|
Log-Analyse und Auswertung: Internetexplorer poppt aufWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.04.2010, 19:14 | #1 |
| Internetexplorer poppt auf Bei mir poppt immer der IE auf mit unseriösen Seiten. Habe Windows 7 Ultimate und dieses auch schon neu aufgesetzt, das Problem bleibt aber weiterhin bestehen. HiJack gibt folgenden Log. Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 20:10:29, on 14.04.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\Slomaa.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Users\HISAIR~1\AppData\Local\Temp\Ssr.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Winamp\winamp.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\HISAIR~1\AppData\Local\Temp\Ssr.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O13 - Gopher Prefix: O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 5292 bytes Kann jemand helfen? Danke im Vorraus |
15.04.2010, 09:22 | #2 |
| Internetexplorer poppt auf Hi,
__________________Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop * Doppelklick auf die OTL.exe * Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen * Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output * Unter Extra Registry, wähle bitte Use SafeList * Klicke nun auf Run Scan links oben * Wenn der Scan beendet wurde werden 2 Logfiles erstellt * Poste die Logfiles hier in den Thread. Leider läuft GMER nicht unter Win7.... TDSS-Killer Download und Anweisung unter: http://www.trojaner-board.de/82358-t...tml#post640150 Entpacke alle Dateien! Start.bat erstellen: Start->alle Programme->Zubehör->Editor und kopiere folgenden Text rein: Code:
ATTFilter @ECHO OFF TDSSKiller.exe -l report.txt -v DEL %0
Wenn TDSSKiller fertig ist poste den Inhalt der report.txt. chris Für mich: O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\HISAIR~1\AppData\Local\Temp\Ssr.exe F2 - REG:system.ini: UserInit=userinit.exe? C:\Windows\Slomaa.exe
__________________ |
15.04.2010, 11:32 | #3 |
| Internetexplorer poppt auf Vielen Dank erstmal für die schnelle Hilfe.
__________________Habe Malwarebytes und OTL laufen lassen, TDSSKiller läuft nicht da ich eine x64 Version von Windows besitze. Malwarebytes hat auch gleich 9 Unerwünschte Programme bzw. Trojaner erkannt und entfernnt. Hier das log von Malwarebytes: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3989 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 15.04.2010 10:27:36 mbam-log-2010-04-15 (10-27-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|L:\|M:\|S:\|) Durchsuchte Objekte: 334332 Laufzeit: 33 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: D:\Main\ALL Meikel Need\Total Copy.exe (Trojan.FlashKiller) -> Quarantined and deleted successfully. D:\Main\Programme und Tools\Benchmarks\ÄÖhhhhh\fr-041_debris.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully. D:\Main\Programme und Tools\Benchmarks\ÄÖhhhhh\pno0001.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully. C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. OTL hat folgende logs ausgespuckt: OTL: OTL logfile created on: 15.04.2010 10:34:10 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\His Airne$$\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 72,31 Gb Free Space | 74,05% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 223,48 Gb Free Space | 23,99% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 369,10 Gb Free Space | 39,62% Space Free | Partition Type: NTFS Drive F: | 3,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 368,10 Gb Total Space | 343,59 Gb Free Space | 93,34% Space Free | Partition Type: NTFS Drive H: | 149,05 Gb Total Space | 5,15 Gb Free Space | 3,45% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Drive S: | 931,51 Gb Total Space | 111,47 Gb Free Space | 11,97% Space Free | Partition Type: NTFS Computer Name: FEENA Current User Name: His Airne$$ Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\His Airne$$\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (Realtime Soft Ltd) PRC - C:\Program Files (x86)\Winamp\winampa.exe () PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\His Airne$$\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\UltraMon\RTSUltraMonHookX32.dll (Realtime Soft Ltd) MOD - C:\Programme\UltraMon\UltraMonResButtons.dll (Realtime Soft Ltd) MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (CSC) -- C:\Windows\CSC [2010.04.14 18:13:32 | 000,000,000 | ---D | M] DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (UltraMonUtility) -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys (Realtime Soft Ltd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://hotmail.com/" FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.14 18:21:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.14 23:21:19 | 000,000,000 | ---D | M] [2010.04.14 18:21:44 | 000,000,000 | ---D | M] -- C:\Users\His Airne$$\AppData\Roaming\mozilla\Extensions [2010.04.15 01:05:23 | 000,000,000 | ---D | M] -- C:\Users\His Airne$$\AppData\Roaming\mozilla\Firefox\Profiles\2juwi55n.default\extensions [2010.04.14 19:19:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\His Airne$$\AppData\Roaming\mozilla\Firefox\Profiles\2juwi55n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.14 19:19:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\His Airne$$\AppData\Roaming\mozilla\Firefox\Profiles\2juwi55n.