniz |
|
29.03.2010, 07:27
| #2 |
  | Laptop plötzlich langsam Hi,
__________________Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter c:\users\deniz\appdata\local\qlnis.exe
Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________ |
|
29.03.2010, 11:27
| #3 |
| | Laptop plötzlich langsam RazZaH
__________________Zieh dir den Antivirus Avast! 4.8 (Kannst Googeln) Runter. Nach dem Download Installier ihn.. Nach der Installation Deaktiviere am Laptop mal deine Internet-Verbindung. Lass Avast! mal alles durch Scannen Die gefundene Malware Löscht du einfach. Ich würde Schätzen aus eigener Erfahrung das du dir einen RAT zugezogen hast. Bestätigen kann ich das nicht. Mit Freundlichen Grüßen Hacki1942.. |
|
29.03.2010, 16:54
| #4 |
| | Laptop plötzlich langsam Ich habe die Onlinedurchsuchung auf VirusTotal durchgeführt und folgendes Ergebnis erhalten: Code:
ATTFilter Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.03.29 -
AntiVir 7.10.5.247 2010.03.29 -
Antiy-AVL 2.0.3.7 2010.03.29 -
Authentium 5.2.0.5 2010.03.29 -
Avast 4.8.1351.0 2010.03.29 -
Avast5 5.0.332.0 2010.03.29 -
AVG 9.0.0.787 2010.03.29 -
BitDefender 7.2 2010.03.29 Gen:Heur.NaviPromo.3
CAT-QuickHeal 10.00 2010.03.29 Win32.Trojan.Hrup.aah.4
ClamAV 0.96.0.0-git 2010.03.29 -
Comodo 4427 2010.03.29 -
DrWeb 5.0.2.03220 2010.03.29 -
eSafe 7.0.17.0 2010.03.28 -
eTrust-Vet 35.2.7394 2010.03.29 -
F-Prot 4.5.1.85 2010.03.29 -
F-Secure 9.0.15370.0 2010.03.29 Gen:Heur.NaviPromo.3
Fortinet 4.0.14.0 2010.03.29 -
GData 19 2010.03.29 Gen:Heur.NaviPromo.3
Ikarus T3.1.1.80.0 2010.03.29 -
Jiangmin 13.0.900 2010.03.29 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.29 -
McAfee 5934 2010.03.28 -
McAfee+Artemis 5934 2010.03.28 -
Microsoft 1.5605 2010.03.29 -
NOD32 4982 2010.03.29 a variant of Win32/Skintrim.GY
Norman 6.04.10 2010.03.29 W32/Skintrim.DVYD
nProtect 2009.1.8.0 2010.03.29 -
Panda 10.0.2.2 2010.03.28 -
PCTools 7.0.3.5 2010.03.29 -
Rising 22.41.00.04 2010.03.29 -
Sophos 4.52.0 2010.03.29 -
Sunbelt 6112 2010.03.29 -
Symantec 20091.2.0.41 2010.03.29 Suspicious.Insight
TheHacker 6.5.2.0.247 2010.03.29 -
TrendMicro 9.120.0.1004 2010.03.29 -
VBA32 3.12.12.2 2010.03.29 -
ViRobot 2010.3.29.2250 2010.03.29 -
VirusBuster 5.0.27.0 2010.03.29 -
weitere Informationen
File size: 356352 bytes
MD5...: ae16a12cfcb0a9b47cad48fc8d4d94b9
SHA1..: 4a4135564396906df34028bcf508253eee4120c2
SHA256: c52471d64fa71c3b0d7bda382ec678e9135d7cf810a798625d6d540d19743cee
ssdeep: 6144:gL6kHBBIDLY9EzEcJPnK6gFj0YYLbDkUobKekXsSeMhfB2vXOI0UInkB8v:
K62TEzEI/MSvDkmuvX9Ij
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1800
timedatestamp.....: 0x44b51f34 (Wed Jul 12 16:11:32 2006)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1290 0x2000 4.35 6d29c5b05ea1f1285156cb8eef76bcbd
.rdata 0x3000 0x2c52 0x3000 6.18 538100318b5a6f5478e71fcc5ade0e17
.data 0x6000 0x4f7b5 0x50000 6.40 bf648252f6cc212fadbfaf5698885b88
.rsrc 0x56000 0xde8 0x1000 2.96 50ad4c1b94892126ee35ab11ead1e6da
( 6 imports )
> KERNEL32.dll: SetFilePointer, TlsFree, MapViewOfFile, CompareStringA, RaiseException, GetCurrentThread, InterlockedCompareExchange, GetCommandLineA, HeapSize, GetCPInfo, GetCommandLineW, LockResource, GetCurrentProcessId, GetEnvironmentStrings, lstrlenW, GlobalAlloc, GlobalUnlock, GetEnvironmentStringsW, FindNextFileW, LCMapStringA, FindResourceW, GlobalFree, lstrlenA, HeapCreate, LCMapStringW, LoadLibraryExW, GetLastError, LeaveCriticalSection, ExitProcess, TlsSetValue, GetFileType, CreateEventA, CreateFileW, GetTimeZoneInformation, GlobalLock, WaitForMultipleObjects, DuplicateHandle, FindNextFileA, ResetEvent, FindFirstFileA, CompareStringW, GetProcessHeap, GetSystemInfo, GetProcAddress, GetWindowsDirectoryA, DeleteFileA, CreateDirectoryA, GetFileSize, GetStartupInfoA, LoadLibraryA, GetVersionExA, VirtualProtect, TlsAlloc, GetTickCount, QueryPerformanceCounter, FreeLibrary, GetVersionExW, LoadLibraryW, SetHandleCount, EnterCriticalSection, HeapFree, WriteConsoleW, InterlockedIncrement, ReadFile, SetEndOfFile, CreateEventW, GetConsoleMode, VirtualQuery, WriteConsoleA, TerminateProcess, SetEnvironmentVariableA, GetSystemDirectoryA, MulDiv, GetCurrentProcess, SetUnhandledExceptionFilter, CreateThread, GetModuleHandleA, GetLocalTime, MultiByteToWideChar, UnhandledExceptionFilter, LoadLibraryExA, lstrcmpiW, GetModuleFileNameA, FlushFileBuffers, HeapAlloc, IsDebuggerPresent, GetModuleFileNameW, GetEnvironmentVariableA, GetSystemTime, SetLastError, FormatMessageA, InterlockedDecrement, FindClose, LoadResource, InitializeCriticalSection, FormatMessageW, LocalFree, SetEvent, SetFileAttributesA, GetStringTypeW, HeapReAlloc, GetSystemTimeAsFileTime, WriteFile, InterlockedExchange, GetStringTypeA, WideCharToMultiByte, GetTempPathA, SetStdHandle, FreeEnvironmentStringsW, SetErrorMode, CreateFileA, LocalAlloc, GetLocaleInfoA, GetCurrentDirectoryA, GetDiskFreeSpaceA, DeleteCriticalSection, FreeEnvironmentStringsA, GetFileAttributesW, HeapDestroy, FindFirstFileW, GetDriveTypeA, WaitForSingleObject, GetFileAttributesA, FileTimeToSystemTime, GetConsoleOutputCP, GetStdHandle, CloseHandle, GetACP, GetModuleHandleW, GetCurrentThreadId, SizeofResource, TlsGetValue, IsValidCodePage, VirtualFree, UnmapViewOfFile, Sleep, IsBadReadPtr, FindResourceA, VirtualAlloc, GetVersion, GetOEMCP
> GDI32.dll: SetBkColor, DeleteObject, GetDeviceCaps, DeleteDC, GetStockObject, SelectObject, CreateSolidBrush, BitBlt
> ole32.dll: CoTaskMemAlloc
> USER32.dll: SetForegroundWindow, GetDesktopWindow, LoadIconA, LoadCursorA, ScreenToClient, GetDlgItem, GetSubMenu, SetWindowLongA, ReleaseCapture, GetWindowRect, GetSystemMetrics, BeginPaint, SetFocus, EndPaint, FillRect, SetTimer, EndDialog, RegisterClassA, IsIconic, TranslateMessage, PeekMessageA, EnableWindow, ShowWindow, DefWindowProcA, UpdateWindow, GetParent, DestroyWindow, GetDC, DispatchMessageA, IsWindow, SetWindowPos, ReleaseDC, PostQuitMessage, MessageBoxA, DialogBoxParamA, GetSysColor, InvalidateRect, SendMessageA, GetWindowLongA, EnableMenuItem, CallWindowProcA, SetCursor, GetClientRect
> OLEAUT32.dll: -, -, -, -, -
> ADVAPI32.dll: RegDeleteKeyA, RegDeleteValueA, RegCreateKeyExA, RegOpenKeyExA, RegCloseKey
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: m_tisser
copyright....: moissonneuses-lieuses
product......: chancelais
description..: cosser
original name: n/a
internal name: n/a
file version.: 1, 1, 3, 1
comments.....: sorda
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3926
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
29.03.2010 17:28:55
mbam-log-2010-03-29 (17-28-55).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 263375
