| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AntispywaresoftWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.06.2010, 08:42
| #1 |
| |  Antispywaresoft Hallo liebe Community, gestern habe ich mir zum 1.mal was richtig böses auf meinem Rechner eingefangen.Es handelt sich hierbei um diese Antispywaresoft Malware,die einem Angst einjagen soll,das der Pc infiziert ist und man deren Produkt kaufen soll. Ich hoffe der eigene Thread ist nicht grundsätzlich falsch,zwar schon vorhanden,aber doch meist individuell ausgelegt. Habe mich auch schon hier im Forum belesen bzw. bei Google! Gestern war ich bei Google Bilder anschauen,als mir plötzlich AntiVir eine Warnung ausgab,habe zwar immer auf Quarantäne und Löschen geklickt,muß aber irgendwie auf das Bild gekommen sein. Fazit: Pc war infiziert,konnte keine Programe,Internet usw. mehr starten,wurde sofort auf deren Seite weitergeleitet. Hab dann im abgesicherten Modus mit Netzwerkeingabe gestartet,habe mir folgendes runtergeladen: 1. Spyware Doctor 2. Malwarebytes 3. Spysweeper 4. Hijack Das Problem bei Spyware Doctor und Spysweeper ist,das man ohne echten Kauft keine Option zum Löschen hat,nur zum Suchen.Da ich keine Visa habe und die nur das als Zahlungsmitteloption zulassen kann ich es nicht käuflich erwerben. Ich muß gleiche vorne weg sagen,ich bin hier wenns um Viren usw. geht ein echter Anfänger,bitte beachtet das bei euren Antworten bzw. habt Rücksicht,wenn ich nicht alles gleich verstehe! Spyware Doctor hat beim 1.Run ca. 609 infizierte Dateien gefunden,ich glaube ca. 200 oder so waren Trojaner,Malware mit Namen Antispysoft,löschen konnte ich nix,aber durch klicken irgendeines Buttens ging aber Internet wieder. Malwarebytes fand im 1.Schnellrun ca. 38 infizierte Orte/Dateien,habe diese dann gelöscht.Nun fand Spyware Doctor auch keine 609 Dateien mehr,nur noch 416!Diese 416 Dateien sind Adware.Advertising & Application.Tracking,hier habe ich keine Ahnung ob die gefährlich sind,da hier auch Cookies von Philips,Counter-Strike und ganze Gamedateien zählen! AntiVir meldet mir jedenfalls keine Viren mehr! Wenn ich mir bei euch auf der Seite die Registrierungen anschaue und bei mir bei Regedit die Dateien,Schlüssel suche,sind keine da,also hat anscheiend Malwarebytes schonmal ein paar richtige gelöscht! Ich poste euch hier noch Bilder,Logfiles usw. Ich habe nun ein paar grundlegende Fragen. 1.Ich weiß,das die sicherste Methode die eines Neuaufsetzen des Systems ist (Benutze Win 7 Home Premium 64 Bit und IE8),würde ich auch als letzte Möglichkeit in betracht ziehen,aber wenn man nun nicht alles runter bekommt,was machen die Programme im Untergrund?Kommen die nur wieder,oder treiben die ohne das ich es weiß ganz schlimmer Sachen und aufeinmal habe ich sachen irgendwo gekauft wo ich nix von weiß,mal als Beispiel? 2.Kann ich AntiVir noch vertrauen,klar es hat mich gewarnt,aber bei jetziger Suche findet es eben nicx,während Spyware Doctor noch knapp 400 Infizierungen findet?! 3.Ich wollte nachdem ich alles nochmal durchlaufen lassen habe,die temporären Dateien von C löschen,soll wohl ganz gut sein,laut google.Dann woltte ich das System neustarten,und eine Systemwiederherstellung vor besagter Infizierung machen,ist sowas zu empfehlen? 4.Reicht es,wenn ich C durchsuchen lasse,habe 3 Festplatten,auf D sind nur Games und Programme,auf E nur Filme,Serien!Alles was mit Windows,Grafikkarte,halt mit dem primären system zu tun hat befindet sich auf C?! Hier die ersten Bilder,AntiVir und Spysweeper laufen noch! Malwarebytes mit C Durchlauf  Spyware Doctor Übersicht (416 Dateien)  Spyware Docotr einzelne Dateien            Hijack   Hijack Editor   Wiegesagt,AntiVir und Spysweeper laufen noch,hoffe ich habe so alles richtig gemacht,ihr könnt was damit anfangen. Danke schon mal im Vorraus für eure Hilfe Gruß Cole Nachtrag: SpySweeper  Wobei die 2 obersten Funde bei Spysweeper von nem Keygenerator kommen,müssten also irrelevant sein,denke ich zumindest. AntiVir   Geändert von Coletrickle (07.06.2010 um 09:20 Uhr) |
|
07.06.2010, 09:14
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Antispywaresoft Hallo und
__________________ Grundsätzlich postet man die Logfiles, von den Logs Screenshot erstellen und diese dann posten ist völlig sinnfrei, da man Texte und keine Bilder transportieren will! Zitat:
__________________ |
|
07.06.2010, 09:24
| #3 | |
| | AntispywaresoftZitat:
Hier ist die Log von gestern bei Malwarebytes Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4172 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 06.06.2010 20:17:34 mbam-log-2010-06-06 (20-17-34).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 126531 Laufzeit: 4 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 10 Infizierte Speicherprozesse: C:\Users\Philipp Rosche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntuser_mssec.exe (Trojan.VirTool) -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsxyvpuk (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Users\Philipp Rosche\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Users\Philipp Rosche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntuser_mssec.exe (Trojan.VirTool) -> Quarantined and deleted successfully. C:\Users\Philipp Rosche\AppData\Local\Temp\0.23518126501757064.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Philipp Rosche\AppData\Local\Temp\0.34140762346192677.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Philipp Rosche\AppData\Local\Temp\0.7932488591360031.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Philipp Rosche\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Philipp Rosche\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Philipp Rosche\AppData\Local\orrhshldo\elerhmqtssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. C:\Users\Philipp Rosche\AppData\Local\Temp\Xdw.exe (Trojan.FakeAlert) -> Delete on reboot. Hier von heute Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4172 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 07.06.2010 09:04:44 mbam-log-2010-06-07 (09-04-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 231508 Laufzeit: 37 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunde |
|
07.06.2010, 10:03
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntispywaresoftZitat:
 Du hast doch jetzt die Logs gepostet...Du hast den Text markiert und in Deinen Beitrag kopiert  Mach bitte nun Logfiles mit OTL.exe und poste sie. Die Logs werden u.U. recht groß, daher wäre es gut, wenn Du die vorher zippen könntest (beide Dateien in eine ZIP-Datei) und hier im nächsten beitrag anhängst.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.06.2010, 10:55
| #5 |
| | Antispywaresoft Ich hoffe ich habs so richtig gemacht,Befall war wiegesagt gestern 06.06.2010 gegen 18:00Uhr Beide Logdateien,habe noch ne Zip Datei mit beiden Logs angehängt,hoffe es funktioniert alles! OTL Logfile: OTL EXTRAS Logfile: OTL EXTRAS Logfile: OTL EXTRAS Logfile: OTL EXTRAS Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 07.06.2010 11:30:25 - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Philipp Rosche\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 76,00% Memory free 16,00 Gb Paging File | 14,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,53 Gb Total Space | 26,52 Gb Free Space | 35,59% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 39,06 Gb Free Space | 16,77% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 45,53 Gb Free Space | 9,78% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 7,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PRIVAT-PC Current User Name: Philipp Rosche Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Philipp Rosche\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. ) PRC - C:\Windows\SysWOW64\ws.exe () PRC - D:\Programme\Spyware Doctor\pctsTray.exe (PC Tools) PRC - D:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - D:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools) PRC - D:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.) PRC - D:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.) PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com)) PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.EXE (Webroot Software, Inc. (www.webroot.com)) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe () PRC - C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe () PRC - D:\Programme\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Users\Philipp Rosche\Desktop\OTL.exe (OldTimer Tools) MOD - D:\Programme\Spyware Doctor\smum32.dll (PC Tools) MOD - D:\Programme\Spyware Doctor\PCTGMhk.dll (PC Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV - (WRConsumerService) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. ) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (sdCoreService) -- D:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools) SRV - (sdAuxService) -- D:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) SRV - (Browser Defender Update Service) -- D:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (WebrootSpySweeperService) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com)) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (StarWindServiceAE) -- D:\Programme\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (SSIDRV) -- C:\Windows\SysNative\drivers\ssidrv.sys (Webroot Software, Inc. (www.webroot.com)) DRV:64bit: - (SSFS0BBC) -- C:\Windows\SysNative\drivers\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com)) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (AmdTools64) -- C:\Windows\SysNative\drivers\AmdTools64.sys (AMD, Inc.) DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- D:\Programme\Power DVD 9\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (AODDriver) -- C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys () DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (ENTECH64) -- C:\Windows\SysWOW64\drivers\Entech64.sys (EnTech Taiwan) DRV - (TVicPort64) -- C:\Windows\SysWOW64\drivers\TVicPort64.sys (EnTech Taiwan) DRV - (atillk64) -- C:\Program Files (x86)\GIGABYTE\ET6\atillk64.sys (ATI Technologies Inc.) DRV - (atidgllk) -- C:\Program Files (x86)\GIGABYTE\ET6\atidgllk.