Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
sdra64.exe ++

sdra64.exe ++


Log-Analyse und Auswertung: sdra64.exe ++

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 28.04.2010, 20:33   #1
silxc
 
sdra64.exe ++ - Standard

sdra64.exe ++


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:37, on 29.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WZShutdown\P_zero.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\WINDOWS\ATKKBService.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programme\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOKUME~1\TISCHL~1\LOKALE~1\Temp\smss.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\Programme\Opera\Opera.exe
C:\WINDOWS\Fdotoa.exe
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: C:\WINDOWS\system32\ep8h80ikt.dll - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\ep8h80ikt.dll
O4 - HKLM\..\Run: [WZShutdown] C:\WZShutdown\P_zero.exe -hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Programme\D-Link\AirPlus G DWL-G510\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-790525478-1580436667-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Besitzer')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O22 - SharedTaskScheduler: kjsfi8sjefiuoshiefyhiusdhfdf - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\ep8h80ikt.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe

--
End of file - 4334 bytes

FLr hat sich in den autostart gesetzt, scheint wohl ein Backdoor-trojaner zu sein

Alt 28.04.2010, 20:51   #2
Chris4You
 
sdra64.exe ++ - Standard

sdra64.exe ++


Hi,

bevor ich mich verkünstele:


Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread

chris
Für mich:
O22 - SharedTaskScheduler: kjsfi8sjefiuoshiefyhiusdhfdf - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\ep8h80ikt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: C:\WINDOWS\system32\ep8h80ikt.dll - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\ep8h80ikt.dll
C:\DOKUME~1\TISCHL~1\LOKALE~1\Temp\smss.exe
C:\WINDOWS\Fdotoa.exe
__________________

__________________
Alt 29.04.2010, 00:39   #3
silxc
 
sdra64.exe ++ - Standard

sdra64.exe ++


Hallo , danke für die schnelle antwort.
mbam-log ->
Zitat:
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\Programme\Trend Micro\HijackThis\backups\backup-20100429-211749-343.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Programme\Trend Micro\HijackThis\backups\backup-20100429-211806-463.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Programme\Trend Micro\HijackThis\backups\backup-20100429-212156-904.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\drmva.sys (Rootkit.Agent) -> Delete on reboot.
C:\Dokumente und Einstellungen\Tischle\Lokale Einstellungen\Temp\opj79t4.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Tischle\Lokale Einstellungen\Temp\wlzd6.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Tischle\Lokale Einstellungen\Temp\sbqhgt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Tischle\Lokale Einstellungen\Temp\fsboz63x.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Tischle\Lokale Einstellungen\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
extras log ->
Zitat:
OTL Extras logfile created on: 30.4.2010 01:13:34 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\Tischle\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 19,58 Gb Free Space | 13,13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Tischle-30E793DBB
Current User Name: Tischle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Programme\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56458:TCP" = 56458:TCP:*:Enabled:Pando Media Booster
"56458:UDP" = 56458:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"56458:TCP" = 56458:TCP:*:Enabled:Pando Media Booster
"56458:UDP" = 56458:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Neuer Ordner (5)\qip.exe" = C:\Neuer Ordner (5)\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Programme\QIP\qip.exe" = C:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Team17\Worms2\frontend.exe" = C:\Team17\Worms2\frontend.exe:*:Enabled:Worms 2 Frontend -- File not found
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Xampp\xampp\apache\bin\httpd.exe" = C:\Xampp\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- File not found
"C:\Xampp\xampp\mysql\bin\mysqld.exe" = C:\Xampp\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- File not found"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\RealVNC\VNC4\vncviewer.exe" = C:\Programme\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32 -- File not found
"C:\Programme\Xfire\Xfire.exe" = C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()
"C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{71D4305B-56E6-4971-A799-FB7678A1D1A5}" = ASUS ATI Driver
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B128562-681D-4FFA-BEBF-A825985B2CB9}" = AirPlus G DWL-G510
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98AD61BF-A229-411A-8723-B5E7F72D725C}" = Opera 10.52
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A83E1338-52B8-4C99-9289-200AFFBACA65}" = TurbulenceRuntime
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}" = RollerCoaster Tycoon 2: Time Twister
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"7-Zip" = 7-Zip 9.10 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"ATITool" = ATITool Overclocking Utility
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"C-Media PCI Sound" = C-Media PCI Audio Device
"CMIDriver" = CMI 8738/8768 Audio Driver (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DFX for Winamp" = DFX for Winamp
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Frets on Fire" = Frets On Fire
"Hamachi" = Hamachi 1.0.2.0
"HijackThis" = HijackThis 2.0.2
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.5.3 (Full)
"LDraw2006 3rd Quarter" = LDraw
"LeoCAD" = LeoCAD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSNINST" = MSN
"OpenAL" = OpenAL
"PCI Audio Driver" = PCI Audio Driver
"PSPad editor_is1" = PSPad editor
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006]
"Sandboxie" = Sandboxie 3.34
"SopCast" = SopCast 3.2.4
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"VLC media player" = VLC media player 0.9.8a
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 8.3.2010 19:11:08 | Computer Name = Tischle-30E793DBB | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 10.10.1893.0, fehlgeschlagenes
Modul npswf32.dll, Version 10.0.45.2, Fehleradresse 0x00230bd1.

Error - 19.3.2010 23:23:52 | Computer Name = Tischle-30E793DBB | Source = MsiInstaller | ID = 10005
Description = Produkt: Burnout(TM) Paradise The Ultimate Box -- Unerwarteter Fehler
bei der Installation dieses Pakets. Möglicherweise liegt ein Problem mit diesem
Paket vor. Der Fehlercode lautet 2318. The arguments are: C:\Programme\Electronic
Arts\Burnout(TM) Paradise The Ultimate Box\SOUND\STREAMS\ONLINEVO_11M_DE.SNS, ,


Error - 31.3.2010 18:58:46 | Computer Name = Tischle-30E793DBB | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung photoshop.exe, Version 10.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x65637275.

Error - 1.4.2010 18:08:45 | Computer Name = Tischle-30E793DBB | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung leocad.exe, Version 1.0.0.1, fehlgeschlagenes
Modul leocad.exe, Version 1.0.0.1, Fehleradresse 0x0003f63d.

[ System Events ]
Error - 29.4.2010 16:13:22 | Computer Name = Tischle-30E793DBB | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 29.4.2010 16:13:25 | Computer Name = Tischle-30E793DBB | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 29.4.2010 16:14:49 | Computer Name = Tischle-30E793DBB | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.

Error - 29.4.2010 16:14:49 | Computer Name = Tischle-30E793DBB | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.

Error - 29.4.2010 16:14:49 | Computer Name = Tischle-30E793DBB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Treiber für parallelen Anschluss" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058

Error - 29.4.2010 17:12:55 | Computer Name = Tischle-30E793DBB | Source = System Error | ID = 1003
Description = Fehlercode 0000000a, 1. Parameter 7b007a54, 2. Parameter 0000001c,
3. Parameter 00000001, 4. Parameter 80502cca.

Error - 29.4.2010 18:48:06 | Computer Name = Tischle-30E793DBB | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.

Error - 29.4.2010 18:48:06 | Computer Name = Tischle-30E793DBB | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.

Error - 29.4.2010 18:48:06 | Computer Name = Tischle-30E793DBB | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.