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.04.14 19:49:59 | 000,000,000 | ---D | M] -- C:\Users\His Airne$$\AppData\Roaming\mozilla\Firefox\Profiles\2juwi55n.default\extensions\allglassv2@ambroos.neowin.net [2010.04.15 01:05:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 195.71.143.51 193.189.244.205 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.14 13:08:11 | 000,000,043 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{48a0abde-47fc-11df-8483-0023543c71e3}\Shell - "" = AutoRun O33 - MountPoints2\{48a0abde-47fc-11df-8483-0023543c71e3}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found O33 - MountPoints2\{b0efef97-47f8-11df-8a7c-0023543c71e3}\Shell - "" = AutoRun O33 - MountPoints2\{b0efef97-47f8-11df-8a7c-0023543c71e3}\Shell\AutoRun\command - "" = I:\SETUP.EXE -- File not found O33 - MountPoints2\{b0efef97-47f8-11df-8a7c-0023543c71e3}\Shell\configure\command - "" = I:\SETUP.EXE -- File not found O33 - MountPoints2\{b0efef97-47f8-11df-8a7c-0023543c71e3}\Shell\install\command - "" = I:\SETUP.EXE -- File not found O33 - MountPoints2\{b0efef98-47f8-11df-8a7c-0023543c71e3}\Shell - "" = AutoRun O33 - MountPoints2\{b0efef98-47f8-11df-8a7c-0023543c71e3}\Shell\AutoRun\command - "" = J:\start.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.15 10:33:32 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\His Airne$$\Desktop\OTL.exe [2010.04.15 09:24:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2010.04.15 09:24:47 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2010.04.15 09:24:35 | 000,234,496 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLM79.DLL [2010.04.15 09:24:28 | 000,000,000 | -H-D | C] -- C:\Programme\CanonBJ [2010.04.15 09:11:32 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Malwarebytes [2010.04.15 09:11:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.04.15 09:11:25 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.04.15 09:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.15 09:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes [2010.04.15 08:44:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.04.14 23:39:47 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\dvdcss [2010.04.14 23:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2010.04.14 23:21:19 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll [2010.04.14 23:21:19 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.04.14 23:21:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.04.14 23:21:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.04.14 23:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010.04.14 22:47:22 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Realtime Soft [2010.04.14 22:47:20 | 000,000,000 | ---D | C] -- C:\Programme\UltraMon [2010.04.14 22:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Realtime Soft [2010.04.14 22:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Realtime Soft [2010.04.14 22:01:55 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Avira [2010.04.14 21:25:19 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\ElevatedDiagnostics [2010.04.14 21:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010.04.14 21:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2010.04.14 21:18:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2010.04.14 21:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010.04.14 21:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2010.04.14 21:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2010.04.14 21:12:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2010.04.14 21:12:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2010.04.14 21:12:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2010.04.14 21:12:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010.04.14 21:12:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010.04.14 21:11:33 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\Alt.Binz [2010.04.14 21:11:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2010.04.14 21:10:56 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\Microsoft Help [2010.04.14 21:10:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2010.04.14 21:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010.04.14 21:10:20 | 000,000,000 | RH-D | C] -- C:\MSOCache [2010.04.14 21:04:28 | 000,285,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\cudart.dll [2010.04.14 21:04:28 | 000,027,136 | ---- | C] (CPUID) -- C:\Windows\SysWow64\PCWizard.cpl [2010.04.14 21:04:28 | 000,000,000 | ---D | C] -- C:\Windows\Java [2010.04.14 21:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CPUID [2010.04.14 21:03:04 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\WinRAR [2010.04.14 21:02:50 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR [2010.04.14 21:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2010.04.14 21:01:19 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\DAEMON Tools Lite [2010.04.14 21:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2010.04.14 20:56:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2010.04.14 20:56:45 | 000,000,000 | ---D | C] -- C:\Programme\Realtek [2010.04.14 20:56:36 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2010.04.14 20:56:36 | 001,943,584 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2010.04.14 20:56:36 | 000,612,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2010.04.14 20:56:36 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2010.04.14 20:56:36 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2010.04.14 20:56:36 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2010.04.14 20:56:36 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2010.04.14 20:56:36 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2010.04.14 20:56:35 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2010.04.14 20:56:35 | 001,660,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2010.04.14 20:56:35 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2010.04.14 20:56:35 | 001,210,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2010.04.14 20:56:35 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2010.04.14 20:56:35 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2010.04.14 20:56:35 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2010.04.14 20:56:35 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2010.04.14 20:56:35 | 000,476,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2010.04.14 20:56:35 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2010.04.14 20:56:35 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2010.04.14 20:56:35 | 000,331,168 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2010.04.14 20:56:35 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2010.04.14 20:56:35 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2010.04.14 20:56:35 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2010.04.14 20:56:35 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2010.04.14 20:56:35 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2010.04.14 20:56:35 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2010.04.14 20:56:35 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2010.04.14 20:56:35 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2010.04.14 20:56:35 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2010.04.14 20:56:35 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2010.04.14 20:56:35 | 000,122,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2010.04.14 20:56:35 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2010.04.14 20:56:35 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2010.04.14 20:56:35 | 000,069,664 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2010.04.14 20:56:34 | 000,168,288 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2010.04.14 20:56:34 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2010.04.14 20:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2010.04.14 20:56:33 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2010.04.14 20:56:33 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2010.04.14 20:22:45 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2010.04.14 20:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CS 1.6 [2010.04.14 20:22:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2010.04.14 20:01:11 | 001,628,920 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxsfs.dll [2010.04.14 20:01:11 | 000,547,576 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\px.dll [2010.04.14 20:01:11 | 000,510,712 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxdrv.dll [2010.04.14 20:01:11 | 000,379,640 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxwave.dll [2010.04.14 20:01:11 | 000,187,128 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxmas.dll [2010.04.14 20:01:11 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxafs.dll [2010.04.14 20:01:11 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxhpinst.exe [2010.04.14 20:01:11 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxinsa64.exe [2010.04.14 20:01:11 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxcpya64.exe [2010.04.14 20:01:11 | 000,039,672 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\vxblock.dll [2010.04.14 20:01:10 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Winamp [2010.04.14 20:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp [2010.04.14 19:50:31 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\Logitech [2010.04.14 19:50:18 | 000,000,000 | ---D | C] -- C:\Programme\Logitech [2010.04.14 19:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2010.04.14 19:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech [2010.04.14 19:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro [2010.04.14 19:32:09 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\vlc [2010.04.14 19:31:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VLC [2010.04.14 19:18:08 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010.04.14 19:18:08 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.04.14 19:18:08 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010.04.14 19:18:08 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010.04.14 19:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.04.14 19:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010.04.14 19:16:15 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Macromedia [2010.04.14 19:16:15 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Adobe [2010.04.14 19:12:22 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010.04.14 18:55:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010.04.14 18:32:11 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\ATI [2010.04.14 18:32:11 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\ATI [2010.04.14 18:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010.04.14 18:28:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2010.04.14 18:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI [2010.04.14 18:27:45 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010.04.14 18:27:33 | 000,000,000 | ---D | C] -- C:\Programme\ATI [2010.04.14 18:27:05 | 000,000,000 | ---D | C] -- C:\ATI [2010.04.14 18:21:40 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Mozilla [2010.04.14 18:21:40 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\Mozilla [2010.04.14 18:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.04.14 18:21:03 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010.04.14 18:20:03 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Searches [2010.04.14 18:19:56 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Identities [2010.04.14 18:19:55 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Contacts [2010.04.14 18:19:53 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\VirtualStore [2010.04.14 18:19:46 | 000,000,000 | --SD | C] -- C:\Users\His Airne$$\AppData\Roaming\Microsoft [2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Videos [2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Saved Games [2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Pictures [2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Music [2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Links [2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Favorites [2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Downloads [2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Documents [2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Desktop [2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Vorlagen [2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\AppData\Local\Verlauf [2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\AppData\Local\Temporary Internet Files [2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Startmenü [2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\SendTo [2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Recent [2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Netzwerkumgebung [2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Lokale Einstellungen [2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Documents\Eigene Videos [2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Documents\Eigene Musik [2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Eigene Dateien [2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Documents\Eigene Bilder [2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Druckumgebung [2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Cookies [2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\AppData\Local\Anwendungsdaten [2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Anwendungsdaten [2010.04.14 18:19:46 | 000,000,000 | -H-D | C] -- C:\Users\His Airne$$\AppData [2010.04.14 18:19:46 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\Temp [2010.04.14 18:19:46 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\Microsoft [2010.04.14 18:19:46 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Media Center Programs [2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\Recovery [2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\Programme [2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2010.04.14 18:13:20 