Laufzeit: 1 hour(s), 25 minute(s), 55 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Deniz\Desktop\KrimsKrams\Live-Player_setup.exe (Adware.NaviPromo) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL logfile created on: 29.03.2010 17:32:08 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Deniz\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 28,11 Gb Free Space | 37,72% Space Free | Partition Type: NTFS Drive D: | 208,92 Gb Total Space | 180,73 Gb Free Space | 86,51% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DENIZ-PC Current User Name: Deniz Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Deniz\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Users\Deniz\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe () PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe () PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - D:\Program Files (x86)\Sony Setup\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Deniz\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software GmbH) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH) SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools) SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe () SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab) SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (MSSQL$SONY_MEDIAMGR) -- D:\Program Files (x86)\Sony Setup\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SONY_MEDIAMGR) -- D:\Program Files (x86)\Sony Setup\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools) DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifimp) -- C:\Windows\SysNative\drivers\vwifimp.sys (Microsoft Corporation) DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab) DRV:64bit: - (KLBG) -- C:\Windows\SysNative\drivers\klbg.sys (Kaspersky Lab) DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (DhaHelper) -- C:\Windows\SysWOW64\drivers\dhahelper.sys (MPlayer <hxxp://svn.mplayerhq.hu/mplayer/trunk/vidix/dhahelperwin/>) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\snp2uvc.ini () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 FA DE 88 A5 9B CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [2010.01.18 16:55:13 | 000,000,000 | ---D | M] -- C:\Users\Deniz\AppData\Roaming\mozilla\Firefox\extensions [2010.01.18 16:55:13 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Deniz\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\x64\ievkbd.dll (Kaspersky Lab) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\x64\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, Inc.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.03.29 16:43:54 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Deniz\Desktop\OTL.exe [2010.03.29 15:59:47 | 000,000,000 | ---D | C] -- C:\Users\Deniz\AppData\Roaming\Malwarebytes [2010.03.29 15:59:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.03.29 15:59:38 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.03.29 15:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.03.29 15:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.03.29 15:59:14 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Deniz\Desktop\mbam-setup.exe [2010.03.28 17:49:12 | 000,000,000 | ---D | C] -- C:\Users\Deniz\Desktop\VA-United_Destination_2010__Mixed_By_Dash_Berlin-2CD-2010-hM [2010.03.27 18:43:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\softonic-de3 [2010.03.27 18:40:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010.03.27 18:39:56 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Deniz\Desktop\HJTInstall.2.0.2.exe [2010.03.26 00:39:08 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010.03.26 00:38:45 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010.03.26 00:30:42 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2010.03.26 00:30:42 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2010.03.26 00:30:42 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2010.03.26 00:30:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.03.26 00:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.03.26 00:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2010.03.26 00:28:22 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys [2010.03.26 00:28:22 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys [2010.03.26 00:28:11 | 000,230,904 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys [2010.03.26 00:28:04 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys [2010.03.26 00:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor [2010.03.26 00:27:50 | 000,000,000 | ---D | C] -- C:\Users\Deniz\AppData\Roaming\PC Tools [2010.03.26 00:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010.03.26 00:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2010.03.26 00:25:17 | 036,592,720 | ---- | C] (PC Tools ) -- C:\Users\Deniz\Desktop\sdasetup.exe [2010.03.26 00:20:17 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Users\Deniz\Desktop\Ad-Aware82Installer.exe [2010.03.25 18:20:19 | 000,356,352 | ---- | C] (métisser) -- C:\Users\Deniz\AppData\Local\qlnis.exe [2010.03.25 17:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2010.03.25 17:15:22 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.03.25 17:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.03.25 17:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2010.03.25 17:08:25 | 000,191,504 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2010.03.25 17:07:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.03.25 17:07:09 | 001,154,064 | ---- | C] (Piriform Ltd) -- C:\Users\Deniz\Desktop\ccsetup229_slim.exe [2010.03.22 19:29:33 | 000,000,000 | ---D | C] -- C:\Users\Deniz\Application Data [2010.03.22 19:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\coolpro2 [2010.03.21 17:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows User [2010.03.17 21:04:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ventrilo [2010.03.13 16:24:33 | 000,000,000 | ---D | C] -- C:\Users\Deniz\AppData\Roaming\live-player [2010.03.13 16:24:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Live-Player [2010.03.11 15:47:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ [2010.03.06 02:15:24 | 000,000,000 | ---D | C] -- C:\Users\Deniz\AppData\Local\Microsoft Games [2010.03.06 00:52:04 | 000,000,000 | ---D | C] -- C:\Users\Deniz\Documents\Traktor3 [2010.03.06 00:52:03 | 000,000,000 | ---D | C] -- C:\Users\Deniz\AppData\Local\Native Instruments [2010.03.05 13:20:05 | 000,000,000 | ---D | C] -- C:\Users\Deniz\Documents\Camtasia Studio [2010.03.03 14:26:31 | 000,107,864 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll [2010.03.03 14:26:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime [2010.03.03 14:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2010.03.03 14:25:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared [2010.03.03 14:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith ========== Files - Modified Within 30 Days ========== [2010.03.29 17:35:49 | 002,359,296 | -HS- | M] () -- C:\Users\Deniz\NTUSER.DAT [2010.03.29 16:43:56 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Deniz\Desktop\OTL.exe [2010.03.29 16:43:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.03.29 15:59:43 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.03.29 15:59:22 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Deniz\Desktop\mbam-setup.exe [2010.03.29 14:58:00 | 001,524,346 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.03.29 14:58:00 | 000,661,696 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.03.29 14:58:00 | 000,625,020 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.03.29 14:58:00 | 000,134,078 