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de/ IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 O1 HOSTS File: ([2010.06.06 20:21:37 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] File not found O4 - HKLM..\Run: [Aux Service Updater] C:\Windows\SysWOW64\ws.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe () O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [ISTray] D:\Programme\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [QuickTime Task] D:\Programme\QuickTime 7\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SpySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AlcoholAutomount] D:\Programme\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ\ICQ6.5\ICQ.exe (ICQ, LLC.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} hxxp://service.futuremark.com/gom/receiver/tc/FMSI.cab (Futuremark SystemInfo) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Users\Philipp Rosche\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Philipp Rosche\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.09.04 08:10:22 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - G:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2009.09.04 08:10:22 | 000,000,047 | R--- | M] () - G:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{2a8e36a2-40c8-11df-a192-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2a8e36a2-40c8-11df-a192-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2009.09.04 08:10:22 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.07 11:29:52 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp Rosche\Desktop\OTL.exe [2010.06.07 10:27:15 | 000,000,000 | ---D | C] -- C:\Users\Philipp Rosche\AppData\Local\Threat Expert [2010.06.07 10:16:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp Rosche\Desktop\Virus [2010.06.06 20:07:37 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll [2010.06.06 20:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP [2010.06.06 20:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap [2010.06.06 20:06:31 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll [2010.06.06 20:06:31 | 000,000,000 | ---D | C] -- C:\Users\Philipp Rosche\AppData\Roaming\Webroot [2010.06.06 20:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot [2010.06.06 20:06:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot [2010.06.06 19:30:06 | 000,000,000 | ---D | C] -- C:\Users\Philipp Rosche\AppData\Roaming\Malwarebytes [2010.06.06 19:29:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.06.06 19:29:56 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.06.06 19:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.06 19:07:56 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2010.06.06 19:07:56 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2010.06.06 19:07:56 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2010.06.06 19:07:16 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys [2010.06.06 19:07:16 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys [2010.06.06 19:07:15 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys [2010.06.06 19:07:13 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys [2010.06.06 19:07:10 | 000,000,000 | ---D | C] -- C:\Users\Philipp Rosche\AppData\Roaming\PC Tools [2010.06.06 19:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010.06.06 19:07:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2010.06.06 18:08:00 | 000,000,000 | ---D | C] -- C:\Users\Philipp Rosche\AppData\Local\orrhshldo [2010.06.04 12:42:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenu [2010.06.04 12:42:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter [2010.06.04 12:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM [2010.06.04 12:38:44 | 000,303,104 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC560L.dll [2010.06.04 12:38:44 | 000,106,496 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC560U.dll [2010.06.04 12:38:44 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll [2010.06.04 12:32:57 | 000,000,000 | ---D | C] -- C:\Programme\Canon [2010.06.04 12:32:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2010.06.04 12:32:16 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2010.06.04 12:32:01 | 000,336,896 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMA0.DLL [2010.06.04 12:31:56 | 000,244,736 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMIUA0.DLL [2010.06.04 12:31:50 | 000,000,000 | -H-D | C] -- C:\Programme\CanonBJ [2010.06.04 12:31:44 | 000,336,896 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6PPM.DLL [2010.06.04 12:31:44 | 000,144,384 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6UI.DLL [2010.06.04 12:31:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING [2010.06.04 12:31:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\CHM [2010.06.04 12:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2010.06.01 09:11:40 | 000,000,000 | ---D | C] -- C:\Users\Philipp Rosche\Documents\Red Kawa [2010.06.01 09:11:40 | 000,000,000 | ---D | C] -- C:\Users\Philipp Rosche\AppData\Roaming\Red Kawa [2010.06.01 09:11:40 | 000,000,000 | ---D | C] -- C:\Users\Philipp Rosche\AppData\Local\Geckofx [2010.06.01 09:11:37 | 000,000,000 | ---D | C] -- C:\Users\Philipp Rosche\AppData\Roaming\Mozilla [2010.06.01 09:11:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2010.05.23 14:26:07 | 000,036,168 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2010.05.23 14:26:07 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2010.05.23 14:26:06 | 000,025,928 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2010.05.23 14:26:06 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2010.05.22 14:34:55 | 000,000,000 | ---D | C] -- C:\Users\Philipp Rosche\AppData\Roaming\FreeVideoConverter [2010.05.21 11:59:34 | 000,000,000 | ---D | C] -- C:\Users\Philipp Rosche\Documents\Samsung F480 [2010.05.21 11:59:28 | 000,000,000 | ---D | C] -- C:\Users\Philipp Rosche\Documents\My Art [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.07 11:43:08 | 007,864,320 | ---- | M] () -- C:\Users\Philipp Rosche\ntuser.dat [2010.06.07 11:34:25 | 000,009,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.07 11:34:25 | 000,009,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.07 11:32:49 | 001,509,600 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.06.07 11:32:49 | 000,657,606 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.06.07 11:32:49 | 000,618,664 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.06.07 11:32:49 | 000,131,962 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.06.07 11:32:49 | 000,108,240 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.06.07 11:29:59 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp Rosche\Desktop\OTL.exe [2010.06.07 11:27:59 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys [2010.06.07 11:27:59 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref [2010.06.07 11:27:43 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2010.06.07 11:26:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.07 11:26:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.07 11:26:28 | 2146,148,351 | -HS- | M] () -- C:\hiberfil.sys [2010.06.07 11:24:05 | 002,557,146 | -H-- | M] () -- C:\Users\Philipp Rosche\AppData\Local\IconCache.db [2010.06.06 20:21:37 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS [2010.06.06 20:19:46 | 000,001,710 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L109E2E7E611D42C4B754F024D30A7E24.job [2010.06.06 20:07:39 | 000,000,331 | ---- | M] () -- C:\Windows\win.ini [2010.06.06 20:06:38 | 000,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe [2010.06.06 20:01:09 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat [2010.06.06 18:32:02 | 000,524,288 | -HS- | M] () -- C:\Users\Philipp Rosche\ntuser.dat{5ea3fb73-7155-11df-9979-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010.06.06 18:32:02 | 000,524,288 | -HS- | M] () -- C:\Users\Philipp Rosche\ntuser.dat{5ea3fb73-7155-11df-9979-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.06.06 18:32:02 | 000,065,536 | -HS- | M] () -- C:\Users\Philipp Rosche\ntuser.dat{5ea3fb73-7155-11df-9979-806e6f6e6963}.TM.blf [2010.06.06 17:24:28 | 365,191,850 | ---- | M] () -- C:\Users\Philipp Rosche\Desktop\gg-213.avi [2010.06.06 12:23:23 | 007,340,032 | -HS- | M] () -- C:\Users\Philipp Rosche\NTUSER.DAT_tureg_old [2010.06.03 19:17:56 | 000,058,880 | ---- | M] () -- C:\Windows\SysWow64\ws.exe [2010.05.23 15:15:16 | 000,524,288 | -HS- | M] () -- C:\Users\Philipp Rosche\ntuser.dat{0a837f0a-6665-11df-9068-001fd09ab53a}.TMContainer00000000000000000002.regtrans-ms [2010.05.23 15:15:16 | 000,524,288 | -HS- | M] () -- C:\Users\Philipp Rosche\ntuser.dat{0a837f0a-6665-11df-9068-001fd09ab53a}.TMContainer00000000000000000001.regtrans-ms [2010.05.23 15:15:16 | 000,065,536 | -HS- | M] () -- C:\Users\Philipp Rosche\ntuser.dat{0a837f0a-6665-11df-9068-001fd09ab53a}.TM.blf [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.06 22:00:59 | 365,191,850 | ---- | C] () -- C:\Users\Philipp Rosche\Desktop\gg-213.avi [2010.06.06 20:11:05 | 000,001,710 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L109E2E7E611D42C4B754F024D30A7E24.job [2010.06.06 20:06:42 | 000,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe [2010.06.06 20:01:06 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat [2010.06.06 19:07:56 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip [2010.06.06 19:07:56 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old [2010.06.06 19:07:56 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010.06.06 19:07:56 