| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: WORM/Conficker.Y.13 in G:\RECYCLER\...\jwgkvsq.vmxWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.08.2010, 16:00
| #1 |
| |  WORM/Conficker.Y.13 in G:\RECYCLER\...\jwgkvsq.vmx Hallo, ich komm gleich zur Sache in habe mich gestern dazu entschieden mal meinen PC nach Viren etc. zu scannen (Benutztes Programm ist Avira AntiVir Personal, wird immer aktuell gehalten) und heute früh als ich mir den Report anschaute sagte Avira mir das es 3 Viren gefunden hat 2 davon habe ich als unkritisch eingestuft, warum will ich jetzt nicht erläutern weis, denn ich weis nicht auf welche Schiene man da fährt in einem Forum. So nun zu dem 3. erkannten Virus, wie oben im Titel schon beschrieben ist es laut Avira der WORM/Conficker.Y.13 da dachte ich mir das ihr aus meiner persönlichen Sicht die waren Helfer in der Not seit könnt ihr mich durch die Entfernungsprozedur leiten, denn ich denke alleine bekomme ich das nicht hin, da ich gar nicht so richtig weis welches Programm ich so richtig verwenden soll bzw. kann. Wenn noch Fragen offen seien sollten, stellt sie hier rein^^ Mfg Sven |
|
26.08.2010, 17:06
| #2 | |||
  |  WORM/Conficker.Y.13 in G:\RECYCLER\...\jwgkvsq.vmx Hallo Sven und
__________________ Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Zitat:
 Zitat:
Zitat:
1.) Poste das Log von Avira mit den Funden. 2.) Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die Liste unter Punkt 2 (Alternative B) ab. ciao, andreas
__________________ |
|
26.08.2010, 19:07
| #3 | |
| | WORM/Conficker.Y.13 in G:\RECYCLER\...\jwgkvsq.vmx Das letzte mal habe ich am 24.08. ein scan durchgeführt doch dies war nur ein manueller scan auf dem laufwerk C, gestern entschied ich mich eine Vollständige Systemprüfung "so lautet die Prüfung bei Avira" durchzuführen.
__________________Nein bin kein Fachmann. Hier das Log Zitat:
Mfg Sven |
|
26.08.2010, 19:17
| #4 | |
| | WORM/Conficker.Y.13 in G:\RECYCLER\...\jwgkvsq.vmx Wo hast du die Datei her? Zitat:
ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
26.08.2010, 19:44
| #5 | |
| | WORM/Conficker.Y.13 in G:\RECYCLER\...\jwgkvsq.vmx Die Datei habe ich von einer wie soll man es ausdrücken Szeneseite, welche kann ich nicht genau sagen, gibt so viele, und überall ist es dasselbe. Ja, Laufwerk G ist ein externes Laufwerk (Ich seh grad das sich der Laufwerksbuchstabe anscheinend ändert, warum kann ich nicht sagen jetzt zb. ist es F ich werde es immer mit angeben wenn sich G in einen anderen Buchstaben ändert) Denn in den Logfiles ist ja dann auch immer von einem anderem Buchstaben die Rede, nicht das wir durcheinander kommen. Und hier noch der Log von Malware Antibytes Zitat:
Gruß Sven |
|
26.08.2010, 20:18
| #6 | |
| | WORM/Conficker.Y.13 in G:\RECYCLER\...\jwgkvsq.vmxZitat:
ciao, andreas
__________________ --> WORM/Conficker.Y.13 in G:\RECYCLER\...\jwgkvsq.vmx |
|
27.08.2010, 13:53
| #7 |
| | WORM/Conficker.Y.13 in G:\RECYCLER\...\jwgkvsq.vmx OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.08.2010 20:47:38 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\***\Desktop\MFTools 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 73,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 40,33 Gb Total Space | 15,24 Gb Free Space | 37,78% Space Free | Partition Type: NTFS Drive D: | 192,42 Gb Total Space | 49,76 Gb Free Space | 25,86% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 461,77 Gb Total Space | 147,57 Gb Free Space | 31,96% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive W: | 465,76 Gb Total Space | 442,79 Gb Free Space | 95,07% Space Free | Partition Type: NTFS Drive Z: | 3,98 Gb Total Space | 2,53 Gb Free Space | 63,54% Space Free | Partition Type: FAT32 Computer Name: ***-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.08.26 20:25:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe PRC - [2010.08.24 20:17:31 | 000,214,520 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2010.08.23 22:16:30 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.04.19 17:56:21 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- D:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ========== Modules (SafeList) ========== MOD - [2010.08.26 20:25:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe MOD - [2010.06.30 08:21:47 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll MOD - [2009.12.29 08:55:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll MOD - [2009.07.14 03:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll MOD - [2009.07.14 03:16:20 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll MOD - [2009.07.14 03:16:19 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMASF.DLL MOD - [2009.07.14 03:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll MOD - [2009.07.14 03:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll MOD - [2009.07.14 03:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009.07.14 03:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll MOD - [2009.07.14 03:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll MOD - [2009.07.14 03:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll MOD - [2009.07.14 03:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll MOD - [2009.07.14 03:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll MOD - [2009.07.14 03:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll MOD - [2009.07.14 03:16:12 | 002,504,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMVCORE.DLL MOD - [2009.07.14 03:16:12 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceApi.dll MOD - [2009.07.14 03:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll MOD - [2009.07.14 03:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll MOD - [2009.07.14 03:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\networkexplorer.dll MOD - [2009.07.14 03:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009.07.14 03:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll MOD - [2009.07.14 03:15:14 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorAPI.dll MOD - [2009.07.14 03:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll MOD - [2009.07.14 03:15:08 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll MOD - [2009.07.14 03:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll MOD - [2009.07.14 03:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll MOD - [2009.07.14 03:14:57 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\audiodev.dll MOD - [2009.07.14 03:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll MOD - [2009.07.14 03:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB) SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA) SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc) SRV:64bit: - [2010.04.24 17:42:05 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2010.04.07 04:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.12.09 14:38:38 | 000,036,168 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV - [2010.08.24 20:17:31 | 000,214,520 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2010.08.23 22:16:30 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.06.09 19:00:17 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.04.24 17:41:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.04.19 17:56:21 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.01.05 00:41:00 | 003,670,928 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2009.12.25 14:41:29 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- D:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.12.09 14:44:18 | 001,394,504 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.12.09 14:38:30 | 000,030,024 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.03.09 17:29:44 | 002,232,296 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwavdt.sys -- (btwavdt) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.04.17 17:21:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2010.04.07 04:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.04.07 04:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.04.07 03:23:30 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.03.10 08:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb) DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.02.27 15:47:10 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.02.27 15:47:10 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.02.16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.02.03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.12.18 21:27:49 | 000,198,944 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2009.12.12 14:02:08 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.11.17 18:01:20 | 000,294,400 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.09.30 16:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.11 12:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2009.09.11 12:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2009.09.11 12:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2009.09.11 12:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.13 13:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV:64bit: - [2008.02.06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2007.10.25 17:34:46 | 002,051,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2007.10.25 17:34:36 | 000,147,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2007.10.25 17:34:32 | 000,290,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2007.10.25 17:34:30 | 000,016,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2007.10.25 17:34:28 | 000,219,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2007.10.25 17:34:18 | 000,864,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV:64bit: - [2007.10.25 17:34:14 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2007.10.25 17:33:18 | 001,570,328 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL) DRV:64bit: - [2007.10.25 17:33:16 | 000,189,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL) DRV:64bit: - [2007.10.25 17:33:14 | 000,363,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL) DRV:64bit: - [2007.10.25 17:33:10 | 000,123,416 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL) DRV:64bit: - [2007.10.25 17:33:08 | 000,252,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL) DRV:64bit: - [2007.10.25 17:33:06 | 000,141,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL) DRV:64bit: - [2007.10.25 17:33:04 | 000,321,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL) DRV:64bit: - [2007.10.25 17:33:02 | 000,680,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL) DRV:64bit: - [2007.10.25 17:33:02 | 000,219,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL) DRV:64bit: - [2007.10.25 17:33:00 | 000,699,928 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL) DRV:64bit: - [2007.10.25 17:32:58 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL) DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2009.12.28 19:05:28 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009.10.14 08:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) DRV - [2005.01.04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 30 C1 1F B9 DC CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2010.08.19 22:15:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.19 22:15:18 | 000,000,000 | ---D | M] [2009.12.10 21:27:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.06.13 12:38:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\b45azupi.default\extensions O1 HOSTS File: ([2010.04.24 17:31:15 | 000,000,942 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 2O7.net O1 - Hosts: 127.0.0.1 192.168.112.2O7.net O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 5 more lines... O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\Adope\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\Adope\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AsioReg] File not found O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [CtxfiReg] C:\Windows\SysWow64\Ctxfireg.exe (Creative Technology Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9bbd6e1a-2880-11df-bb42-000a3a7a88b2}\Shell - "" = AutoRun O33 - MountPoints2\{9bbd6e1a-2880-11df-bb42-000a3a7a88b2}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk - C:\PROGRA~1\WESTER~1\WDSMAR~1\WDDRIV~1\WDDMST~1.EXE - File not found MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk - C:\PROGRA~2\WESTER~1\WDSMAR~1\FRONTP~1\WDSMAR~1.EXE - File not found MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - D:\Programme\Adope\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe_ID0ENQBO - hkey= - key= - C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Users\***\Program Files (x86)\DNA\btdna.exe File not found MsConfig:64bit - StartUpReg: CTHelper - hkey= - key= - C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd) MsConfig:64bit - StartUpReg: CTxfiHlp - hkey= - key= - C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: DevconDefaultDB - hkey= - key= - C:\Windows\SysWow64\readreg.exe (Creative Technology Limited) MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - D:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe File not found MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation) Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll () Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation) Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation) Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation) Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation) Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll () Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 90 Days ========== [2010.08.26 20:33:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.26 20:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2010.08.26 20:26:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.08.26 20:26:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.08.26 20:26:17 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.08.26 20:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.26 20:24:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools [2010.08.24 16:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2010.08.23 22:08:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\2K Games [2010.08.22 22:19:44 | 000,253,952 | ---- | C] (TrueVision3D LLC) -- C:\Windows\SysWow64\tvmedia.dll [2010.08.22 15:50:58 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\GTA San Andreas User Files [2010.08.21 00:51:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vghd [2010.08.20 13:05:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Rockstar Games [2010.08.20 13:02:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2010.08.20 12:54:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Rockstar Games [2010.08.20 12:53:36 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2010.08.19 22:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [2010.08.19 19:11:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\119614890734134516 [2010.08.19 19:10:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\119611678098597108 [2010.08.19 16:16:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\119614890734593268 [2010.08.19 16:16:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\119611678099055860 [2010.08.08 23:17:39 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Bluetooth-Exchange-Ordner [2010.08.08 22:48:26 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Codemasters [2010.08.06 23:16:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.08.06 23:15:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2010.07.31 13:20:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\StarCraft