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.03.29 14:58:00 | 000,111,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.03.29 03:20:43 | 000,105,034 | ---- | M] () -- C:\Users\Deniz\Desktop\alison-college-girl.jpg [2010.03.28 20:22:27 | 000,027,820 | ---- | M] () -- C:\Users\Deniz\Desktop\failer.jpg [2010.03.28 18:04:07 | 000,136,670 | ---- | M] () -- C:\Users\Deniz\Desktop\denizmoritzahls2.jpg [2010.03.28 17:56:00 | 000,082,393 | ---- | M] () -- C:\Users\Deniz\Desktop\denizmoritzahls.jpg [2010.03.27 20:14:04 | 245,972,436 | ---- | M] () -- C:\Users\Deniz\Desktop\VUD2MBDB22h (1).rar [2010.03.27 19:42:01 | 002,157,553 | ---- | M] () -- C:\Users\Deniz\Desktop\alinasdfihnsiufhdsiu.jpg [2010.03.27 18:40:17 | 002,473,480 | ---- | M] () -- C:\Users\Deniz\Desktop\SoftonicToolbar.exe [2010.03.27 18:40:09 | 000,002,095 | ---- | M] () -- C:\Users\Deniz\Desktop\HijackThis.lnk [2010.03.27 18:40:00 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Deniz\Desktop\HJTInstall.2.0.2.exe [2010.03.27 18:39:45 | 000,253,216 | ---- | M] () -- C:\Users\Deniz\Desktop\SoftonicDownloader34177.exe [2010.03.26 21:21:03 | 000,214,816 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.03.26 21:21:03 | 000,214,816 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.03.26 21:18:12 | 000,001,397 | ---- | M] () -- C:\Users\Deniz\AppData\Local\qlnis_navps.dat [2010.03.26 21:17:48 | 000,003,464 | ---- | M] () -- C:\Users\Deniz\AppData\Local\qlnis.dat [2010.03.26 19:24:32 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.03.26 19:24:32 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.03.26 19:17:26 | 000,000,088 | ---- | M] () -- C:\Users\Deniz\AppData\Local\efqictee.bat [2010.03.26 19:17:21 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2010.03.26 19:16:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.03.26 19:16:36 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys [2010.03.26 16:27:12 | 005,294,568 | -H-- | M] () -- C:\Users\Deniz\AppData\Local\IconCache.db [2010.03.26 15:47:48 | 001,538,355 | ---- | M] () -- C:\Users\Deniz\Desktop\1269259657_omg_cat.gif [2010.03.26 05:20:09 | 150,525,990 | ---- | M] () -- C:\Users\Deniz\Desktop\VUD2MBDB22h.rar [2010.03.26 01:52:44 | 000,001,451 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2010.03.26 01:51:03 | 000,143,387 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2010.03.26 01:51:03 | 000,104,987 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2010.03.26 00:38:02 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010.03.26 00:30:16 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.03.26 00:28:24 | 000,002,112 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2010.03.26 00:27:03 | 036,592,720 | ---- | M] (PC Tools ) -- C:\Users\Deniz\Desktop\sdasetup.exe [2010.03.26 00:22:57 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Users\Deniz\Desktop\Ad-Aware82Installer.exe [2010.03.25 19:36:07 | 000,150,465 | ---- | M] () -- C:\Users\Deniz\Desktop\test.mp3 [2010.03.25 18:58:45 | 000,001,824 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2010.03.25 18:30:05 | 014,142,044 | ---- | M] () -- C:\Users\Deniz\Desktop\TuneUp.Utilities.2008.v7.0_by_Kane_RR.rar [2010.03.25 18:20:19 | 000,356,352 | ---- | M] (métisser) -- C:\Users\Deniz\AppData\Local\qlnis.exe [2010.03.25 17:16:43 | 000,044,776 | ---- | M] () -- C:\Users\Deniz\Documents\cc_20100325_161638.reg [2010.03.25 17:09:20 | 011,158,640 | ---- | M] () -- C:\Users\Deniz\Desktop\Bart B More - Now Lay Around (PeaceTreaty Ketchup Remix).mp3 [2010.03.25 17:08:25 | 000,191,504 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2010.03.25 17:07:40 | 000,001,887 | ---- | M] () -- C:\Users\Deniz\Desktop\CCleaner.lnk [2010.03.25 17:07:15 | 001,154,064 | ---- | M] (Piriform Ltd) -- C:\Users\Deniz\Desktop\ccsetup229_slim.exe [2010.03.24 21:48:11 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Live-Player.lnk [2010.03.23 18:53:07 | 120,070,006 | ---- | M] () -- C:\Users\Deniz\Desktop\101-va-united_destination_2010_mixed_by_dash_berlin-cd1.mp3 [2010.03.22 20:47:55 | 002,399,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.03.22 20:16:12 | 000,005,548 | ---- | M] () -- C:\Users\Deniz\Documents\Untitled.ses [2010.03.22 20:16:08 | 000,891,175 | ---- | M] () -- C:\Users\Deniz\Documents\004-r_i_o_-_when_the_sun_comes_down-ministry (2).mp3 [2010.03.22 20:16:06 | 000,575,485 | ---- | M] () -- C:\Users\Deniz\Documents\118-scotty_-_the_black_pearl (2).mp3 [2010.03.22 20:16:05 | 000,349,195 | ---- | M] () -- C:\Users\Deniz\Documents\117-dave_darell_-_freeloader (2).mp3 [2010.03.22 20:16:03 | 000,257,775 | ---- | M] () -- C:\Users\Deniz\Documents\121-michael_mind_-_baker_street (2).mp3 [2010.03.22 20:16:02 | 000,259,566 | ---- | M] () -- C:\Users\Deniz\Documents\204-stromae_-_alors_on_danse (3).mp3 [2010.03.22 20:16:01 | 000,048,449 | ---- | M] () -- C:\Users\Deniz\Documents\D -All Around The World-www.mrtzcmp3.net (2).mp3 [2010.03.22 20:16:00 | 000,017,472 | ---- | M] () -- C:\Users\Deniz\Documents\Dizzee Rascal feat. Armand Van Helden - Bonkers (2).mp3 [2010.03.22 20:15:59 | 001,282,368 | ---- | M] () -- C:\Users\Deniz\Documents\Dizzee Rascal feat. Armand Van Helden - Bonkers (3).mp3 [2010.03.22 20:15:57 | 000,371,136 | ---- | M] () -- C:\Users\Deniz\Documents\Dizzee Rascal feat. Armand Van Helden - Bonkers (4).mp3 [2010.03.22 20:15:56 | 000,184,512 | ---- | M] () -- C:\Users\Deniz\Documents\Fedde Le Grande - Put Your Hands Up For Detroit_NEW (2).mp3 [2010.03.22 20:15:55 | 000,987,456 | ---- | M] () -- C:\Users\Deniz\Documents\Fedde Le Grande - Put Your Hands Up For Detroit_NEW (3).mp3 [2010.03.22 20:15:53 | 001,640,064 | ---- | M] () -- C:\Users\Deniz\Documents\Frauenarzt und Manny Marc - Das Geht Ab Electro Mix (2).mp3 [2010.03.22 20:15:53 | 000,033,024 | ---- | M] () -- C:\Users\Deniz\Documents\Fedde Le Grande - Put Your Hands Up For Detroit_NEW (4).mp3 [2010.03.22 20:15:51 | 000,178,591 | ---- | M] () -- C:\Users\Deniz\Documents\Kid Cudi - Day 'N' Nite (Crookers Remix)_NEW (2).mp3 [2010.03.22 20:15:50 | 001,433,695 | ---- | M] () -- C:\Users\Deniz\Documents\Kid Cudi - Day 'N' Nite (Crookers Remix)_NEW (3).mp3 [2010.03.22 20:15:48 | 000,182,208 | ---- | M] () -- C:\Users\Deniz\Documents\Robin S vs Steve Angello Laidback Luke Show Me Love Be_NEW (2).mp3 [2010.03.22 20:15:47 | 001,067,520 | ---- | M] () -- C:\Users\Deniz\Documents\Robin S vs Steve Angello Laidback Luke Show Me Love Be_NEW (3).mp3 [2010.03.22 20:15:45 | 000,091,828 | ---- | M] () -- C:\Users\Deniz\Documents\003-david_guetta_ft_akon_-_sexy_bitch-ministry (2).mp3 [2010.03.22 20:15:44 | 000,419,717 | ---- | M] () -- C:\Users\Deniz\Documents\003-david_guetta_ft_akon_-_sexy_bitch-ministry (3).mp3 [2010.03.22 20:15:42 | 000,035,274 | ---- | M] () -- C:\Users\Deniz\Documents\204-stromae_-_alors_on_danse (2).mp3 [2010.03.22 19:29:37 | 000,000,417 | ---- | M] () -- C:\Windows\win.ini [2010.03.22 19:29:37 | 000,000,247 | ---- | M] () -- C:\Windows\system.ini [2010.03.22 19:29:29 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Cool Edit Pro 2.0.lnk [2010.03.21 23:24:11 | 000,128,832 | ---- | M] () -- C:\Users\Deniz\AppData\Local\GDIPFONTCACHEV1.DAT [2010.03.21 16:26:37 | 000,268,213 | ---- | M] () -- C:\Users\Deniz\AppData\Local\qlnis_nav.dat [2010.03.19 20:27:00 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.03.17 21:04:15 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk [2010.03.17 21:04:15 | 000,000,268 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.03.11 15:47:32 | 000,001,051 | ---- | M] () -- C:\Users\Deniz\Desktop\Virtual DJ.lnk [2010.03.10 12:36:40 | 000,230,904 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys [2010.03.05 13:52:52 | 000,004,608 | ---- | M] () -- C:\Users\Deniz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.03 14:26:15 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 6.lnk ========== Files Created - No Company Name ========== [2010.03.29 15:59:43 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.03.29 03:20:43 | 000,105,034 | ---- | C] () -- C:\Users\Deniz\Desktop\alison-college-girl.jpg [2010.03.28 20:22:27 | 000,027,820 | ---- | C] () -- C:\Users\Deniz\Desktop\failer.jpg [2010.03.28 18:04:05 | 000,136,670 | ---- | C] () -- C:\Users\Deniz\Desktop\denizmoritzahls2.jpg [2010.03.28 17:56:00 | 000,082,393 | ---- | C] () -- C:\Users\Deniz\Desktop\denizmoritzahls.jpg [2010.03.28 13:43:59 | 001,388,957 | ---- | C] () -- C:\Users\Deniz\Desktop\DSC03992.JPG [2010.03.27 19:41:56 | 002,157,553 | ---- | C] () -- C:\Users\Deniz\Desktop\alinasdfihnsiufhdsiu.jpg [2010.03.27 18:54:56 | 120,070,006 | ---- | C] () -- C:\Users\Deniz\Desktop\101-va-united_destination_2010_mixed_by_dash_berlin-cd1.mp3 [2010.03.27 18:53:54 | 245,972,436 | ---- | C] () -- C:\Users\Deniz\Desktop\VUD2MBDB22h (1).rar [2010.03.27 18:40:09 | 000,002,095 | ---- | C] () -- C:\Users\Deniz\Desktop\HijackThis.lnk [2010.03.27 18:39:56 | 002,473,480 | ---- | C] () -- C:\Users\Deniz\Desktop\SoftonicToolbar.exe [2010.03.27 18:39:43 | 000,253,216 | ---- | C] () -- C:\Users\Deniz\Desktop\SoftonicDownloader34177.exe [2010.03.26 15:47:48 | 001,538,355 | ---- | C] () -- C:\Users\Deniz\Desktop\1269259657_omg_cat.gif [2010.03.26 04:30:58 | 150,525,990 | ---- | C] () -- C:\Users\Deniz\Desktop\VUD2MBDB22h.rar [2010.03.26 00:30:43 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010.03.26 00:30:42 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip [2010.03.26 00:30:42 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2010.03.26 00:30:42 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2010.03.26 00:30:42 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2010.03.26 00:30:16 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.03.26 00:28:22 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat [2010.03.26 00:28:11 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat [2010.03.26 00:28:07 | 000,002,112 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2010.03.26 00:28:04 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat [2010.03.25 19:34:47 | 000,150,465 | ---- | C] () -- C:\Users\Deniz\Desktop\test.mp3 [2010.03.25 18:28:15 | 014,142,044 | ---- | C] () -- C:\Users\Deniz\Desktop\TuneUp.Utilities.2008.v7.0_by_Kane_RR.rar [2010.03.25 18:20:19 | 000,268,213 | ---- | C] () -- C:\Users\Deniz\AppData\Local\qlnis_nav.dat [2010.03.25 18:20:19 | 000,003,464 | ---- | C] () -- C:\Users\Deniz\AppData\Local\qlnis.dat [2010.03.25 18:20:19 | 000,001,397 | ---- | C] () -- C:\Users\Deniz\AppData\Local\qlnis_navps.dat [2010.03.25 17:16:41 | 000,044,776 | ---- | C] () -- C:\Users\Deniz\Documents\cc_20100325_161638.reg [2010.03.25 17:09:47 | 000,143,387 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2010.03.25 17:09:47 | 000,104,987 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2010.03.25 17:07:40 | 000,001,887 | ---- | C] () -- C:\Users\Deniz\Desktop\CCleaner.lnk [2010.03.25 17:05:42 | 011,158,640 | ---- | C] () -- C:\Users\Deniz\Desktop\Bart B More - Now Lay Around (PeaceTreaty Ketchup Remix).mp3 [2010.03.24 21:48:11 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Live-Player.lnk [2010.03.22 20:16:12 | 000,005,548 | ---- | C] () -- C:\Users\Deniz\Documents\Untitled.ses [2010.03.22 20:16:07 | 000,891,175 | ---- | C] () -- C:\Users\Deniz\Documents\004-r_i_o_-_when_the_sun_comes_down-ministry (2).mp3 [2010.03.22 20:16:05 | 000,575,485 | ---- | C] () -- C:\Users\Deniz\Documents\118-scotty_-_the_black_pearl (2).mp3 [2010.03.22 20:16:04 | 000,349,195 | ---- | C] () -- C:\Users\Deniz\Documents\117-dave_darell_-_freeloader (2).mp3 [2010.03.22 20:16:03 | 000,257,775 | ---- | C] () -- C:\Users\Deniz\Documents\121-michael_mind_-_baker_street (2).mp3 [2010.03.22 20:16:01 | 000,259,566 | ---- | C] () -- C:\Users\Deniz\Documents\204-stromae_-_alors_on_danse (3).mp3 [2010.03.22 20:16:01 | 000,048,449 | ---- | C] () -- C:\Users\Deniz\Documents\D -All Around The World-www.mrtzcmp3.net (2).mp3 [2010.03.22 20:16:00 | 000,017,472 | ---- | C] () -- C:\Users\Deniz\Documents\Dizzee Rascal feat. Armand Van Helden - Bonkers (2).mp3 [2010.03.22 20:15:57 | 001,282,368 | ---- | C] () -- C:\Users\Deniz\Documents\Dizzee Rascal feat. Armand Van Helden - Bonkers (3).mp3 [2010.03.22 20:15:56 | 000,371,136 | ---- | C] () -- C:\Users\Deniz\Documents\Dizzee Rascal feat. Armand Van Helden - Bonkers (4).mp3 [2010.03.22 20:15:55 | 000,184,512 | ---- | C] () -- C:\Users\Deniz\Documents\Fedde Le Grande - Put Your Hands Up For Detroit_NEW (2).mp3 [2010.03.22 20:15:54 | 000,987,456 | ---- | C] () -- C:\Users\Deniz\Documents\Fedde Le Grande - Put Your Hands Up For Detroit_NEW (3).mp3 [2010.03.22 20:15:53 | 000,033,024 | ---- | C] () -- C:\Users\Deniz\Documents\Fedde Le Grande - Put Your Hands Up For Detroit_NEW (4).mp3 [2010.03.22 20:15:51 | 001,640,064 | ---- | C] () -- C:\Users\Deniz\Documents\Frauenarzt und Manny Marc - Das Geht Ab Electro Mix (2).mp3 [2010.03.22 20:15:50 | 000,178,591 | ---- | C] () -- C:\Users\Deniz\Documents\Kid Cudi - Day 'N' Nite (Crookers Remix)_NEW (2).mp3 [2010.03.22 20:15:48 | 001,433,695 | ---- | C] () -- C:\Users\Deniz\Documents\Kid Cudi - Day 'N' Nite (Crookers Remix)_NEW (3).mp3 [2010.03.22 20:15:47 | 000,182,208 | ---- | C] () -- C:\Users\Deniz\Documents\Robin S vs Steve Angello Laidback Luke Show Me Love Be_NEW (2).mp3 [2010.03.22 20:15:46 | 001,067,520 | ---- | C] () -- C:\Users\Deniz\Documents\Robin S vs Steve Angello Laidback Luke Show Me Love Be_NEW (3).mp3 [2010.03.22 20:15:45 | 000,091,828 | ---- | C] () -- C:\Users\Deniz\Documents\003-david_guetta_ft_akon_-_sexy_bitch-ministry (2).mp3 [2010.03.22 20:15:44 | 000,419,717 | ---- | C] () -- C:\Users\Deniz\Documents\003-david_guetta_ft_akon_-_sexy_bitch-ministry (3).mp3 [2010.03.22 20:15:38 | 000,035,274 | ---- | C] () -- C:\Users\Deniz\Documents\204-stromae_-_alors_on_danse (2).mp3 [2010.03.22 19:29:29 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Cool Edit Pro 2.0.lnk [2010.03.17 21:04:15 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk [2010.03.17 21:04:11 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.03.13 16:24:15 | 000,000,088 | ---- | C] () -- C:\Users\Deniz\AppData\Local\efqictee.bat [2010.03.11 15:47:32 | 000,001,051 | ---- | C] () -- C:\Users\Deniz\Desktop\Virtual DJ.lnk [2010.03.05 13:21:31 | 