Error - 29.4.2010 18:48:16 | Computer Name = Tischle-30E793DBB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Treiber für parallelen Anschluss" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058


< End of report >
OTL log ->
Zitat:
OTL logfile created on: 30.4.2010 01:13:34 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\Tischle\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 19,58 Gb Free Space | 13,13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Tischle-30E793DBB
Current User Name: Tischle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Tischle\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\QIP\qip.exe (The Author of QIP)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WZShutdown\P_zero.exe (www.elligs.net)
PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\D-Link\AirPlus G DWL-G510\AirGCFG.exe (D-Link)
PRC - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Tischle\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (tzuk)
SRV - (ANIWZCSdService) -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (PSSDK42) -- C:\WINDOWS\system32\drivers\pssdk42.sys (microOLAP Technologies LTD)
DRV - (cpuz133) -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (LGBusEnum) -- C:\WINDOWS\system32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (cmipci) -- C:\WINDOWS\system32\drivers\cmipci.sys (Dogbert)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (cmuda3) -- C:\WINDOWS\system32\drivers\cmudax3.sys (C-Media Inc)
DRV - (ATIAVAIW) -- C:\WINDOWS\system32\drivers\atinavt2.sys (ATI Technologies Inc.)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk)
DRV - (AtcL001) -- C:\WINDOWS\system32\drivers\l151x86.sys (Atheros Communications, Inc.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ATITool) -- C:\WINDOWS\system32\drivers\ATITool.sys ()
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.15 15:15:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.15 15:15:48 | 000,000,000 | ---D | M]