II [2010.07.31 13:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2010.07.31 13:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2010.07.28 20:41:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Electronic_Arts_Inc [2010.07.24 18:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2010.07.24 18:12:16 | 000,000,000 | ---D | C] -- C:\ts 3 [2010.07.24 16:46:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LogiShrd [2010.07.23 22:23:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2010.07.23 20:15:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Sidhe [2010.07.18 12:30:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TikGames [2010.07.18 12:30:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Zylom [2010.07.18 12:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom [2010.07.10 20:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia [2010.07.10 19:59:55 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2010.07.02 17:16:31 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Games for Windows - LIVE Demos [2010.06.24 21:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010.06.14 21:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink [2010.04.17 17:21:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys [2009.12.10 21:44:04 | 000,034,816 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll ========== Files - Modified Within 90 Days ========== [2010.08.26 20:47:48 | 005,242,880 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.08.26 20:36:35 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.26 20:36:35 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.26 20:32:57 | 000,000,924 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.08.26 20:32:57 | 000,000,905 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk [2010.08.26 20:31:15 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.26 20:31:15 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.26 20:31:15 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.26 20:31:15 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.26 20:31:15 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.26 20:30:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.26 20:29:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.26 20:29:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.26 20:29:09 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010.08.26 20:28:21 | 000,064,756 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx [2010.08.26 20:28:21 | 000,060,196 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx [2010.08.26 20:28:21 | 000,060,196 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx [2010.08.26 20:28:09 | 004,638,018 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.08.26 20:26:21 | 000,000,678 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.26 20:13:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.26 20:10:13 | 000,388,175 | ---- | M] () -- C:\Users\***\Desktop\Load.exe [2010.08.26 17:25:28 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk [2010.08.25 21:37:06 | 000,000,681 | ---- | M] () -- C:\Users\***\Desktop\Mafia II.lnk [2010.08.24 23:03:53 | 000,000,369 | ---- | M] () -- C:\Users\***\Desktop\fitness.html [2010.08.24 20:17:31 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.08.24 20:17:31 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.08.24 16:05:22 | 002,900,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.08.23 22:41:16 | 000,066,480 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.23 22:16:30 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.08.23 21:26:16 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\Phoenix.lnk [2010.08.22 22:20:13 | 000,001,041 | ---- | M] () -- C:\Users\***\Desktop\Rotlicht Tycoon 2.lnk [2010.08.22 19:23:01 | 000,000,853 | ---- | M] () -- C:\Users\***\Desktop\GTA San Andreas - Multiplayer.lnk [2010.08.21 01:20:16 | 000,000,007 | ---- | M] () -- C:\Windows\sbacknt.bin [2010.08.20 18:52:09 | 000,001,244 | ---- | M] () -- C:\Users\***\Desktop\Far Cry 2.lnk [2010.08.20 18:45:14 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe [2010.08.20 12:53:36 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2010.08.20 12:29:17 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2010.08.19 16:15:06 | 000,001,345 | ---- | M] () -- C:\Users\***\Desktop\Kane & Lynch 2- Dog Days.lnk [2010.08.11 23:12:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.08.08 22:50:21 | 000,001,125 | ---- | M] () -- C:\Users\***\Desktop\Race Driver - GRID.lnk [2010.07.31 13:27:00 | 000,000,743 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2010.07.24 15:49:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2010.07.16 19:30:14 | 000,001,189 | ---- | M] () -- C:\Users\***\AppData\Roaming\vso_ts_preview.xml [2010.07.10 19:59:55 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2010.07.10 19:59:55 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2010.07.09 21:04:40 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll [2010.07.09 21:04:40 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll [2010.07.02 17:14:55 | 000,000,820 | ---- | M] () -- C:\Users\***\Desktop\DiRT 2.lnk [2010.06.14 21:42:26 | 000,000,647 | ---- | M] () -- C:\Users\***\Desktop\DVD Shrink 3.2.lnk [2010.06.02 19:43:01 | 000,000,787 | ---- | M] () -- C:\Users\***\Desktop\TeamSpeak 3 Client.lnk [2010.05.30 13:15:11 | 000,000,321 | ---- | M] () -- C:\Windows\game.ini ========== Files Created - No Company Name ========== [2010.08.26 20:32:57 | 000,000,924 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.08.26 20:32:57 | 000,000,905 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk [2010.08.26 20:26:21 | 000,000,678 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.26 20:10:13 | 000,388,175 | ---- | C] () -- C:\Users\***\Desktop\Load.exe [2010.08.26 17:25:28 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk [2010.08.25 21:37:06 | 000,000,681 | ---- | C] () -- C:\Users\***\Desktop\Mafia II.lnk [2010.08.24 23:03:53 | 000,000,369 | ---- | C] () -- C:\Users\***\Desktop\fitness.html [2010.08.23 21:26:16 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\Phoenix.lnk [2010.08.22 22:20:13 | 000,001,041 | ---- | C] () -- C:\Users\***\Desktop\Rotlicht Tycoon 2.lnk [2010.08.22 19:23:01 | 000,000,853 | ---- | C] () -- C:\Users\***\Desktop\GTA San Andreas - Multiplayer.lnk [2010.08.21 00:51:12 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin [2010.08.20 18:52:09 | 000,001,244 | ---- | C] () -- C:\Users\***\Desktop\Far Cry 2.lnk [2010.08.20 12:29:17 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2010.08.19 16:15:06 | 000,001,345 | ---- | C] () -- C:\Users\***\Desktop\Kane & Lynch 2- Dog Days.lnk [2010.08.11 23:12:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.08.08 22:50:21 | 000,001,125 | ---- | C] () -- C:\Users\***\Desktop\Race Driver - GRID.lnk [2010.07.31 13:20:15 | 000,000,743 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2010.07.09 21:04:40 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll [2010.06.20 12:54:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2010.06.14 21:42:26 | 000,000,647 | ---- | C] () -- C:\Users\***\Desktop\DVD Shrink 3.2.lnk [2010.06.02 19:43:01 | 000,000,787 | ---- | C] () -- C:\Users\***\Desktop\TeamSpeak 3 Client.lnk [2010.04.17 17:22:27 | 000,001,189 | ---- | C] () -- C:\Users\***\AppData\Roaming\vso_ts_preview.xml [2010.04.17 17:22:13 | 000,000,034 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.log [2010.04.17 17:21:58 | 000,099,384 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe [2010.04.17 17:21:58 | 000,007,859 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat [2010.04.17 17:21:58 | 000,001,167 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf [2010.04.17 15:26:16 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.01.31 23:20:25 | 000,000,359 | ---- | C] () -- C:\Windows\psnetwork.ini [2010.01.29 03:30:17 | 000,000,321 | ---- | C] () -- C:\Windows\game.ini [2009.12.30 01:57:14 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2009.12.28 19:05:26 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2009.12.26 00:03:54 | 000,000,713 | ---- | C] () -- C:\Users\***\AppData\Roaming\Screentaker.NET.cfg [2009.12.15 21:18:06 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2009.12.10 21:44:04 | 000,098,174 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2009.12.10 21:44:04 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll [2009.12.10 21:44:04 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll [2009.12.10 21:44:04 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2009.12.10 21:44:04 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010.03.14 14:52:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2010.05.26 18:22:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations [2009.12.12 14:11:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2010.05.16 16:20:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2010.07.24 15:59:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HLSW [2009.12.10 23:18:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.01.17 03:26:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON [2010.08.06 23:16:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.03.19 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Talkative IRC [2010.05.26 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2009.12.25 14:41:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2010.08.21 00:51:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vghd [2010.07.16 19:30:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso [2010.03.24 14:08:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Western Digital [2010.07.18 12:30:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zylom [2010.07.17 16:36:32 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010.08.26 20:29:09 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010.08.26 20:29:15 | 4293,386,240 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2009.07.14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009.07.14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009.07.14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.07.14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009.06.10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\user32.dll /md5 > [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > |
|
27.08.2010, 13:56
| #8 | |