000,004,608 | ---- | C] () -- C:\Users\Deniz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.03 14:26:15 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 6.lnk [2010.02.11 05:16:10 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2010.02.03 19:51:48 | 000,007,605 | ---- | C] () -- C:\Users\Deniz\AppData\Local\Resmon.ResmonCfg [2010.02.02 16:12:27 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.02.02 16:06:16 | 007,122,826 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.01.16 19:14:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.13 19:42:14 | 000,676,224 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL [2009.12.16 10:36:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll [2009.12.16 10:20:10 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009.12.16 10:15:08 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2009.12.16 10:14:46 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2009.08.19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini [2009.07.29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest [2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest [2008.11.21 23:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll [2006.05.19 05:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8 < End of report > |
|
29.03.2010, 16:56
| #5 |
| | Laptop plötzlich langsam logfile Nr 2: Code:
ATTFilter OTL Extras logfile created on: 29.03.2010 17:32:08 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Deniz\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,52 Gb Total Space | 28,11 Gb Free Space | 37,72% Space Free | Partition Type: NTFS
Drive D: | 208,92 Gb Total Space | 180,73 Gb Free Space | 86,51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DENIZ-PC
Current User Name: Deniz
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Deniz\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"Asus WebStorage" = Asus WebStorage
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1AC38EA5-454C-4443-834F-6B34106581E1}" = Sony DVD Architect 4.0
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{331C520E-D8C3-4AB9-ADF7-A666A3561922}" = Alcor Micro USB Card Reader
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C3496DF-CC4C-4CDE-87A1-8657619EE2D6}_is1" = Game Park Console
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110304260}" = Island Wars 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116864777}" = Piggly
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96965E6C-41DB-4E0A-BC65-D92381D51D2A}" = Sony Vegas 7.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9E129BC-27D3-436E-BAAC-4CE81E0962F1}" = Sony Media Manager 2.2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS_Screensaver" = ASUS_Screensaver
"AVMWLANCLI" = AVM FRITZ!WLAN
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"Cool Video Converter" = Cool Video Converter
"efqictee" = Favorit
"ET Updater 2.60b_is1" = ET Updater 2.60b
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{331C520E-D8C3-4AB9-ADF7-A666A3561922}" = Alcor Micro USB Card Reader
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Spyware Doctor" = Spyware Doctor 7.0
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TiLP2_is1" = TiLP2 1.13
"TmNationsForever_is1" = TmNationsForever
"Tunatic" = Tunatic
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.03.2010 08:23:56 | Computer Name = Deniz-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Setup.exe_XLKFmIqMbfOz, Version:
1.0.0.0, Zeitstempel: 0x4780eaf3 Name des fehlerhaften Moduls: Setup.exe, Version:
1.0.0.0, Zeitstempel: 0x4780eaf3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001000
ID
des fehlerhaften Prozesses: 0x1e10 Startzeit der fehlerhaften Anwendung: 0x01cabacc6475c940
Pfad
der fehlerhaften Anwendung: C:\Users\Deniz\AppData\Local\Temp\Rar$EX00.861\Camtasia
Studio 6.0.2 German\Setup.exe Pfad des fehlerhaften Moduls: C:\Users\Deniz\AppData\Local\Temp\Rar$EX00.861\Camtasia
Studio 6.0.2 German\Setup.exe Berichtskennung: a2871900-26bf-11df-a8be-e0cb4e3b58c8
Error - 04.03.2010 13:14:38 | Computer Name = Deniz-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 04.03.2010 13:15:21 | Computer Name = Deniz-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\sepsearchhelperie.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 08.03.2010 16:02:07 | Computer Name = Deniz-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ.exe, Version: 6.5.0.2024, Zeitstempel:
0x4b010ef1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00740078 ID des fehlerhaften Prozesses:
0x1300 Startzeit der fehlerhaften Anwendung: 0x01cabee26d779400 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\ICQ6.5\ICQ.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
78e382a0-2aed-11df-bfd9-e0cb4e3b58c8
Error - 10.03.2010 19:02:45 | Computer Name = Deniz-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7600.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: a34 Startzeit: 01cac04b9fc02390 Endzeit: 129 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: 058bb6a9-2c99-11df-887b-e0cb4e3b58c8
Error - 10.03.2010 19:41:59 | Computer Name = Deniz-PC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1b24 Startzeit:
01cac0a5cd8137d8 Endzeit: 16 Anwendungspfad: C:\Users\Deniz\AppData\Local\Google\Chrome\Application\chrome.exe
Berichts-ID:
826ff739-2c9e-11df-887b-e0cb4e3b58c8
Error - 13.03.2010 10:25:35 | Computer Name = Deniz-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ.exe, Version: 6.5.0.2024, Zeitstempel:
0x4b010ef1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00740078 ID des fehlerhaften Prozesses:
0xc78 Startzeit der fehlerhaften Anwendung: 0x01cac2b57ebfda20 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\ICQ6.5\ICQ.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
494a2220-2eac-11df-9911-e0cb4e3b58c8
Error - 15.03.2010 10:41:39 | Computer Name = Deniz-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 15.03.2010 10:42:25 | Computer Name = Deniz-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\sepsearchhelperie.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 16.03.2010 16:08:54 | Computer Name = Deniz-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 0.0.0.0, Zeitstempel:
0x4b1ff63f Name des fehlerhaften Moduls: NPSWF32.dll, Version: 10.0.32.18, Zeitstempel:
0x4a613f8d Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b0600 ID des fehlerhaften Prozesses:
0x5dc Startzeit der fehlerhaften Anwendung: 0x01cac53f43198188 Pfad der fehlerhaften
Anwendung: C:\Users\Deniz\AppData\Local\Google\Chrome\Application\chrome.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32.dll Berichtskennung:
bedbb7c8-3137-11df-a109-e0cb4e3b58c8
[ Media Center Events ]
Error - 06.03.2010 16:29:14 | Computer Name = Deniz-PC | Source = MCUpdate | ID = 0
Description = 21:29:05 - Fehler beim Herstellen der Internetverbindung. 21:29:05
- Serververbindung konnte nicht hergestellt werden..
Error - 06.03.2010 20:51:04 | Computer Name = Deniz-PC | Source = MCUpdate | ID = 0
Description = 01:50:55 - Fehler beim Herstellen der Internetverbindung. 01:50:55
- Serververbindung konnte nicht hergestellt werden..