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010.04.14 18:13:04 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2010.04.15 10:34:54 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.15 10:34:54 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.15 10:33:36 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\His Airne$$\Desktop\OTL.exe [2010.04.15 10:29:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.15 10:29:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.15 10:29:43 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys [2010.04.15 10:28:44 | 001,048,576 | -HS- | M] () -- C:\Users\His Airne$$\NTUSER.DAT [2010.04.15 10:28:39 | 003,328,178 | -H-- | M] () -- C:\Users\His Airne$$\AppData\Local\IconCache.db [2010.04.15 09:15:14 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.04.15 09:15:14 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.04.15 09:15:14 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.04.15 09:15:14 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.04.15 09:15:14 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.04.14 23:21:14 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll [2010.04.14 23:21:14 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.04.14 23:21:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.04.14 23:21:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.04.14 22:47:20 | 000,002,585 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2010.04.14 21:22:32 | 000,084,136 | ---- | M] () -- C:\Users\His Airne$$\AppData\Local\GDIPFONTCACHEV1.DAT [2010.04.14 21:21:47 | 002,271,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.04.14 21:02:07 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010.04.14 19:50:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LgLcdSSDriver_01_00_00.Wdf [2010.04.14 18:47:17 | 000,158,720 | ---- | M] () -- C:\Windows\Slomaa.exe [2010.04.14 18:47:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.04.14 18:31:50 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2010.04.14 18:31:03 | 000,524,288 | -HS- | M] () -- C:\Users\His Airne$$\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.04.14 18:31:03 | 000,524,288 | -HS- | M] () -- C:\Users\His Airne$$\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.04.14 18:31:03 | 000,065,536 | -HS- | M] () -- C:\Users\His Airne$$\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.04.14 18:19:46 | 000,000,020 | -HS- | M] () -- C:\Users\His Airne$$\ntuser.ini [2010.04.14 18:17:23 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010.04.14 18:17:23 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010.04.06 17:59:00 | 001,943,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2010.04.06 17:59:00 | 001,660,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2010.04.06 17:59:00 | 001,210,912 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2010.04.06 17:59:00 | 000,612,384 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2010.04.06 17:59:00 | 000,476,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2010.04.06 17:59:00 | 000,332,320 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2010.04.06 17:59:00 | 000,149,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2010.04.06 17:59:00 | 000,069,664 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2010.03.30 20:35:00 | 000,331,168 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.03.22 14:22:00 | 001,247,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll ========== Files Created - No Company Name ========== [2010.04.14 22:47:20 | 000,002,585 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2010.04.14 21:04:28 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll [2010.04.14 21:02:07 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2010.04.14 19:50:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LgLcdSSDriver_01_00_00.Wdf [2010.04.14 18:47:20 | 000,158,720 | ---- | C] () -- C:\Windows\Slomaa.exe [2010.04.14 18:47:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.04.14 18:31:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.04.14 18:19:46 | 001,048,576 | -HS- | C] () -- C:\Users\His Airne$$\NTUSER.DAT [2010.04.14 18:19:46 | 000,524,288 | -HS- | C] () -- C:\Users\His Airne$$\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.04.14 18:19:46 | 000,524,288 | -HS- | C] () -- C:\Users\His Airne$$\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.04.14 18:19:46 | 000,262,144 | -HS- | C] () -- C:\Users\His Airne$$\ntuser.dat.LOG1 [2010.04.14 18:19:46 | 000,065,536 | -HS- | C] () -- C:\Users\His Airne$$\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.04.14 18:19:46 | 000,000,020 | -HS- | C] () -- C:\Users\His Airne$$\ntuser.ini [2010.04.14 18:19:46 | 000,000,000 | -HS- | C] () -- C:\Users\His Airne$$\ntuser.dat.LOG2 [2010.04.14 18:13:04 | 3220,475,904 | -HS- | C] () -- C:\hiberfil.sys [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll < End of report > Extras: OTL Extras logfile created on: 15.04.2010 10:34:10 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\His Airne$$\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 72,31 Gb Free Space | 74,05% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 223,48 Gb Free Space | 23,99% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 369,10 Gb Free Space | 39,62% Space Free | Partition Type: NTFS Drive F: | 3,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 368,10 Gb Total Space | 343,59 Gb Free Space | 93,34% Space Free | Partition Type: NTFS Drive H: | 149,05 Gb Total Space | 5,15 Gb Free Space | 3,45% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Drive S: | 931,51 Gb Total Space | 111,47 Gb Free Space | 11,97% Space Free | Partition Type: NTFS Computer Name: FEENA Current User Name: His Airne$$ Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5200" = Canon iP5200 "{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager "{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3 "{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20 "{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common "{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static "{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full "{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light "{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy "{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "ENTERPRISE" = Microsoft Office Enterprise 2007 "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "PC Wizard 2010_is1" = PC Wizard 2010.1.93 "VLC media player" = VLC media player 1.0.5 "Winamp" = Winamp ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14.04.2010 13:17:12 | Computer Name = Feena | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\HISAIR~1\AppData\Local\Temp\RarSFX0\redist.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 14.04.2010 14:30:38 | Computer Name = Feena | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: hl.exe, Version: 1.1.1.1, Zeitstempel: 0x3fd11900 Name des fehlerhaften Moduls: serverbrowser.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4015add6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0f727720 ID des fehlerhaften Prozesses: 0x9d0 Startzeit der fehlerhaften Anwendung: 0x01cadc00855adaa3 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\CS 1.6\hl.exe Pfad des fehlerhaften Moduls: serverbrowser.dll Berichtskennung: d21a1b1a-47f3-11df-bb49-0023543c71e3 Error - 14.04.2010 15:01:53 | Computer Name = Feena | Source = VSS | ID = 8194 Description = Error - 14.04.2010 16:46:10 | Computer Name = Feena | Source = MsiInstaller | ID = 10005 Description = Error - 14.04.2010 16:46:13 | Computer Name = Feena | Source = MsiInstaller | ID = 10005 Description = [ System Events ] Error - 14.04.2010 14:25:52 | Computer Name = Feena | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?14.?04.?2010 um 20:23:26 unerwartet heruntergefahren. Error - 14.04.2010 15:39:30 | Computer Name = Feena | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 14.04.2010 15:39:31 | Computer Name = Feena | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 14.04.2010 15:39:31 | Computer Name = Feena | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 14.04.2010 16:14:58 | Computer Name = Feena | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden. Error - 14.04.2010 16:14:59 | Computer Name = Feena | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden. Error - 14.04.2010 16:15:00 | Computer Name = Feena | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden. Error - 15.04.2010 03:28:47 | Computer Name = Feena | Source = cdrom | ID = 262159 Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit. Error - 15.04.2010 03:28:47 | Computer Name = Feena | Source = cdrom | ID = 262159 Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit. Error - 15.04.2010 03:28:48 | Computer Name = Feena | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden. < End of report > |
15.04.2010, 12:33 | #4 |
| Internetexplorer poppt auf Hi, Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Windows\Slomaa.exe
Cureit: http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. Was macht der Rechner? chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
15.04.2010, 18:18 | #5 |