[2009.02.10 22:37:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tischle\Anwendungsdaten\Mozilla\Extensions
[2010.04.25 12:55:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tischle\Anwendungsdaten\Mozilla\Firefox\Profiles\w9cm8f5u.default\extensions
[2009.09.05 21:10:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Tischle\Anwendungsdaten\Mozilla\Firefox\Profiles\w9cm8f5u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.25 12:54:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tischle\Anwendungsdaten\Mozilla\Firefox\Profiles\w9cm8f5u.default\extensions\toolbar@ask.com
[2010.04.25 12:55:02 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.08.22 12:16:47 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009.08.19 03:02:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.19 03:02:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.19 03:02:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.19 03:02:43 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.19 03:02:43 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.11.06 00:36:11 | 000,000,853 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [D-Link AirPlus G DWL-G510] C:\Programme\D-Link\AirPlus G DWL-G510\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [WZShutdown] C:\WZShutdown\P_zero.exe (www.elligs.net)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Tischle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Tischle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.06 15:19:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c73547d4-025f-11de-86ed-0015000400dc}\Shell - "" = AutoRun
O33 - MountPoints2\{c73547d4-025f-11de-86ed-0015000400dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c73547d4-025f-11de-86ed-0015000400dc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.30 00:55:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tischle\Desktop\Neuer Ordner
[2010.04.29 23:17:48 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.29 23:17:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.29 23:15:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tischle\Anwendungsdaten\Malwarebytes
[2010.04.29 23:15:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 23:15:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tischle\mbam-installer
[2010.04.29 23:15:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.04.29 23:14:41 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tischle\Desktop\OTL.exe
[2010.04.29 22:52:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.04.29 21:43:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tischle\Anwendungsdaten\Avira
[2010.04.29 21:30:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.04.29 21:30:02 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.04.29 21:30:02 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.04.29 21:30:02 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.04.29 21:30:02 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.04.29 21:30:02 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.04.29 21:30:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.04.29 17:02:08 | 000,610,304 | ---- | C] (Speed Guide Inc.) -- C:\TCPOptimizer.exe
[2010.04.29 15:53:01 | 000,038,976 | ---- | C] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk42.sys
[2010.04.29 15:36:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tischle\Anwendungsdaten\Locktime
[2010.04.29 15:35:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Locktime
[2010.04.28 23:41:47 | 001,327,189 | ---- | C] (Funk Software, Inc.) -- C:\WINDOWS\System32\odSupp_M.dll
[2010.04.28 23:41:47 | 000,667,648 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\ANIWZCS2.dll
[2010.04.28 23:41:47 | 000,249,856 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\wnicapi.dll
[2010.04.28 23:41:47 | 000,225,280 | ---- | C] (ANI ) -- C:\WINDOWS\System32\WlanApp.dll
[2010.04.28 23:41:47 | 000,204,800 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\aIPH.dll
[2010.04.28 23:41:47 | 000,049,152 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\AQCKGen.dll
[2010.04.28 23:41:47 | 000,045,115 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANICtl.dll
[2010.04.28 23:41:35 | 000,036,864 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIOApi.dll
[2010.04.28 23:41:35 | 000,028,195 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO.sys
[2010.04.28 23:41:34 | 000,048,128 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO64.sys
[2010.04.28 23:41:34 | 000,011,904 | ---- | C] (ANI ) -- C:\WINDOWS\System32\anio4.sys
[2010.04.28 23:41:34 | 000,000,000 | ---D | C] -- C:\Programme\ANI
[2010.04.28 23:41:23 | 000,000,000 | ---D | C] -- C:\Programme\D-Link
[2010.04.28 13:41:58 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.04.28 13:41:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.04.26 17:23:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tischle\Desktop\VIdeo
[2010.04.25 14:11:24 | 000,118,272 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\SX5363S.DLL
[2010.04.25 14:11:24 | 000,102,400 | ---- | C] (RADVision) -- C:\WINDOWS\System32\RV32RTP.dll
[2010.04.23 13:44:09 | 000,000,000 | ---D | C] -- C:\Programme\THQ
[2010.04.21 21:33:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tischle\Eigene Dateien\My Games
[2010.04.21 21:04:32 | 000,020,968 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\cpuz133_x32.sys
[2010.04.21 21:04:32 | 000,000,000 | ---D | C] -- C:\Programme\CPUID
[2010.04.21 20:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010.04.21 20:13:32 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010.04.21 20:13:32 | 000,000,000 | ---D | C] -- C:\Programme\Intel
[2010.04.21 20:13:26 | 000,000,000 | ---D | C] -- C:\Intel
[2010.04.21 20:08:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010.04.21 20:08:28 | 001,822,720 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2010.04.21 20:08:28 | 000,086,016 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
[2010.04.21 20:08:27 | 009,715,200 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.exe
[2010.04.21 20:08:27 | 004,395,008 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2010.04.21 20:08:27 | 001,191,936 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2010.04.21 20:08:27 | 000,282,624 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.cpl
[2010.04.21 20:08:25 | 002,808,832 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2010.04.21 20:08:25 | 002,157,568 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2010.04.21 20:08:25 | 000,299,008 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSndMgr.cpl
[2010.04.21 20:08:25 | 000,069,632 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2010.04.21 20:08:25 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2010.04.21 20:08:20 | 000,520,192 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2010.04.21 20:08:20 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[2010.04.21 17:53:32 | 000,020,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbuhci.sys
[2010.04.21 17:53:18 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys
[2010.04.21 17:53:18 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\enum1394.sys
[2010.04.21 17:53:16 | 000,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2010.04.21 17:53:16 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys
[2010.04.21 17:53:16 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2010.04.14 12:46:01 | 000,000,000 | ---D | C] -- C:\Programme\Infogrames
[2010.04.10 06:29:42 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe AIR
[2010.04.10 01:07:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
[2010.04.10 01:04:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tischle\Eigene Dateien\TrackMania
[2010.04.10 00:58:34 | 000,000,000 | ---D | C] -- C:\Programme\TmNationsForever
[2010.04.09 00:35:46 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Tischle\UserData
[2010.04.09 00:35:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Xfire
[2010.04.09 00:35:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tischle\Anwendungsdaten\Xfire
[2010.04.09 00:34:59 | 000,000,000 | ---D | C] -- C:\Programme\Xfire
[2010.04.02 20:51:25 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010.04.02 20:50:46 | 000,000,000 | ---D | C] -- C:\LDraw
[2010.04.02 00:05:21 | 000,000,000 | ---D | C] -- C:\Programme\LeoCAD
[2010.04.01 23:17:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010.04.01 17:47:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010.03.31 17:23:38 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.30 01:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.04.30 00:48:24 | 000,000,012 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{1EC353DC-76D2-415E-838B-BD03C9191616}
[2010.04.30 00:47:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.30 00:47:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.30 00:46:29 | 007,602,176 | -H-- | M] () -- C:\Dokumente und Einstellungen\Tischle\NTUSER.DAT
[2010.04.30 00:46:29 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Tischle\ntuser.ini
[2010.04.29 23:17:52 | 000,000,681 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.29 23:14:45 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tischle\Desktop\OTL.exe
[2010.04.29 23:13:39 | 001,042,118 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.29 23:13:39 | 000,448,800 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.04.29 23:13:39 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.29 23:13:39 | 000,080,108 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.04.29 23:13:39 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.29 23:12:29 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2010.04.29 22:15:13 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.29 21:50:04 | 3488,657,408 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010.04.29 21:37:48 | 000,000,265 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010.04.29 21:35:56 | 000,000,810 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.29 21:35:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.29 21:35:56 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.04.29 21:30:14 | 000,001,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.04.29 21:11:33 | 000,161,280 | ---- | M] () -- C:\WINDOWS\Fdotoa.exe
[2010.04.29 17:03:24 | 000,002,745 | ---- | M] () -- C:\sg_backup_2010-04-29-1703.spg
[2010.04.29 17:03:24 | 000,002,745 | ---- | M] () -- C:\FirstBackup.spg
[2010.04.29 17:02:22 | 000,610,304 | ---- | M] (Speed Guide Inc.) -- C:\TCPOptimizer.exe
[2010.04.29 16:19:14 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010.04.29 15:53:01 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk42.sys
[2010.04.28 23:42:37 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{1EC353DC-76D2-415E-838B-BD03C9191616}
[2010.04.28 23:42:02 | 000,001,649 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\D-Link AirPlus Utility.lnk
[2010.04.28 23:39:24 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{C37E1AA8-CD1F-4C9B-82A0-5B726943B887}
[2010.04.28 23:38:05 | 000,000,012 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{C37E1AA8-CD1F-4C9B-82A0-5B726943B887}
[2010.04.28 13:53:17 | 000,000,577 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk
[2010.04.28 13:42:01 | 000,000,910 | ---- | M] () -- C:\Dokumente und Einstellungen\Tischle\Desktop\Spybot - Search & Destroy.lnk
[2010.04.27 13:59:11 | 002,197,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.27 02:45:20 | 000,072,704 | ---- | M] () -- C:\Dokumente und Einstellungen\Tischle\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.26 17:51:09 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.04.26 17:51:09 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.04.26 17:24:44 | 000,027,120 | ---- | M] () -- C:\Dokumente und Einstellungen\Tischle\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.04.25 00:13:43 | 002,115,948 | -H-- | M] () -- C:\Dokumente und Einstellungen\Tischle\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.04.23 09:34:12 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{2E84C127-BE83-4855-AC0C-5F6CFE3EECB1}
[2010.04.21 21:29:55 | 000,445,016 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010.04.21 21:29:55 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010.04.21 20:17:20 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010.04.21 20:17:20 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010.04.21 20:13:18 | 000,001,769 | ---- | M] () -- C:\WINDOWS\Language_trs.ini
[2010.04.21 20:08:20 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[2010.04.19 17:31:45 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{073473D6-3491-4A52-A627-4532F2E21674}
[2010.04.18 18:25:17 | 000,962,254 | ---- | M] () -- C:\Ebene.1Farbe.bmp
[2010.04.16 22:26:30 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.04.15 07:32:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.04.13 08:13:55 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.04.10 01:03:54 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TmNationsForever.lnk
[2010.04.09 00:35:01 | 000,000,615 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Xfire.lnk
[2010.04.02 20:51:26 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\Tischle\Desktop\LDview.lnk
[2010.04.02 20:51:26 | 000,000,644 | ---- | M] () -- C:\Dokumente und Einstellungen\Tischle\Desktop\MLCad.lnk
[2010.04.02 20:50:19 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010.04.02 18:51:04 | 000,008,068 | ---- | M] () -- C:\Dokumente und Einstellungen\Tischle\Desktop\1072058784b59d830c1024.dlc
[2010.03.31 17:23:48 | 000,000,747 | ---- | M] () -- C:\Dokumente und Einstellungen\Tischle\Desktop\JDownloader.lnk
[2010.03.31 17:14:32 | 000,006,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Tischle\Desktop\818137364ae0b0dd0a839.dlc
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.29 23:17:52 | 000,000,681 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.29 21:30:14 | 000,001,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.04.29 21:11:36 | 000,161,280 | ---- | C] () -- C:\WINDOWS\Fdotoa.exe
[2010.04.29 17:03:24 | 000,002,745 | ---- | C] () -- C:\sg_backup_2010-04-29-1703.spg
[2010.04.29 17:03:24 | 000,002,745 | ---- | C] () -- C:\FirstBackup.spg
[2010.04.29 15:53:01 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010.04.28 23:42:37 | 000,003,284 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCS{1EC353DC-76D2-415E-838B-BD03C9191616}
[2010.04.28 23:42:02 | 000,001,649 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\D-Link AirPlus Utility.lnk
[2010.04.28 23:41:58 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{1EC353DC-76D2-415E-838B-BD03C9191616}
[2010.04.28 23:41:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2010.04.28 23:41:35 | 000,016,997 | ---- | C] () -- C:\WINDOWS\System32\ANIO.VXD
[2010.04.28 23:41:23 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2661.bin
[2010.04.28 23:41:23 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2561s.bin
[2010.04.28 23:41:23 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2561.bin
[2010.04.28 13:42:01 | 000,000,910 | ---- | C] () -- C:\Dokumente und Einstellungen\Tischle\Desktop\Spybot - Search & Destroy.lnk
[2010.04.26 17:51:09 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010.04.26 17:51:09 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010.04.25 14:11:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\Sx5363.ini
[2010.04.23 09:49:10 | 000,003,284 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCS{C37E1AA8-CD1F-4C9B-82A0-5B726943B887}
[2010.04.23 09:45:45 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{C37E1AA8-CD1F-4C9B-82A0-5B726943B887}
[2010.04.21 21:04:28 | 000,000,238 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.04.21 20:20:50 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010.04.21 20:17:20 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010.04.21 20:17:20 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010.04.21 20:13:18 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010.04.21 20:08:39 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010.04.21 19:47:16 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{2E84C127-BE83-4855-AC0C-5F6CFE3EECB1}
[2010.04.18 18:25:17 | 000,962,254 | ---- | C] () -- C:\Ebene.1Farbe.bmp
[2010.04.16 22:26:30 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.04.10 01:03:54 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TmNationsForever.lnk
[2010.04.09 00:35:01 | 000,000,615 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Xfire.lnk
[2010.04.02 20:51:26 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\Tischle\Desktop\LDview.lnk
[2010.04.02 20:51:26 | 000,000,644 | ---- | C] () -- C:\Dokumente und Einstellungen\Tischle\Desktop\MLCad.lnk
[2010.04.02 18:50:58 | 000,008,068 | ---- | C] () -- C:\Dokumente und Einstellungen\Tischle\Desktop\1072058784b59d830c1024.dlc
[2010.03.31 17:23:48 | 000,000,747 | ---- | C] () -- C:\Dokumente und Einstellungen\Tischle\Desktop\JDownloader.lnk
[2010.03.31 17:14:32 | 000,006,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Tischle\Desktop\818137364ae0b0dd0a839.dlc
[2010.03.10 02:33:08 | 000,001,445 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2010.03.02 14:50:20 | 003,237,376 | ---- | C] () -- C:\WINDOWS\System32\frysdk32.dll
[2009.12.14 07:03:43 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.11.01 16:07:34 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl
[2009.11.01 16:07:06 | 000,001,480 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg
[2009.11.01 16:07:05 | 000,002,421 | ---- | C] () -- C:\WINDOWS\cmudax3.ini
[2009.10.25 02:17:32 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2009.10.25 02:17:32 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009.10.25 02:17:31 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2009.10.25 02:17:31 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2009.10.25 02:17:31 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2009.10.25 02:17:31 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2009.10.25 02:17:31 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2009.10.25 02:17:31 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2009.10.25 02:17:31 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2009.10.25 02:17:31 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2009.10.22 21:06:52 | 000,000,265 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.10.20 00:16:13 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2009.09.11 12:43:25 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\E3CB24DCAF.dll
[2009.09.01 14:31:28 | 000,000,237 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009.09.01 14:27:31 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.07.14 18:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.04.26 16:05:39 | 004,762,112 | ---- | C] () -- C:\WINDOWS\System32\NCMedia.dll
[2009.04.26 16:05:39 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2009.02.06 22:40:30 | 000,002,162 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009.02.06 20:33:23 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2009.02.06 18:49:10 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.02.06 18:49:07 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.02.06 18:49:07 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.02.06 18:49:06 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.02.06 18:49:05 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.02.06 18:18:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2009.02.06 18:14:30 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2009.02.06 17:54:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008.03.24 16:24:36 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2007.01.10 09:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2006.11.10 15:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006.09.19 06:22:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\LPubRay.dll
[2006.09.09 17:28:52 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
< End of report >
__________________
Alt 29.04.2010, 08:08   #4
Chris4You
 
sdra64.exe ++ - Standard

sdra64.exe ++


Hi,

Java upaten updaten!