Error - 06.03.2010 23:35:01 | Computer Name = Deniz-PC | Source = MCUpdate | ID = 0
Description = 04:34:53 - Fehler beim Herstellen der Internetverbindung. 04:34:53
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 24.03.2010 16:13:07 | Computer Name = Deniz-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 24.03.2010 19:19:58 | Computer Name = Deniz-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\dhahelper.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 24.03.2010 19:20:20 | Computer Name = Deniz-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
%%127
Error - 24.03.2010 19:20:29 | Computer Name = Deniz-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
DhaHelper
Error - 25.03.2010 11:08:37 | Computer Name = Deniz-PC | Source = Application Popup | ID = 875
Description = Treiber klif.sys konnte nicht geladen werden.
Error - 25.03.2010 11:08:37 | Computer Name = Deniz-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Kaspersky Lab Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1275
Error - 25.03.2010 11:18:54 | Computer Name = Deniz-PC | Source = Application Popup | ID = 875
Description = Treiber klif.sys konnte nicht geladen werden.
Error - 25.03.2010 11:18:55 | Computer Name = Deniz-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\dhahelper.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 25.03.2010 11:19:19 | Computer Name = Deniz-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
%%127
Error - 25.03.2010 11:19:33 | Computer Name = Deniz-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
DhaHelper KLIF
< End of report >
Geändert von RazZaH (29.03.2010 um 17:01 Uhr) |
|
30.03.2010, 07:16
| #6 |
| | Laptop plötzlich langsam Hi, Du hast ICQ 6.5 und 7 drauf...? 6.5 entfernen! Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Program Files (x86)\ICQ6.5\ICQ.exe
c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
Jede Menge Toolbars, die nicht gerade den besten Ruf haben....
Code:
ATTFilter :OTL
[2010.03.25 18:20:19 | 000,356,352 | ---- | C] (métisser) -- C:\Users\Deniz\AppData\Local\qlnis.exe
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
[2010.01.18 16:55:13 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Deniz\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = dword:0x00
:Commands
[emptytemp]
[Reboot]
Cureit: http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris
__________________ --> Laptop plötzlich langsam |
|
30.03.2010, 16:36
| #7 |
| | Laptop plötzlich langsam Virustotal : Code:
ATTFilter Datei ICQ.exe empfangen 2010.03.26 19:46:02 (UTC)
Status: Beendet
Ergebnis: 0/42 (0.00%)
Filter
Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.03.26 -
AhnLab-V3 5.0.0.2 2010.03.26 -
AntiVir 7.10.5.241 2010.03.26 -
Antiy-AVL 2.0.3.7 2010.03.26 -
Authentium 5.2.0.5 2010.03.26 -
Avast 4.8.1351.0 2010.03.26 -
Avast5 5.0.332.0 2010.03.26 -
AVG 9.0.0.787 2010.03.26 -
BitDefender 7.2 2010.03.26 -
CAT-QuickHeal 10.00 2010.03.26 -
ClamAV 0.96.0.0-git 2010.03.26 -
Comodo 4394 2010.03.26 -
DrWeb 5.0.1.12222 2010.03.26 -
eSafe 7.0.17.0 2010.03.25 -
eTrust-Vet 35.2.7390 2010.03.26 -
F-Prot 4.5.1.85 2010.03.26 -
F-Secure 9.0.15370.0 2010.03.26 -
Fortinet 4.0.14.0 2010.03.26 -
GData 19 2010.03.26 -
Ikarus T3.1.1.80.0 2010.03.26 -
Jiangmin 13.0.900 2010.03.26 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.26 -
McAfee 5932 2010.03.26 -
McAfee+Artemis 5932 2010.03.26 -
McAfee-GW-Edition 6.8.5 2010.03.26 -
Microsoft 1.5605 2010.03.26 -
NOD32 4978 2010.03.26 -
Norman 6.04.10 2010.03.26 -
nProtect 2009.1.8.0 2010.03.26 -
Panda 10.0.2.2 2010.03.26 -
PCTools 7.0.3.5 2010.03.26 -
Prevx 3.0 2010.03.26 -
Rising 22.40.04.04 2010.03.26 -
Sophos 4.52.0 2010.03.26 -
Sunbelt 6100 2010.03.26 -
Symantec 20091.2.0.41 2010.03.26 -
TheHacker 6.5.2.0.245 2010.03.26 -
TrendMicro 9.120.0.1004 2010.03.26 -
VBA32 3.12.12.2 2010.03.25 -
ViRobot 2010.3.26.2246 2010.03.26 -
VirusBuster 5.0.27.0 2010.03.26 -
weitere Informationen
File size: 172792 bytes
MD5 : 2eed49941f8e8d35f0d50bdc83206293
SHA1 : 6bfabf6e10f8a9a94e6c075ba8bdf071b5cdf88d
SHA256: e67e43c104e901b7e066709b008344452728f6a717dab8b3b7bb23c6a9d91db6
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1005F
timedatestamp.....: 0x4B010EF1 (Mon Nov 16 09:36:01 2009)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x116AA 0x11800 6.38 7b988f7aa6993025ebb5130a4c5ed5fc
.rdata 0x13000 0x6A00 0x6A00 5.45 458d0c8ebe6c17a034cf0cd61dee75e2
.data 0x1A000 0x1F80 0x1C00 1.33 50ce8db15139c43aba0aa02ad51fffab
.rsrc 0x1C000 0xEAF8 0xEC00 5.93 c2ad7af196449774de95581321ce86c4
( 14 imports )
> advapi32.dll: FreeSid, RegQueryValueExA, RegOpenKeyA, RegQueryValueExW, RegOpenKeyW, RegCloseKey
> kernel32.dll: LoadResource, FindResourceW, FindResourceExW, FlushInstructionCache, GetCurrentProcess, HeapFree, GetProcessHeap, HeapAlloc, LockResource, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExW, LocalFree, TerminateProcess, SizeofResource, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetCurrentThreadId, RaiseException, GetSystemTimeAsFileTime, GetTickCount, QueryPerformanceCounter, GetStartupInfoW, ExitProcess, LoadLibraryExW, GetCurrentProcessId, CreateEventW, GetModuleFileNameW, GetLongPathNameW, VirtualQuery, GetPrivateProfileStringW, HeapSize, HeapReAlloc, HeapDestroy, GetVersionExA, GetSystemDirectoryW, LoadLibraryW, FreeLibrary, GetVersion, GetProcAddress, SetLastError, CreateMutexW, LocalAlloc, GetModuleHandleW, WaitForSingleObject, ReleaseMutex, CloseHandle, GetModuleHandleA, lstrcmpA, lstrlenA, OpenMutexW, GetLastError
> mcorelib.dll: _IsUpdateEnabled@MNAppUtils@@YA_NXZ, _GetApp@MNAppUtils@@YAPAUMIDApp@@XZ
> mkernel.dll: _CreateInstance@MNCS@@YGJABU_GUID@@0PAPAX@Z, _GetPropertyHostName@MNPropertySet@@YGJPAUIUnknown@@PAPAG@Z, _Uninitialize@MNCS@@YGJXZ, _Initialize@MNCS@@YGJXZ
> msvcp71.dll: __Nomemory@std@@YAXXZ