| Internetexplorer poppt auf So Virus Total und CureIT sind durchgelaufen hier mal die logs. Virus Total: Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.50 2010.04.15 - AhnLab-V3 5.0.0.2 2010.04.15 - AntiVir 7.10.6.108 2010.04.15 - Antiy-AVL 2.0.3.7 2010.04.15 - Authentium 5.2.0.5 2010.04.15 W32/FakeAlert.FY.gen!Eldorado Avast 4.8.1351.0 2010.04.14 - Avast5 5.0.332.0 2010.04.14 - AVG 9.0.0.787 2010.04.15 Downloader.Generic9.BPSZ BitDefender 7.2 2010.04.15 - CAT-QuickHeal 10.00 2010.04.15 - ClamAV 0.96.0.3-git 2010.04.15 - Comodo 4606 2010.04.15 - DrWeb 5.0.2.03300 2010.04.15 - eSafe 7.0.17.0 2010.04.14 - eTrust-Vet 35.2.7427 2010.04.15 - F-Prot 4.5.1.85 2010.04.15 W32/FakeAlert.FY.gen!Eldorado F-Secure 9.0.15370.0 2010.04.15 - Fortinet 4.0.14.0 2010.04.15 - GData 19 2010.04.15 - Ikarus T3.1.1.80.0 2010.04.15 - Jiangmin 13.0.900 2010.04.15 - Kaspersky 7.0.0.125 2010.04.15 - McAfee 5.400.0.1158 2010.04.15 Downloader-CEW McAfee-GW-Edition 6.8.5 2010.04.15 - Microsoft 1.5605 2010.04.15 - NOD32 5030 2010.04.15 a variant of Win32/Kryptik.DRG Norman 6.04.11 2010.04.15 - nProtect 2010-04-15.02 2010.04.15 - Panda 10.0.2.7 2010.04.15 Suspicious file PCTools 7.0.3.5 2010.04.15 - Prevx 3.0 2010.04.15 High Risk Cloaked Malware Rising 22.43.03.04 2010.04.15 - Sophos 4.52.0 2010.04.15 Mal/FakeAV-CX Sunbelt 6179 2010.04.15 VirTool.Win32.Obfuscator.hg!b (v) Symantec 20091.2.0.41 2010.04.15 Trojan.FakeAV!gen24 TheHacker 6.5.2.0.262 2010.04.15 - TrendMicro 9.120.0.1004 2010.04.15 TROJ_RENOS.SMDE VBA32 3.12.12.4 2010.04.15 - ViRobot 2010.4.15.2278 2010.04.15 - VirusBuster 5.0.27.0 2010.04.15 Trojan.Codecpack.Gen.4 weitere Informationen File size: 158720 bytes MD5...: cfdf19c6f20edb9d69e27446173c1067 SHA1..: 9d90ae8cd16e496daed6bcd5a8fc355203e897e1 SHA256: b8cec8c7348daebf516275a804b86bfd9cc4e0fa957e427f7d4977cb51c0d390 ssdeep: 3072:FjtxuVllaNFM6xe9g1/xCsAbErjxQg6y/RYLwaxG1RxNt9:0aB+jCr9Qgp/ RYMaERx PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4a2c timedatestamp.....: 0x49ef748d (Wed Apr 22 19:48:29 2009) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 text 0x1000 0x910f 0x9200 6.00 e17bedbb2319c632ce9a9f5e6ef1d947 .rdata 0xb000 0x34caa 0x1ce00 7.49 6e27fa2d347e95b2bb46d0bf8a2db3db DATA 0x40000 0x174 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b BSS 0x41000 0x330 0x400 0.00 0f343b0931126a20f133d67c2b018a3b ( 8 imports ) > msvcrt.dll: pow, mbstowcs, wcschr, swprintf, strcmp, log, tolower, time, rand, atol, sqrt, memcpy, memmove > NTDLL.DLL: NtWaitForSingleObject, atol, RtlDeleteCriticalSection, _wcsnicmp, wcscat > oleaut32.dll: VariantCopyInd, SafeArrayCreate, SafeArrayGetElement, SafeArrayGetUBound, GetErrorInfo, SysFreeString > KERNEL32.DLL: GetOEMCP, VirtualAllocEx, LoadLibraryExA, SizeofResource, CreateEventA, GlobalAlloc, GetCurrentThread, LoadLibraryA, GetFileAttributesA, GetModuleHandleA, GetSystemDefaultLangID, SetFilePointer, GetCurrentThreadId, SetEndOfFile, FormatMessageA, GetProcAddress, VirtualQuery, ReadFile, GetVersion, ExitProcess, GetCommandLineA, lstrcpynA, WriteFile, VirtualAlloc, GetCurrentProcessId, InitializeCriticalSection > USER32.DLL: DefFrameProcA, TrackPopupMenu, GetIconInfo, DrawIcon, DrawEdge, SetWindowLongA, CallWindowProcA, GetClientRect, GetScrollPos, EnableWindow, EqualRect, EndPaint, GetScrollRange, GetCursor, DrawTextA, IsWindowEnabled, FrameRect, FillRect, GetCursorPos, EnumChildWindows, GetLastActivePopup, GetKeyState, RegisterClassA, IsWindowVisible, IsDialogMessageA, CheckMenuItem, SetTimer, GetSysColorBrush, IsChild > COMDLG32.DLL: GetFileTitleA, FindTextA > COMCTL32.DLL: ImageList_Draw, ImageList_Write, ImageList_Create, ImageList_GetBkColor, ImageList_Destroy, ImageList_DrawEx > VERSION.DLL: VerQueryValueA, VerInstallFileA ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (60.8%) Win32 Executable Generic (13.7%) Win32 Dynamic Link Library (generic) (12.2%) Win16/32 Executable Delphi generic (3.3%) Clipper DOS Executable (3.2%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned <a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=AFE7418C00DA575F6C0F02DB8329EB00A37D0E8A' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=AFE7418C00DA575F6C0F02DB8329EB00A37D0E8A</a> und hier noch die Ausschnitte aus Cureit: >>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\48af819b.qua/data001 infiziert mit BackDoor.Click.983 >C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\48af819b.qua - Archiv enthält infizierte Objekte - verschoben >>>C:\Documents and Settings\His Airne$$\DoctorWeb\Quarantine\48af819b.qua/data001 infiziert mit BackDoor.Click.983 >C:\Documents and Settings\His Airne$$\DoctorWeb\Quarantine\48af819b.qua - Archiv enthält infizierte Objekte - verschoben |
15.04.2010, 18:54 | #6 |
| Internetexplorer poppt auf Hi,
Code:
ATTFilter :OTL [2010.04.14 18:47:20 | 000,158,720 | ---- | C] () -- C:\Windows\Slomaa.exe :Commands [emptytemp] [Reboot]
Superantispyware: Anleitung&Download hier: http://www.trojaner-board.de/51871-a...tispyware.html Sieht so aus, als ob eine Deiner SW die Du installiert hast, Träger der Infektion ist... chris
__________________ --> Internetexplorer poppt auf |
Themen zu Internetexplorer poppt auf |
antivir, antivir guard, avg, avira, desktop, explorer, firefox, hijackthis, internet, internet explorer, local\temp, lsass.exe, micro, microsoft, mozilla, neu, neu aufgesetzt, problem, seite, software, spoolsv.exe, system32, syswow64, temp, userinit, windows, windows 7 ultimate, windows media player, wmp |