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\WINDOWS\Fdotoa.exe
C:\WINDOWS\System32\JJAKEn.dll
C:\WINDOWS\System32\ANIO.VXD
C:\WINDOWS\System32\frysdk32.dll
C:\WINDOWS\System32\E3CB24DCAF.dll
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 29.04.2010, 15:14   #5
silxc
 
sdra64.exe ++ - Standard

sdra64.exe ++


Fdotoa.exe
Zitat:
AhnLab-V3 2010.04.29.05 2010.04.29 -
AntiVir 8.2.1.224 2010.04.29 TR/Dldr.Zlob.cbf
Antiy-AVL 2.0.3.7 2010.04.29 -
Authentium 5.2.0.5 2010.04.29 -
Avast 4.8.1351.0 2010.04.29 Win32:Fraudo
Avast5 5.0.332.0 2010.04.29 Win32:Fraudo
AVG 9.0.0.787 2010.04.29 Fake_AntiSpyware.FAH
BitDefender 7.2 2010.04.29 -
CAT-QuickHeal 10.00 2010.04.29 -
ClamAV 0.96.0.3-git 2010.04.29 -
Comodo 4710 2010.04.29 -
DrWeb 5.0.2.03300 2010.04.29 Trojan.DownLoad1.55745
eSafe 7.0.17.0 2010.04.29 -
eTrust-Vet 35.2.7457 2010.04.29 -
F-Prot 4.5.1.85 2010.04.29 -
F-Secure 9.0.15370.0 2010.04.29 Suspicious:W32/Malware!Gemini
Fortinet 4.0.14.0 2010.04.27 -
GData 21 2010.04.29 Win32:Fraudo
Ikarus T3.1.1.80.0 2010.04.29 -
Jiangmin 13.0.900 2010.04.29 -
Kaspersky 7.0.0.125 2010.04.29 -
McAfee 5.400.0.1158 2010.04.29 -
McAfee-GW-Edition 6.8.5 2010.04.29 Trojan.Dldr.Zlob.cbf
Microsoft 1.5703 2010.04.29 -
NOD32 5072 2010.04.29 a variant of Win32/Kryptik.EAE
Norman 6.04.12 2010.04.29 -
nProtect 2010-04-29.01 2010.04.29 -
Panda 10.0.2.7 2010.04.28 Suspicious file
PCTools 7.0.3.5 2010.04.29 -
Prevx 3.0 2010.04.29 High Risk Cloaked Malware
Rising 22.45.03.03 2010.04.29 -
Sophos 4.53.0 2010.04.29 Mal/FakeAV-CX
Sunbelt 6235 2010.04.28 VirTool.Win32.Obfuscator.hg!b (v)
Symantec 20091.2.0.41 2010.04.29 Trojan.FakeAV!gen24
TheHacker 6.5.2.0.272 2010.04.29 -
TrendMicro 9.120.0.1004 2010.04.29 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.29 -
VBA32 3.12.12.4 2010.04.29 -
ViRobot 2010.4.27.2295 2010.04.28 -
VirusBuster 5.0.27.0 2010.04.29 Trojan.Codecpack.Gen.4
weitere Informationen
File size: 161280 bytes
MD5...: f85319ea9a81489f7325270056d52d1f
SHA1..: 9bdf20ff86b6a1301c7c4cfa328bfc9a6cbf2607
SHA256: 3199587107b162c52b2ba26702aacf664b895f2e5b07510bbd07179758f475e6
ssdeep: 3072:BHIrYiqLXZIbzMpDvz+uDpDshuddm8cvTVJliG:+MLRDvROunNCVri
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4c7e
timedatestamp.....: 0x4a8df018 (Fri Aug 21 00:53:44 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8a4e 0x8c00 6.00 68e84b116182ff38e5ab79f7620a5247
.rdata 0xa000 0x1d449 0x1d600 7.44 d1b6c195b511cd0080347350f65135a2
.init 0x28000 0xb7 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
DATA 0x29000 0x1b456 0x600 0.00 53e979547d8c2ea86560ac45de08ae25
.edata 0x45000 0x466 0x600 0.25 92b89d40966b0cd999fa5a64a79f35d5

( 7 imports )
> kernel32.dll: lstrcpynA, SetHandleCount, LockResource, GetACP, RaiseException, GetCurrentProcessId, SetLastError, DeleteFileA, EnterCriticalSection, GetCPInfo, GetFileType, SetFilePointer, CloseHandle, FreeLibrary, LocalReAlloc, GetStartupInfoA, GetFileSize, lstrlenA, LoadLibraryExA, GetStringTypeA, VirtualFree, GetSystemDefaultLangID, CreateFileA, lstrcatA, FindResourceA, GetDateFormatA, GetVersionExA, HeapDestroy, VirtualQuery, LocalFree, GetCurrentThreadId, GlobalAddAtomA, GetUserDefaultLCID, GetVersion, GetTickCount, GetFullPathNameA, CreateEventA, WaitForSingleObject, GetProcessHeap, VirtualAlloc, WriteFile, DeleteCriticalSection, GetLastError, MoveFileA, ResetEvent, GetOEMCP, GetLocaleInfoA, GetStringTypeW, lstrcmpA, GetDiskFreeSpaceA, WideCharToMultiByte, GetModuleFileNameA, MoveFileExA, lstrcmpiA, lstrcpyA, GetModuleHandleA, FreeResource, LoadResource, HeapFree, GlobalDeleteAtom, LoadLibraryA, CompareStringA, GlobalFindAtomA, ReadFile, Sleep
> msvcrt.dll: asin, memcpy, strcmp, calloc
> oleaut32.dll: VariantChangeType, RegisterTypeLib, GetErrorInfo, SafeArrayUnaccessData, OleLoadPicture, VariantCopyInd
> version.dll: VerQueryValueA, VerInstallFileA, GetFileVersionInfoA
> COMDLG32.DLL: ChooseColorA
> user32.dll: GetIconInfo, DrawFrameControl, DrawIconEx, GetClipboardData, GetClientRect, GetScrollInfo, GetForegroundWindow, GetFocus, GetClassLongA, GetSysColorBrush, BeginDeferWindowPos, DeferWindowPos, GetMenuItemCount, IsChild, GetDCEx, HideCaret, EnumWindows, DispatchMessageA, GetCursor, GetClassInfoA, CreatePopupMenu, CharNextA, GetDC, GetKeyNameTextA, MessageBoxA, GetCursorPos, GetCapture, CallWindowProcA, GetDesktopWindow, GetDlgItem, GetActiveWindow
> OLE32.DLL: OleCreateStaticFromData, CLSIDFromProgID, CoReleaseMarshalData