> msvcr71.dll: _cexit, _XcptFilter, _exit, _c_exit, _terminate@@YAXXZ, __security_error_handler, __1type_info@@UAE@XZ, _onexit, __dllonexit, qsort, strcmp, _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __wgetmainargs, _amsg_exit, _wcmdln, _except_handler3, free, __CxxFrameHandler, _CxxThrowException, wcslen, memmove, realloc, __3@YAXPAX@Z, wcsncmp, wcscmp, _vscwprintf, vswprintf, _wtol, _wtoi, setlocale, _itow, _purecall, memset, malloc, _callnewh, wcsftime, _snwprintf, exit
> muicorelib.dll: _GetUpdaterPathAndCmdLine@MNUIHelpers@@YAJAAV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@0@Z, _GetUpdateDownloadFolder@MNUIHelpers@@YA_AV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PBG@Z, _GetAppObject@MNUIHelpers@@YAPAUMIDApp@@XZ, _CreateCommandAndExecute@MNUIHelpers@@YAJABV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PAUIUnknown@@1@Z, _DialogManagerFindDialog@MNUIHelpers@@YAJPAUIUnknown@@0ABV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@1AAV_$CComPtr@UMIUIDialog@@@4@@Z, __1MCApplicationEnvironment@@QAE@XZ, _GetLocale@MCApplicationEnvironment@@QAE_AV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ, __0MCApplicationEnvironment@@QAE@XZ, _SetLocale@MCApplicationEnvironment@@QAEJV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@@Z, _CreateEnvironment@MCApplicationEnvironment@@QAEJABV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@AAV_$EEPtr@VEEObject@@@@@Z, _GetBoxelyShell@MNUIHelpers@@YAJAAVMCShell@MNBoxely@@@Z, _RestartApplication@MNUIHelpers@@YAJW4MELoginMode@@_N@Z
> muiutils.dll: _Initialize@MNShellGlobals@@YAJV_$EEPtr@VEEObject@@@@@Z, __0MCDTDParser@@QAE@XZ, _GetDTDPath@MCDTDParser@@QAE_AV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@V23@ABV23@1PAV23@@Z, _LoadDtdStringsMap@MCDTDParser@@QAEJABV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PAPAV_$map@V_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@V12@U_$less@V_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@@std@@V_$allocator@U_$pair@$$CBV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@V12@@std@@@4@@std@@@Z, __1MCDTDParser@@QAE@XZ, _Uninitialize@MNShellGlobals@@YAJXZ, __0MCCommandLineParser@@QAE@XZ, _ParseCommandLine@MCCommandLineParser@@QAEJABV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@@Z, __1MCCommandLineParser@@UAE@XZ, _GetValue@MCCommandLineParser@@QAE_NABV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PAV23@@Z
> mutils.dll: _FileExists@MCFile@@SA_NPBG@Z, _AppendFileNameToSpec@MCFile@@SA_AV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PBG0@Z, _RunProgram@MNRunUtils@@YAJPBG0@Z, __1MCRegKey@@UAE@XZ, _Read@MCRegKey@@QAEJPBGAAV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@@Z, _Open@MCRegKey@@QAEJPAUHKEY__@@PBGK@Z, __0MCRegKey@@QAE@XZ, __1MCModuleVersion@@UAE@XZ, _GetFileVersionInfoW@MCModuleVersion@@QAEHPBG@Z, __0MCModuleVersion@@QAE@XZ, _GetModulePath@MCFile@@SA_NPAUHINSTANCE__@@AAV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@@Z, _CopyFile2TempDir@MCFile@@SAJPBGAAV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@0@Z
> ole32.dll: StringFromCLSID, CoInitialize, CoUninitialize, CoTaskMemFree
> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -
> shlwapi.dll: PathAppendW
> user32.dll: UnregisterClassW, SetWindowLongW, GetClassInfoExW, wsprintfW, LoadCursorW, DefWindowProcW, PeekMessageW, TranslateMessage, DispatchMessageW, WaitMessage, MessageBoxW, PostQuitMessage, DestroyWindow, CreateWindowExW, RegisterClassExW, CallWindowProcW, SendMessageW, AllowSetForegroundWindow, IsWindow, FindWindowW, GetWindowLongW
> xprt6.dll: _XprtUninitialize@0, _XprtInitialize@8, _XprtMemFree@4, _Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z, _Attach@TBstr@XPRT@@QAEXPAG@Z, __0TBstr@XPRT@@QAE@XZ, _Detach@TBstr@XPRT@@QAEPAGXZ, __0TBstr@XPRT@@QAE@PBG@Z, __1TBstr@XPRT@@QAE@XZ, _GetString@TBstr@XPRT@@QBEPBGXZ, _Assign@TBstr@XPRT@@QAEAAV12@PBG@Z, __0TBstr@XPRT@@QAE@PBDPBG@Z, kSystemEncoding, _XprtMemAlloc@4, _XprtGetSystemInfo@0, xprt_strlcpy, __0TBstr@XPRT@@QAE@ABV01@@Z, _XprtAtomicIncrement@4, _GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z, _Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z, xprt_strcmp, _Compare@TBstr@XPRT@@QBEHPBG@Z, _IsEmpty@TBstr@XPRT@@QBE_NXZ, xprt_memmove, xprt_memset, _XprtAtomicDecrement@4, _Mid@TBstr@XPRT@@QBE_AV12@H@Z, _Mid@TBstr@XPRT@@QBE_AV12@HH@Z, _Find@TBstr@XPRT@@QBEHGH@Z, __1TPtrFromPtrMap@XPRT@@QAE@XZ, _GetAt@TBstr@XPRT@@QBEGH@Z, _Append@TBstr@XPRT@@QAEAAV12@ABV12@@Z, _Left@TBstr@XPRT@@QBE_AV12@H@Z, _Empty@TBstr@XPRT@@QAEXXZ, _AppendFileNameToSpec@TFile@XPRT@@SA_AVTBstr@2@PBG0@Z, _DirSpecFromFullSpec@TFile@XPRT@@SA_AVTBstr@2@PBG@Z, __0TBstr@XPRT@@QAE@GH@Z, _TrimRight@TBstr@XPRT@@QAEAAV12@XZ, _TrimLeft@TBstr@XPRT@@QAEAAV12@XZ, _Init@TCritSec@XPRT@@QAEXXZ, _Term@TCritSec@XPRT@@QAEXXZ, __0TPtrFromPtrMap@XPRT@@QAE@H@Z, _Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z, __ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z, _RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z, _Lock@TCritSec@XPRT@@QAEXXZ, _Unlock@TCritSec@XPRT@@QAEXXZ, _SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z, _RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ, xprt_ucslcpy, _GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z, _GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ, _TestAccess@TFile@XPRT@@SA_NPBGI@Z, _Append@TBstr@XPRT@@QAEAAV12@PBG@Z, _Append@TBstr@XPRT@@QAEAAV12@G@Z, _Finish@TMdXDigest@XPRT@@UAEHPAEH@Z, _Update@TMessageDigest@XPRT@@QAEXPBEH@Z, __0TMd5Digest@XPRT@@QAE@H@Z, xprt_memcpy, _GetLength@TBstr@XPRT@@QBEHXZ, xprt_strlen, _ReverseFind@TBstr@XPRT@@QBEHG@Z, xprt_iswdigit, _Format@TBstr@XPRT@@QAAXPBGZZ
( 1 exports )
> __$GetAppService@UMIDAppPreferencesService@@@MNUIHelpers@@YAJABV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@AAV_$CComPtr@UMIDAppPreferencesService@@@2@@Z, __$GetServiceByOwner@V_$CComPtr@UMIDApp@@@ATL@@UMIDAppPreferencesService@@@MNUIHelpers@@YAJABV_$CComPtr@UMIDApp@@@ATL@@ABV_$CStringT@GV_$StrTraitATL@GV_$ChTraitsCRT@G@ATL@@@ATL@@@2@AAV_$CComPtr@UMIDAppPreferencesService@@@2@PAUMIDOwner@@@Z
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 3072:IC/UaViEqjY1uimO3soWBgZNANeoWTzSCO15UtQ/BA2gGaw8:lwEq7HO8ohAsHHSC65Um/Bx4
sigcheck: publisher....: ICQ, LLC.
copyright....: Copyright (c) 1998-2008 ICQ, LLC.