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2010.06.06 19:07:56 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2010.06.06 19:07:56 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2010.06.06 19:07:16 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat [2010.06.06 19:07:15 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat [2010.06.06 19:07:13 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat [2010.06.06 18:08:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\ws.exe [2010.06.06 12:24:08 | 000,524,288 | -HS- | C] () -- C:\Users\Philipp Rosche\ntuser.dat{5ea3fb73-7155-11df-9979-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010.06.06 12:24:08 | 000,524,288 | -HS- | C] () -- C:\Users\Philipp Rosche\ntuser.dat{5ea3fb73-7155-11df-9979-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.06.06 12:24:07 | 000,065,536 | -HS- | C] () -- C:\Users\Philipp Rosche\ntuser.dat{5ea3fb73-7155-11df-9979-806e6f6e6963}.TM.blf [2010.06.06 12:23:19 | 000,000,000 | -HS- | C] () -- C:\Users\Philipp Rosche\NTUSER.DAT_tureg_new.LOG2 [2010.06.06 12:23:19 | 000,000,000 | -HS- | C] () -- C:\Users\Philipp Rosche\NTUSER.DAT_tureg_new.LOG1 [2010.06.04 12:38:44 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC173ED.TBL [2010.05.23 14:22:26 | 000,524,288 | -HS- | C] () -- C:\Users\Philipp Rosche\ntuser.dat{0a837f0a-6665-11df-9068-001fd09ab53a}.TMContainer00000000000000000002.regtrans-ms [2010.05.23 14:22:26 | 000,524,288 | -HS- | C] () -- C:\Users\Philipp Rosche\ntuser.dat{0a837f0a-6665-11df-9068-001fd09ab53a}.TMContainer00000000000000000001.regtrans-ms [2010.05.23 14:22:26 | 000,065,536 | -HS- | C] () -- C:\Users\Philipp Rosche\ntuser.dat{0a837f0a-6665-11df-9068-001fd09ab53a}.TM.blf [2010.04.06 01:00:44 | 001,528,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.04.06 00:57:49 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.04.06 00:57:49 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.11.06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll [2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.10.05 12:56:15 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.02 18:20:23 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2009.06.02 09:48:44 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2009.06.01 16:55:48 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.05.30 21:48:15 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2009.05.30 21:16:48 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2008.03.29 01:41:32 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2008.01.10 20:16:20 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2008.01.10 20:15:30 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI OTL Extras logfile created on: 07.06.2010 11:30:25 - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Philipp Rosche\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 76,00% Memory free 16,00 Gb Paging File | 14,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,53 Gb Total Space | 26,52 Gb Free Space | 35,59% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 39,06 Gb Free Space | 16,77% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 45,53 Gb Free Space | 9,78% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 7,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PRIVAT-PC Current User Name: Philipp Rosche Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "D:\Programme\VLC Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- "D:\Programme\VLC Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Programme\VLC Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- "D:\Programme\VLC Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers "{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9B1A8F3D-8059-43FB-A7AE-4F2C21F0AAF2}" = KhalInstallWrapper "CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1 "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{05f7d677-1239-445e-8a52-17680896ba15}" = Gracenote Plug-in "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights "{12C85315-0989-4C28-8956-33458F464DD6}" = The Chronicles of Riddick - Assault on Dark Athena "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM "{1b6da3a7-211d-45cb-917b-8d34f06e28f2}" = DTS Plug-in "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FC46D21-F4A4-42DF-B9A4-27F8A702EBC5}_is1" = Stone Giant 1.0 "{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot AntiVirus with Spy Sweeper "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15 "{282D931C-FD11-4FEF-9EC3-F36A643C638D}" = FRAMEBUFFER Crysis WARHEAD Benchmark Tool "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0 "{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New "{3A1B1652-D70A-4D19-981E-BB15D0DBF253}" = Ghostbusters (TM): The Video Game "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help "{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B09.1120.1 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help "{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter "{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX "{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live "{5E9709F3-B39F-4133-AE60-3EC634971E75}" = Unigine Heaven Benchmark v2.0 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{657201DD-30C8-4E50-88AD-164B3812E8F5}" = Framebuffer Crysis WARHEAD Benchmark Tool "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction "{6ebcbd88-50da-4426-888d-96b2a04a344b}" = Nero Move it "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R) "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed "{7E19B002-4CA3-4C9F-BA92-91D101B97219}" = James Cameron's AVATAR(tm): DAS SPIEL "{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0905.1 "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83a69283-d643-4e6c-a7e9-89db00ec9386}" = Nero BackItUp 4 "{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer "{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}" = Samsung PC Studio 3 "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed "{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5 "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor "{B2D4D657-DAA4-4C68-B01E-11736C1D8C0D}" = Unigine Heaven Benchmark v1.0 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{c6122658-524c-49fa-86e7-5703423e5055}" = Nero 9 "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit "{cb01de69-d64c-4df9-a512-ed750f88719c}" = Nero MediaHome 4 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2 "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help "{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation "{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static "{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget "{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster "{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights "{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2 "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision "{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood "8461-7759-5462-8226" = Vuze "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "AquaMark3" = AquaMark3 "ATITool" = ATITool Overclocking Utility "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AviSynth" = AviSynth 2.5 "Browser Defender_is1" = Browser Defender 2.0.6.15 "Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2 "Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "Crysis WARHEAD(R)" = Crysis WARHEAD(R) "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00 "Fraps" = Fraps "GPU Caps Viewer_is1" = GPU Caps Viewer v1.8.1 "HD Tune_is1" = HD Tune 2.55 "HijackThis" = HijackThis 2.0.2 "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B09.1120.1 "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MemSet_is1" = MemSet 3.6 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0 "OpenAL" = OpenAL "oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.7.0 "Spyware Doctor" = Spyware Doctor 7.0 "Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed "Steam App 10680" = Aliens vs Predator "Steam App 12840" = DiRT 2 "Steam App 43110" = Metro 2033 "System Tweaker_is1" = Uniblue System Tweaker "TuneUp Utilities" = TuneUp Utilities "Videora HTC Converter" = Videora HTC Converter 5.04 "VLC media player" = VLC media player 1.0.3 "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "5f48e2ab41c5d005" = RapidShare Manager ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- Geändert von Coletrickle (07.06.2010 um 11:10 Uhr) |
|
07.06.2010, 11:03
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntispywaresoftZitat:
 Bereinigungssupport für Keygen/CrackNutzer gibt es hier nicht. Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ --> Antispywaresoft |
|
07.06.2010, 11:14
| #7 |
| | Antispywaresoft Das waren 2 uralte Keygenerators...von 2 lausigen Programmen,wo ein Kumpel beide verschlammt hatte...hat also nix mit der Sache von gestern zu tun!Die will ich ja auch nicht bereinigen,Spysweeper sagt selbst SuperPi sei ein Virus,wenn du das kennst,dieses Hardware Test Tool,will ja nur den Mist von gestern weg haben! Falls du mir jetzt nicht weiter helfen willst,ist das Okay,aber eine Frage hätte ich noch ,vielleicht wärst du bereit sie zu beantowrten.Meine Games,Programme usw. sinnd ja alle auf D,kann ich diese drauf lassen,würden sie nach einem Neuaufsetzen des systems immernoch funktionieren oder nicht bzw. könnten sie auch von Antispysoft angegriffen worden sein? Geändert von Coletrickle (07.06.2010 um 11:26 Uhr) |
|
| Themen zu Antispywaresoft |
| antivir, dateien, festplatte, frage, google, google bilder, grafikkarte, home, home premium, infiziert, infizierte, infizierte dateien, internet, keine viren, logfiles, löschen, malware, namen, neustarten, pc infiziert, problem, programme, regedit, starten, suche, systemwiederherstellung, trojaner, viren, viren usw., warnung, windows |
Linear-Darstellung