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
<a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=9BA8ACD2002995D7766902E828089300148B6AF0' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=9BA8ACD2002995D7766902E828089300148B6AF0</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
JJaken.dll
Zitat:
MD5: b9fecd748f2d0096bcf1da11579eba13
First received: 2007.02.15 18:09:47 UTC
Datum 2010.03.23 19:33:25 UTC [>36D]
Ergebnisse 0/42
ANIO.vxd
Zitat:
0/41
File size: 16997 bytes
MD5...: ee2e0325a6053991c0d2c117841e4b38
SHA1..: 848452dd59df01a9ae5029f719928d418d64bf63
SHA256: 8f8d9fb4131335b78a6c43bb32b574d4381b87562316442a6fbe5dfcca336648
ssdeep: 192:FXWNN6KEj5o4YV2dYk8InpG+HlZtY7dOT0j3wB8YUfEYGtlzd6pGIIP:FXWN
N6x+rV2KO7HlZOpOT8YUfE3spS
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.5%)
DOS Executable Generic (49.5%)
VXD Driver (0.7%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
frysdk32.dll
Zitat:
0/41
File size: 3237376 bytes
MD5...: c9fc164155fabb4cd60b9b8d0ddb4557
SHA1..: fdd7997db29083869efe27eaa5ddbef117130eb5
SHA256: a6264c48e97068e90ec5dd929e09019f0a3c2205afa4b1a46e0901678be3f05c
ssdeep: 49152:l/UktC5yzL7vGyPaFZI+IZDGlj1BIbCTxxe9pXLf2N9h:l/UkYI7vGyPGI
JG11TMbLf2N
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x12246c
timedatestamp.....: 0x49c513e4 (Sat Mar 21 16:20:52 2009)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x14aeab 0x14b000 6.52 48473c4ab4a56508ab94e7a8c8f7ecf0
.text1 0x14c000 0x5110 0x5200 5.61 4347b17bfe1e66b49615a9b9b6a6d705
.rdata 0x152000 0x48b84 0x48c00 5.47 a7abf295df6285837ddb60b2ef9756c6
.data 0x19b000 0x19935c 0x150000 6.90 800aedcf817dd96b5dc239df0da67d3c
.data1 0x335000 0x14cc8 0x14e00 3.51 39f2d49fe632180806512c2ea2876f15
.trace 0x34a000 0x4398 0x4400 5.92 b430d8f21f5ec2d76152bd5a8fa1dd99
.reloc 0x34f000 0x1400e 0x14200 5.78 6c99d0bb3479c3c361ad93982e4f1f58

( 7 imports )
> KERNEL32.dll: DeleteFileA, QueryPerformanceCounter, GetTickCount, Sleep, SetThreadAffinityMask, GetCurrentThread, GetProcessAffinityMask, GetCurrentProcess, GetProcAddress, GetModuleHandleA, GetCommandLineA, GetModuleFileNameA, GetTempPathA, FindClose, FindNextFileA, FindFirstFileA, MultiByteToWideChar, WaitForSingleObject, CreateThread, GlobalUnlock, GlobalLock, GlobalAlloc, GlobalSize, GlobalFree, InterlockedDecrement, InterlockedIncrement, CloseHandle, CreateMutexA, ReleaseMutex, ReadFile, WriteFile, SetFilePointer, GetFileSize, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, CreateFileA, LocalFree, LocalAlloc, lstrlenA, FormatMessageA, LoadLibraryA, GetThreadLocale, RtlUnwind, GetCurrentDirectoryA, GetLastError, HeapFree, GetCurrentThreadId, HeapReAlloc, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RaiseException, GetModuleHandleW, ExitProcess, EnterCriticalSection, LeaveCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapSize, DeleteCriticalSection, VirtualFree, VirtualAlloc, HeapCreate, HeapDestroy, GetStdHandle, SetHandleCount, GetFileType, GetStartupInfoA, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, GetCurrentProcessId, GetSystemTimeAsFileTime, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, FlushFileBuffers, InitializeCriticalSectionAndSpinCount, SetCurrentDirectoryA, SetStdHandle, GetStringTypeA, GetStringTypeW, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CompareStringA, CompareStringW, SetEnvironmentVariableA, SetEndOfFile, GetProcessHeap, HeapAlloc, GetLocaleInfoA
> USER32.dll: GetClientRect, EndPaint, BeginPaint, SetWindowLongA, GetWindowLongA, DefWindowProcA, SendMessageA, GetDlgItem, KillTimer, SetTimer, GetParent, GetWindowTextA, SetWindowTextA, SetWindowPos, MoveWindow, IsWindow, ShowWindow, EnableWindow, IsWindowEnabled, GetWindowRect, SetRect, GetSystemMetrics, DestroyWindow, MapWindowPoints, CreateDialogIndirectParamA, CreateWindowExA, RegisterClassA, LoadCursorA, GetClassInfoA, InvalidateRect, ReleaseCapture, SetCapture, InflateRect, GetKeyState, ScreenToClient, ReleaseDC, GetDC, FillRect, SetCursorPos, DestroyCursor, OffsetRect, IsRectEmpty, GetFocus, wvsprintfA, wsprintfA, MessageBoxA, EndDialog, GetCursorPos, PtInRect, WindowFromPoint, SetCursor, SetFocus, DialogBoxIndirectParamA
> GDI32.dll: CreateFontA, CreateSolidBrush, DeleteObject, SetBkMode, SetTextAlign, TextOutA, SetStretchBltMode, StretchDIBits, SelectObject, GetTextExtentPoint32A, CreateRectRgn, SelectClipRgn, SetTextColor, SetBkColor
> COMDLG32.dll: GetSaveFileNameA, GetOpenFileNameA
> ADVAPI32.dll: RegSetValueA, RegQueryValueA
> SHELL32.dll: SHCreateDirectoryExA, SHBrowseForFolderA, ShellExecuteA, SHGetMalloc, SHGetPathFromIDListA
> ole32.dll: RevokeDragDrop, RegisterDragDrop, DoDragDrop, ReleaseStgMedium