product......: ICQ
description..: ICQ
original name: ICQ.exe
internal name: ICQ
file version.: 6.5.0.2024
comments.....: n/a
signers......: ICQ
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 9:34 AM 11/16/2009
verified.....: -
PEiD : -
RDS : NSRL Reference Data Set
Code:
ATTFilter Datei 978F814F80DB2C96196D025C9E39190073FA1833.dll empfangen 2010.03.16 00:28:57 (UTC)
Status: Beendet
Ergebnis: 0/42 (0.00%)
Filter
Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.03.15 -
AhnLab-V3 5.0.0.2 2010.03.15 -
AntiVir 8.2.1.180 2010.03.15 -
Antiy-AVL 2.0.3.7 2010.03.15 -
Authentium 5.2.0.5 2010.03.15 -
Avast 4.8.1351.0 2010.03.15 -
Avast5 5.0.332.0 2010.03.15 -
AVG 9.0.0.787 2010.03.15 -
BitDefender 7.2 2010.03.16 -
CAT-QuickHeal 10.00 2010.03.15 -
ClamAV 0.96.0.0-git 2010.03.16 -
Comodo 4277 2010.03.15 -
DrWeb 5.0.1.12222 2010.03.16 -
eSafe 7.0.17.0 2010.03.15 -
eTrust-Vet 35.2.7364 2010.03.15 -
F-Prot 4.5.1.85 2010.03.15 -
F-Secure 9.0.15370.0 2010.03.15 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.16 -
Ikarus T3.1.1.80.0 2010.03.15 -
Jiangmin 13.0.900 2010.03.15 -
K7AntiVirus 7.10.998 2010.03.15 -
Kaspersky 7.0.0.125 2010.03.16 -
McAfee 5921 2010.03.15 -
McAfee+Artemis 5921 2010.03.15 -
McAfee-GW-Edition 6.8.5 2010.03.15 -
Microsoft 1.5605 2010.03.15 -
NOD32 4947 2010.03.15 -
Norman 6.04.08 2010.03.15 -
nProtect 2009.1.8.0 2010.03.15 -
Panda 10.0.2.2 2010.03.15 -
PCTools 7.0.3.5 2010.03.15 -
Prevx 3.0 2010.03.16 -
Rising 22.39.00.04 2010.03.15 -
Sophos 4.51.0 2010.03.15 -
Sunbelt 5905 2010.03.16 -
Symantec 20091.2.0.41 2010.03.16 -
TheHacker 6.5.2.0.233 2010.03.15 -
TrendMicro 9.120.0.1004 2010.03.15 -
VBA32 3.12.12.2 2010.03.14 -
ViRobot 2010.3.15.2228 2010.03.15 -
VirusBuster 5.0.27.0 2010.03.15 -
weitere Informationen
File size: 137600 bytes
MD5 : f655cdd5506fbb4c40c08c9c6a66f7c8
SHA1 : 8aa342288914c837380a5e0bf2d2270c8f772586
SHA256: 2b1c5f5b8ac6934937635c371978ae9b6ad98c356ff2b1337c37f52fea352898
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x11734
timedatestamp.....: 0x4A12FBD6 (Tue May 19 20:35:02 2009)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x190F9 0x19200 6.50 7e5888b20d707ab21d13230bc4300c0f
.data 0x1B000 0x2AC0 0x1E00 4.48 0f7873449af44ccc1418f92d56c7f6f4
.rsrc 0x1E000 0x2A98 0x2C00 4.62 ef41dacf3c5ef4db23a1ca87ef316a49
.reloc 0x21000 0x2084 0x2200 4.99 85052fa1939f74f1a9319df48569a1bb
( 8 imports )
> advapi32.dll: RegCloseKey, RegEnumValueW, RegDeleteKeyW, UnregisterTraceGuids, RegisterTraceGuidsW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegCreateKeyExW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, TraceEvent, RegDeleteValueW
> kernel32.dll: SetLastError, GetModuleFileNameW, OutputDebugStringA, DisableThreadLibraryCalls, LoadLibraryExW, InterlockedIncrement, InterlockedDecrement, FreeLibrary, MultiByteToWideChar, SizeofResource, LoadResource, FindResourceW, SetThreadLocale, GetThreadLocale, LoadLibraryA, GetCurrentThreadId, LockResource, FindResourceExW, WideCharToMultiByte, lstrlenA, GetSystemDefaultLCID, GetSystemDefaultUILanguage, GetUserDefaultLCID, GetUserDefaultUILanguage, CloseHandle, CreateFileW, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, GetCommandLineA, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, LoadLibraryW, ExitProcess, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, lstrcmpiW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlUnwind, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, LCMapStringW, InitializeCriticalSectionAndSpinCount, LCMapStringA, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetLastError, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, lstrlenW, GetVersion, GetFileAttributesW, GetProcAddress, GetModuleHandleW, GetModuleHandleA, Sleep, WriteFile
> ole32.dll: CoTaskMemRealloc, CoTaskMemFree, StringFromGUID2, CoCreateInstance, CoTaskMemAlloc
> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -
> shell32.dll: SHGetFolderPathW, -
> shlwapi.dll: PathAppendW
> user32.dll: GetWindow, FindWindowExW, RegisterWindowMessageW, CharNextW, PostMessageW
> wininet.dll: FindNextUrlCacheEntryExA, FindFirstUrlCacheEntryExA, FindCloseUrlCache, GetUrlCacheConfigInfoA
( 1 exports )
> DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
TrID : File type identification
DirectShow filter (43.0%)
Windows OCX File (26.3%)
Win64 Executable Generic (18.2%)
Win32 Executable MS Visual C++ (generic) (8.0%)
Win32 Executable Generic (1.8%)
ssdeep: 3072:y21/xAxxZHbmF+iozQN1uJ7xuZx6D855AkrnoIq59c:D1/+LJbmF+PQN1uJ7xkID8MkczI
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft Search Enhancement Pack
description..: Search Helper for Internet Explorer
original name: SearchHelper.dll
internal name: SearchHelper.dll
file version.: 1.3.59.0
comments.....: n/a
signers......: Microsoft Corporation
Microsoft Code Signing PCA
Microsoft Root Authority
signing date.: 7:36 PM 5/19/2009
verified.....: -
PEiD : -
RDS : NSRL Reference Data Set
OTL: Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Deniz\AppData\Local\qlnis.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.
C:\Program Files (x86)\XfireXO\tbXfir.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Program Files (x86)\softonic-de3\tbsoft.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Program Files (x86)\XfireXO\tbXfir.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files (x86)\softonic-de3\tbsoft.dll not found.
C:\Users\Deniz\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\searchplugin folder moved successfully.
C:\Users\Deniz\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\META-INF folder moved successfully.
C:\Users\Deniz\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\lib folder moved successfully.
C:\Users\Deniz\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\defaults folder moved successfully.
C:\Users\Deniz\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components folder moved successfully.
C:\Users\Deniz\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\chrome folder moved successfully.
C:\Users\Deniz\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Program Files (x86)\XfireXO\tbXfir.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files (x86)\softonic-de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Program Files (x86)\XfireXO\tbXfir.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}\ not found.
File C:\Program Files (x86)\XfireXO\tbXfir.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Deniz
->Temp folder emptied: 11999668 bytes
->Temporary Internet Files folder emptied: 23653652 bytes
->Java cache emptied: 26904626 bytes
->Google Chrome cache emptied: 325716549 bytes
->Flash cache emptied: 10125 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 75088 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
RecycleBin emptied: 128958396 bytes
Total Files Cleaned = 493,00 mb
OTL by OldTimer - Version 3.1.37.3 log created on 03302010_172300
Files\Folders moved on Reboot...
C:\Users\Deniz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Ich hatte meine Probleme dieses Programm auszuführen. Ich habe alles Schritt für Schritt gemacht, wie es in der Anleitung stand, habe aber keinen log bekommen. Ich habe vorsichtshalber einen Screenshot gemacht:  Geändert von RazZaH (30.03.2010 um 17:21 Uhr) |
|
30.03.2010, 19:33
| #8 |
| | Laptop plötzlich langsam Hi, sieht okay aus, was treibt der Rechner so? chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
| Themen zu Laptop plötzlich langsam |
| .com, ad-aware, adobe, avp, avp.exe, bho, browser, browser guard, computer, defender, desktop, excel, explorer, google, hijackthis, internet, internet explorer, jusched.exe, kaspersky, langsam, malware, plug-in, security, software, spyware, stick, syswow64, virus, windows, öffnet |
Hybrid-Darstellung