( 295 exports )
__0frysdk_camera_c@@QAE@ABV0@@Z, __0frysdk_camera_c@@QAE@XZ, __0frysdk_dumper_c@@QAE@ABV0@@Z, __0frysdk_dumper_c@@QAE@XZ, __0frysdk_env_c@@QAE@ABV0@@Z, __0frysdk_env_c@@QAE@XZ, __0frysdk_img_c@@QAE@ABV0@@Z, __0frysdk_img_c@@QAE@XZ, __0frysdk_log_c@@QAE@ABV0@@Z, __0frysdk_log_c@@QAE@XZ, __0frysdk_material_c@@QAE@ABV0@@Z, __0frysdk_material_c@@QAE@XZ, __0frysdk_obj_c@@QAE@ABV0@@Z, __0frysdk_obj_c@@QAE@XZ, __0frysdk_pblocky_c@@QAE@ABV0@@Z, __0frysdk_pblocky_c@@QAE@XZ, __0frysdk_pxy_c@@QAE@ABV0@@Z, __0frysdk_pxy_c@@QAE@HM@Z, __0frysdk_ren_c@@QAE@ABV0@@Z, __0frysdk_ren_c@@QAE@XZ, __0frysdk_scene_c@@QAE@ABV0@@Z, __0frysdk_scene_c@@QAE@_N@Z, __0frysdk_wrapper_c@@QAE@ABV0@@Z, __0frysdk_wrapper_c@@QAE@XZ, __1frysdk_camera_c@@UAE@XZ, __1frysdk_dumper_c@@UAE@XZ, __1frysdk_env_c@@UAE@XZ, __1frysdk_img_c@@UAE@XZ, __1frysdk_log_c@@UAE@XZ, __1frysdk_material_c@@UAE@XZ, __1frysdk_obj_c@@UAE@XZ, __1frysdk_pblocky_c@@UAE@XZ, __1frysdk_pxy_c@@UAE@XZ, __1frysdk_ren_c@@UAE@XZ, __1frysdk_scene_c@@UAE@XZ, __1frysdk_wrapper_c@@UAE@XZ, __4frysdk_camera_c@@QAEAAV0@ABV0@@Z, __4frysdk_dumper_c@@QAEAAV0@ABV0@@Z, __4frysdk_env_c@@QAEAAV0@ABV0@@Z, __4frysdk_img_c@@QAEAAV0@ABV0@@Z, __4frysdk_log_c@@QAEAAV0@ABV0@@Z, __4frysdk_material_c@@QAEAAV0@ABV0@@Z, __4frysdk_obj_c@@QAEAAV0@ABV0@@Z, __4frysdk_pblocky_c@@QAEAAV0@ABV0@@Z, __4frysdk_pxy_c@@QAEAAV0@ABV0@@Z, __4frysdk_ren_c@@QAEAAV0@ABV0@@Z, __4frysdk_scene_c@@QAEAAV0@ABV0@@Z, __4frysdk_wrapper_c@@QAEAAV0@ABV0@@Z, ___7frysdk_camera_c@@6B@, ___7frysdk_dumper_c@@6B@, ___7frysdk_env_c@@6B@, ___7frysdk_img_c@@6B@, ___7frysdk_log_c@@6B@, ___7frysdk_material_c@@6B@, ___7frysdk_obj_c@@6B@, ___7frysdk_pblocky_c@@6B@, ___7frysdk_pxy_c@@6B@, ___7frysdk_ren_c@@6B@, ___7frysdk_scene_c@@6B@, ___7frysdk_wrapper_c@@6B@, _about@frysdk_ren_c@@SAXPAUHINSTANCE__@@PAUHWND__@@PAD2@Z, _add_default_layer@frysdk_material_c@@QAEXXZ, _add_layer@frysdk_material_c@@QAEXPAD@Z, _add_t@frysdk_scene_c@@QAEXPAXHHHNNNNNNNNNNNNNNNNNN@Z, _add_v@frysdk_scene_c@@QAEXNNN@Z, _begin_frame@frysdk_scene_c@@QAEXXZ, _begin_node@frysdk_scene_c@@QAEXNNNNNNNNN@Z, _begin_scene@frysdk_scene_c@@QAE_NPAVfrysdk_log_c@@@Z, _cam_hfov@frysdk_scene_c@@QAENHH@Z, _cam_name@frysdk_scene_c@@QAEXHHPAD@Z, _cam_pos@frysdk_scene_c@@QAEXHHAAVfrysdk_dvec3_c@@@Z, _cam_strf@frysdk_scene_c@@QAEXHHAAVfrysdk_dvec3_c@@@Z, _cam_vfov@frysdk_scene_c@@QAENHHMM@Z, _cam_wfwd@frysdk_scene_c@@QAEXHHAAVfrysdk_dvec3_c@@@Z, _change_camera@frysdk_scene_c@@QAEXH@Z, _clear@frysdk_material_c@@QAEXXZ, _copy@frysdk_env_c@@UAEXPAVfrysdk_pblocky_c@@@Z, _copy@frysdk_material_c@@UAEXPAV1@@Z, _copy@frysdk_obj_c@@UAEXPAVfrysdk_pblocky_c@@@Z, _copy@frysdk_pblocky_c@@UAEXPAV1@@Z, _copy@frysdk_ren_c@@UAEXPAVfrysdk_pblocky_c@@@Z, _create@frysdk_img_c@@QAEXHH@Z, _create_camera@frysdk_scene_c@@QAEXHPADMMMMMMMMMPAVfrysdk_camera_c@@@Z, _create_material@frysdk_scene_c@@QAEXHPAX@Z, _create_material@frysdk_scene_c@@QAEXHPAXPADPAVfrysdk_material_c@@@Z, _create_material_editor@frysdk_material_c@@QAEPAXPAUHWND__@@_NP6AXJ@ZJ@Z, _cuid_bumpmap@frysdk_material_c@@QAEIH@Z, _cuid_diffuse@frysdk_material_c@@QAEIH@Z, _cuid_ref0map@frysdk_material_c@@QAEIH@Z, _cuid_ref1map@frysdk_material_c@@QAEIH@Z, _cuid_rougmap@frysdk_material_c@@QAEIH@Z, _cuid_weigmap@frysdk_material_c@@QAEIH@Z, _destroy_material_editor@frysdk_material_c@@SAXPAX@Z, _display@frysdk_log_c@@QAE_NPAUHINSTANCE__@@PAUHWND__@@_N@Z, _done@frysdk_log_c@@QAEXXZ, _end_frame@frysdk_scene_c@@QAEXPAVfrysdk_log_c@@@Z, _end_node@frysdk_scene_c@@QAEXHPAD_NAAH2PAVfrysdk_obj_c@@PAVfrysdk_log_c@@@Z, _end_scene@frysdk_scene_c@@QAEXXZ, _error@frysdk_log_c@@QAAXPADZZ, _errors@frysdk_log_c@@QAEHXZ, _get_alias@frysdk_material_c@@QAEXPAD@Z, _get_anim_mode@frysdk_ren_c@@QAE_AW4ANIM_MODE@1@XZ, _get_basic_abbe@frysdk_material_c@@QAEMH@Z, _get_basic_absorption@frysdk_material_c@@QAEMH@Z, _get_basic_anisotropy@frysdk_material_c@@QAEMH@Z, _get_basic_bump_factor@frysdk_material_c@@QAEMH@Z, _get_basic_color0_rgb@frysdk_material_c@@QAEKH@Z, _get_basic_color1_rgb@frysdk_material_c@@QAEKH@Z, _get_basic_nd@frysdk_material_c@@QAEMH@Z, _get_basic_rotation@frysdk_material_c@@QAEMH@Z, _get_basic_roughness@frysdk_material_c@@QAEMH@Z, _get_basic_use_abbe@frysdk_material_c@@QAE_NH@Z, _get_basic_use_absorption@frysdk_material_c@@QAE_NH@Z, _get_basic_use_xmittance@frysdk_material_c@@QAEHH@Z, _get_data@frysdk_material_c@@QAEPAXXZ, _get_diffuse@frysdk_material_c@@QAEKH@Z, _get_emitter_efficacy@frysdk_material_c@@QAEMH@Z, _get_emitter_intensity@frysdk_material_c@@QAEMH@Z, _get_env@frysdk_scene_c@@QAEXPAVfrysdk_env_c@@@Z, _get_film@frysdk_camera_c@@QAEHXZ, _get_fnumber@frysdk_camera_c@@QAEMXZ, _get_fps@frysdk_ren_c@@QAEHXZ, _get_geo_location@frysdk_env_c@@QAEXPAH000@Z, _get_heading@frysdk_env_c@@QAEHXZ, _get_hfov@frysdk_camera_c@@QAEMXZ, _get_internal@frysdk_wrapper_c@@UAEPAXXZ, _get_lens@frysdk_camera_c@@QAEMXZ, _get_material_thumbnail@frysdk_scene_c@@QAEXPAVfrysdk_img_c@@HHH@Z, _get_maxpasses@frysdk_ren_c@@QAE_NAAH@Z, _get_maxtime@frysdk_ren_c@@QAE_NAAH00@Z, _get_moblur@frysdk_camera_c@@QAE_NXZ, _get_name@frysdk_material_c@@QAEXPAD@Z, _get_num_tris@frysdk_pxy_c@@QAEHXZ, _get_obj_properties@frysdk_scene_c@@QAEXHHPAVfrysdk_obj_c@@@Z, _get_offset_x@frysdk_pxy_c@@QAEMXZ, _get_offset_y@frysdk_pxy_c@@QAEMXZ, _get_offset_z@frysdk_pxy_c@@QAEMXZ, _get_path@frysdk_ren_c@@QAEXPAD@Z, _get_ren@frysdk_scene_c@@QAEXPAVfrysdk_ren_c@@@Z, _get_resolution@frysdk_ren_c@@QAEXAAH0@Z, _get_rgb@frysdk_img_c@@QAEKHH@Z, _get_scale@frysdk_scene_c@@QAENXZ, _get_shiftfilmx@frysdk_camera_c@@QAEHXZ, _get_shiftfilmy@frysdk_camera_c@@QAEHXZ, _get_speed@frysdk_camera_c@@QAEMXZ, _get_sun_date@frysdk_env_c@@QAEXPAH00@Z, _get_sun_dir@frysdk_env_c@@QAEXAAVfrysdk_dvec3_c@@@Z, _get_sun_time@frysdk_env_c@@QAEXPAH00@Z, _get_targetdist@frysdk_camera_c@@QAEMXZ, _get_thumbnail_size@frysdk_material_c@@QAEXAAUtagSIZE@@@Z, _get_use_zclip@frysdk_camera_c@@QAE_NXZ, _get_v@frysdk_scene_c@@QAEPANH@Z, _get_weight@frysdk_material_c@@QAEHH@Z, _get_zclip@frysdk_camera_c@@QAEMXZ, _h@frysdk_img_c@@QAEHXZ, _ignition@frysdk_ren_c@@QAEXXZ, _is_active_bumpmap@frysdk_material_c@@QAE_NH@Z, _is_active_diffuse@frysdk_material_c@@QAE_NH@Z, _is_active_opacity@frysdk_material_c@@QAE_NXZ, _is_active_ref0map@frysdk_material_c@@QAE_NH@Z, _is_active_ref1map@frysdk_material_c@@QAE_NH@Z, _is_active_rougmap@frysdk_material_c@@QAE_NH@Z, _is_active_weigmap@frysdk_material_c@@QAE_NH@Z, _is_basic@frysdk_material_c@@QAE_NH@Z, _is_coat@frysdk_material_c@@QAE_NH@Z, _is_emitter@frysdk_material_c@@QAE_NH@Z, _is_ghost@frysdk_material_c@@QAE_NXZ, _is_group@frysdk_material_c@@QAE_NH@Z, _is_sss@frysdk_material_c@@QAE_NH@Z, _is_xmit@frysdk_material_c@@QAE_NH@Z, _load@frysdk_camera_c@@UAE_NPAVfrysdk_dumper_c@@@Z, _load@frysdk_env_c@@UAE_NPAVfrysdk_dumper_c@@@Z, _load@frysdk_material_c@@UAE_NPAVfrysdk_dumper_c@@@Z, _load@frysdk_obj_c@@UAE_NPAVfrysdk_dumper_c@@@Z, _load@frysdk_ren_c@@UAE_NPAVfrysdk_dumper_c@@@Z, _load@frysdk_scene_c@@QAE_NPAD@Z, _load_frm@frysdk_material_c@@QAE_NPAD@Z, _load_pblock@frysdk_pblocky_c@@IAE_NPAVfrysdk_dumper_c@@PAX@Z, _load_pblocky@frysdk_pblocky_c@@IAE_NPAVfrysdk_dumper_c@@PAX@Z, _make_company_logo@frysdk_img_c@@QAEXXZ, _make_fryrender_logo@frysdk_img_c@@QAEXXZ, _message@frysdk_log_c@@QAEXW4MSG_ID@1@PAD@Z, _messagebox@frysdk_log_c@@SA_NPAUHWND__@@W4MSB_ID@1@@Z, _nc@frysdk_scene_c@@QAEHH@Z, _nf@frysdk_scene_c@@QAEHXZ, _nl@frysdk_material_c@@QAEHXZ, _nm@frysdk_scene_c@@QAEHXZ, _no@frysdk_scene_c@@QAEHH@Z, _obj_name@frysdk_scene_c@@QAEXHHPAD@Z, _obj_nm@frysdk_scene_c@@QAEHHH@Z, _obj_nt@frysdk_scene_c@@QAEHHHH@Z, _obj_nv@frysdk_scene_c@@QAEHHHH@Z, _obj_tN@frysdk_scene_c@@QAEXHHHHHAAVfrysdk_dvec3_c@@@Z, _obj_tt@frysdk_scene_c@@QAEXHHHHHAAVfrysdk_dvec2_c@@@Z, _obj_tv@frysdk_scene_c@@QAEHHHHHH@Z, _obj_v@frysdk_scene_c@@QAEXHHHHAAVfrysdk_dvec3_c@@@Z, _obj_vB@frysdk_scene_c@@QAEXHHHHAAVfrysdk_dvec3_c@@@Z, _obj_vT@frysdk_scene_c@@QAEXHHHHAAVfrysdk_dvec3_c@@@Z, _open_editor@frysdk_camera_c@@UAEXPAUHINSTANCE__@@PAUHWND__@@@Z, _open_editor@frysdk_env_c@@UAEXPAUHINSTANCE__@@PAUHWND__@@@Z, _open_editor@frysdk_material_c@@UAEXPAUHINSTANCE__@@PAUHWND__@@@Z, _open_editor@frysdk_obj_c@@UAEXPAUHINSTANCE__@@PAUHWND__@@@Z, _open_editor@frysdk_pblocky_c@@UAEXPAUHINSTANCE__@@PAUHWND__@@@Z, _open_editor@frysdk_pxy_c@@QAEXPAUHINSTANCE__@@PAUHWND__@@@Z, _open_editor@frysdk_ren_c@@UAEXPAUHINSTANCE__@@PAUHWND__@@@Z, _open_editor_sky@frysdk_env_c@@UAEXPAUHINSTANCE__@@PAUHWND__@@@Z, _printf@frysdk_log_c@@QAAXPADZZ, _reset@frysdk_log_c@@QAEXXZ, _sample_bumpmap@frysdk_material_c@@QAEEHMM@Z, _sample_diffuse@frysdk_material_c@@QAEKHMM@Z, _sample_opacity@frysdk_material_c@@QAEEMM@Z, _sample_ref0map@frysdk_material_c@@QAEKHMM@Z, _sample_ref1map@frysdk_material_c@@QAEKHMM@Z, _sample_rougmap@frysdk_material_c@@QAEEHMM@Z, _sample_weigmap@frysdk_material_c@@QAEEHMM@Z, _save@frysdk_camera_c@@UAE_NPAVfrysdk_dumper_c@@@Z, _save@frysdk_env_c@@UAE_NPAVfrysdk_dumper_c@@@Z, _save@frysdk_img_c@@QAE_NPADH@Z, _save@frysdk_log_c@@QAE_NPAD0@Z, _save@frysdk_material_c@@UAE_NPAVfrysdk_dumper_c@@@Z, _save@frysdk_obj_c@@UAE_NPAVfrysdk_dumper_c@@@Z, _save@frysdk_ren_c@@UAE_NPAVfrysdk_dumper_c@@@Z, _save@frysdk_scene_c@@QAE_NPAD_N@Z, _save_pblock@frysdk_pblocky_c@@IAE_NPAVfrysdk_dumper_c@@PAX@Z, _save_pblocky@frysdk_pblocky_c@@IAE_NPAVfrysdk_dumper_c@@PAXH@Z, _set_alias@frysdk_material_c@@QAEXHPAD@Z, _set_alias@frysdk_material_c@@QAEXPAD@Z, _set_autofocus@frysdk_camera_c@@QAEX_N@Z, _set_basic_abbe@frysdk_material_c@@QAEXHM@Z, _set_basic_absorption@frysdk_material_c@@QAEXHM@Z, _set_basic_anisotropy@frysdk_material_c@@QAEXHM@Z, _set_basic_anisotropy_map@frysdk_material_c@@QAEXHPAD@Z, _set_basic_bump_factor@frysdk_material_c@@QAEXHM@Z, _set_basic_bump_map@frysdk_material_c@@QAEXHPAD@Z, _set_basic_color0_map@frysdk_material_c@@QAEXHPAD@Z, _set_basic_color0_rgb@frysdk_material_c@@QAEXHK@Z, _set_basic_color1_map@frysdk_material_c@@QAEXHPAD@Z, _set_basic_color1_rgb@frysdk_material_c@@QAEXHK@Z, _set_basic_nd@frysdk_material_c@@QAEXHM@Z, _set_basic_rotation@frysdk_material_c@@QAEXHM@Z, _set_basic_rotation_map@frysdk_material_c@@QAEXHPAD@Z, _set_basic_roughness@frysdk_material_c@@QAEXHM@Z, _set_basic_roughness_map@frysdk_material_c@@QAEXHPAD@Z, _set_basic_use_abbe@frysdk_material_c@@QAEXH_N@Z, _set_basic_use_absorption@frysdk_material_c@@QAEXH_N@Z, _set_basic_use_xmittance@frysdk_material_c@@QAEXHH@Z, _set_basic_xmittance_map@frysdk_material_c@@QAEXHPAD@Z, _set_basic_xmittance_rgb@frysdk_material_c@@QAEXHK@Z, _set_channel_ao@frysdk_ren_c@@QAEX_NM@Z, _set_channel_mask@frysdk_ren_c@@QAEX_N@Z, _set_displacement_map@frysdk_material_c@@QAEXPAD@Z, _set_emitter_color_map@frysdk_material_c@@QAEXHPAD@Z, _set_emitter_color_rgb@frysdk_material_c@@QAEXHK@Z, _set_emitter_efficacy@frysdk_material_c@@QAEXHM@Z, _set_emitter_intensity@frysdk_material_c@@QAEXHM@Z, _set_env@frysdk_scene_c@@QAEXPAVfrysdk_env_c@@@Z, _set_film@frysdk_camera_c@@QAEXH@Z, _set_fnumber@frysdk_camera_c@@QAEXM@Z, _set_geo_location@frysdk_env_c@@QAEXHHHH@Z, _set_heading@frysdk_env_c@@QAEXH@Z, _set_hfov@frysdk_camera_c@@QAEXM@Z, _set_instance@frysdk_obj_c@@QAEXPAD@Z, _set_lens@frysdk_camera_c@@QAEXM@Z, _set_map@frysdk_material_c@@AAEXPAXPADM@Z, _set_mask@frysdk_obj_c@@QAEX_N@Z, _set_material@frysdk_scene_c@@QAEXHHH@Z, _set_matte@frysdk_obj_c@@QAEX_N@Z, _set_maxpasses@frysdk_ren_c@@QAEX_NH@Z, _set_maxtime@frysdk_ren_c@@QAEX_NHHH@Z, _set_moblur@frysdk_camera_c@@QAEX_N@Z, _set_moving@frysdk_obj_c@@QAEX_N@Z, _set_obj_properties@frysdk_scene_c@@QAEXHHPAVfrysdk_obj_c@@@Z, _set_opacity_map@frysdk_material_c@@QAEXPAD@Z, _set_output_dsi@frysdk_ren_c@@QAEXPAD@Z, _set_output_rgb@frysdk_ren_c@@QAEXPAD@Z, _set_path@frysdk_ren_c@@QAEXPAD@Z, _set_pixel@frysdk_material_c@@QAEXHHK@Z, _set_ren@frysdk_scene_c@@QAEXPAVfrysdk_ren_c@@@Z, _set_resolution@frysdk_ren_c@@QAEXHH@Z, _set_rgb@frysdk_img_c@@QAEXHHK@Z, _set_shiftfilmx@frysdk_camera_c@@QAEXH@Z, _set_shiftfilmy@frysdk_camera_c@@QAEXH@Z, _set_speed@frysdk_camera_c@@QAEXM@Z, _set_sun_date@frysdk_env_c@@QAEXHHH@Z, _set_sun_dir@frysdk_env_c@@QAEXAAVfrysdk_dvec3_c@@@Z, _set_sun_time@frysdk_env_c@@QAEXHHH@Z, _set_targetdist@frysdk_camera_c@@QAEXM@Z, _set_tiny@frysdk_material_c@@QAEX_N@Z, _set_twosided@frysdk_material_c@@QAEX_N@Z, _set_use_zclip@frysdk_camera_c@@QAEX_N@Z, _set_weight@frysdk_material_c@@QAEXHH@Z, _set_zclip@frysdk_camera_c@@QAEXM@Z, _w@frysdk_img_c@@QAEHXZ, _warning@frysdk_log_c@@QAAXPADZZ, _warnings@frysdk_log_c@@QAEHXZ
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
E3CB24DCAF.dll
Zitat:
0/41
File size: 80 bytes
MD5...: f34913baa1bf42f48165508a848e7307
SHA1..: ad8784e2da19cfbb7e1f35897b13961fd6a96239
SHA256: 085f99ec61364b5cbb6b2dcc4d153be6f8bb3eb3419e001a3ea8cdda926431f5
ssdeep: 3:sl1n79D/XtlhUr4xqlchY7Ln:Et79DA6Un
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: MS Flight Simulator Aircraft Performance Info (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


Alt 29.04.2010, 20:43   #6
Chris4You
 
sdra64.exe ++ - Standard

sdra64.exe ++


Hi,
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
Code:
ATTFilter
:OTL

[2010.04.29 21:11:36 | 000,161,280 | ---- | C] () -- C:\WINDOWS\Fdotoa.exe

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Poste noch das Gmer-Log...

chris
__________________
--> sdra64.exe ++

Antwort

Themen zu sdra64.exe ++
.dll, adobe, asus, besitzer, bho, bonjour, computer, dateien, down, explorer, hijack, hijackthis, hkus\s-1-5-18, hotkey, internet, internet explorer, logfile, micro, opera, programme, software, sp3, system, temp, windows, windows xp, wireless


« Explorer stirbt kurzzeitig... ist mein XP Krank? | IE oeffnet automatisch mit Werbung »


Ähnliche Themen: sdra64.exe ++


  1. sdra64.exe
    Plagegeister aller Art und deren Bekämpfung - 03.05.2015 (1)
  2. sdra64.exe auf dem laptop aber malwarebytes stürzt ab.
    Plagegeister aller Art und deren Bekämpfung - 26.01.2012 (21)
  3. SDRA64.exe, Trojan-Downloader.Win32.Piker.ciq
    Plagegeister aller Art und deren Bekämpfung - 26.07.2010 (10)
  4. C:\WINDOWS\system32\sdra64.exe u.v.a.
    Plagegeister aller Art und deren Bekämpfung - 25.07.2010 (3)
  5. Trojaner sdra64
    Plagegeister aller Art und deren Bekämpfung - 19.07.2010 (12)
  6. sdra64.exe wird andauernd von Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (2)
  7. trojan.js agent apa /sdra64.exe
    Plagegeister aller Art und deren Bekämpfung - 29.05.2010 (3)
  8. sdra64.exe
    Plagegeister aller Art und deren Bekämpfung - 28.05.2010 (15)
  9. sdra64.exe
    Plagegeister aller Art und deren Bekämpfung - 20.05.2010 (28)
  10. sdra64 entfernen, aber wie?
    Plagegeister aller Art und deren Bekämpfung - 20.05.2010 (6)
  11. sdra64.exe und andere Trojaner
    Log-Analyse und Auswertung - 01.05.2010 (13)
  12. Infektion durch Exploit mit sdra64.exe
    Plagegeister aller Art und deren Bekämpfung - 29.04.2010 (20)
  13. C:\WINDOWS\system32\sdra64.exe mit TR/Spy.ZBot.ahgi infiziert
    Log-Analyse und Auswertung - 19.04.2010 (12)
  14. sdra64.exe, msmsgrs.exe
    Plagegeister aller Art und deren Bekämpfung - 08.04.2010 (10)
  15. sdra64.exe... was nun?
    Plagegeister aller Art und deren Bekämpfung - 24.03.2010 (1)
  16. Windows Vista: Desktop schwarz und sdra64.exe
    Log-Analyse und Auswertung - 11.01.2010 (1)
  17. TR/Dropper.Gen in twex.exe, twext.exe und sdra64.exe + mehr
    Plagegeister aller Art und deren Bekämpfung - 15.11.2009 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema sdra64.exe ++ - Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:26:37, on 29.4.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe - sdra64.exe ++...
Archiv
Du betrachtest: sdra64.exe ++ auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131