| | WORM/Conficker.Y.13 in G:\RECYCLER\...\jwgkvsq.vmx Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.08.2010 20:47:38 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\***\Desktop\MFTools
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 73,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,33 Gb Total Space | 15,24 Gb Free Space | 37,78% Space Free | Partition Type: NTFS
Drive D: | 192,42 Gb Total Space | 49,76 Gb Free Space | 25,86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 461,77 Gb Total Space | 147,57 Gb Free Space | 31,96% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 465,76 Gb Total Space | 442,79 Gb Free Space | 95,07% Space Free | Partition Type: NTFS
Drive Z: | 3,98 Gb Total Space | 2,53 Gb Free Space | 63,54% Space Free | Partition Type: FAT32
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\BitTorrent\bittorrent.exe" = D:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"D:\Programme\PPMate\ppmate.exe" = D:\Programme\PPMate\ppmate.exe:*:Enabled:PPMate -- File not found
"D:\Programme\PPMate\ppmnet.exe" = D:\Programme\PPMate\ppmnet.exe:*:Enabled:PPMate -- File not found
"D:\Programme\BitTorrent\bittorrent.exe" = D:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"D:\Programme\PPMate\ppmate.exe" = D:\Programme\PPMate\ppmate.exe:*:Enabled:PPMate -- File not found
"D:\Programme\PPMate\ppmnet.exe" = D:\Programme\PPMate\ppmnet.exe:*:Enabled:PPMate -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0910-000001000000}" = 7-Zip 9.10 (x64 edition)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{7A23D2C6-6FF9-EBAD-73E2-4717BB08983F}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08
"{9E8605FF-09EA-AAC5-4780-AA6E02EBE06F}" = ccc-utility64
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12FD058C-304E-1CEF-EE6A-C9EC49D00AC2}" = Catalyst Control Center Graphics Full New
"{14E640FF-CE46-7966-036E-B82260CF29CF}" = Catalyst Control Center Graphics Light
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C9D9AF3-EF01-E760-94A6-AE41CA277983}" = CCC Help Italian
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2E72D554-09BC-C87B-AE7B-5ED2E54DDA57}" = CCC Help Polish
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A44139B-9C3D-6D55-87A3-B22085DB6428}" = CCC Help German
"{6BD9C17B-21A4-C8AA-9B8C-AB18304D103D}" = CCC Help Spanish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72992853-E12F-6F78-E466-C8ADF60AB2F3}" = CCC Help Hungarian
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{824B6611-48C9-C785-CD73-D7CB82E19A7E}" = Catalyst Control Center Graphics Full Existing
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8F412354-CAB2-5A40-8B7D-28C9D6B8E0E2}" = Catalyst Control Center InstallProxy
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{936B48FE-32C0-BD05-D655-790B8587D4CF}" = CCC Help English
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{95CEB007-7B88-48FE-B4A7-1465E91FC3A4}_is1" = Rotlicht Tycoon 2
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABA45BF5-39C9-1D1F-0467-C716E4E62336}" = Catalyst Control Center HydraVision Full
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B160D3AC-D8E3-F949-C905-229FFF4C8C16}" = CCC Help French
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1B943CB-55A4-8E85-3392-2FF13980826E}" = CCC Help Greek
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B327B5BD-F3EC-889D-9770-2D40A14A4356}" = Catalyst Control Center Graphics Previews Common
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B681FEA0-03C4-A96C-0D66-5D3D40171DC5}" = CCC Help Portuguese
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE4F561B-63A9-A47C-9DE1-AF1CF5B1C30F}" = Catalyst Control Center Core Implementation
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C95567EE-BE3F-053F-655B-5FF3340CD08E}" = Catalyst Control Center Graphics Previews Vista
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DA7DF7BB-D3E2-1B19-6099-776A23DAF088}" = ccc-core-static
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324
"{DE872CED-2C0F-F0D0-AFCF-B1D35450796B}" = Catalyst Control Center Localization All
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.20
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CINEMA 4D Release 11" = CINEMA 4D Release 11
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"Fraps" = Fraps (remove only)
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"IsoBuster_is1" = IsoBuster 2.4
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Talkative IRC_is1" = Talkative IRC 0.4.4.16
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"TmNations_is1" = TrackMania Nations ESWC 1.7.9
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.1.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"Worms Reloaded_is1" = Worms Reloaded
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.2.1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Wie beschrieben ist in den Logfiles das Eigentliche Laufwerk G mit F beschrieben. Malware Antibytes Volständiger Scan Zitat:
Gruß Sven |
|
27.08.2010, 14:43
| #9 | ||
| | WORM/Conficker.Y.13 in G:\RECYCLER\...\jwgkvsq.vmx Mal abgesehen davon, dass ich TuneUp grundsätzlich deinstallieren lasse, weil es nicht die Bohne taugt, ist das hier die Krönung: Zitat:
2.) Wissen wir ganz genau, dass die (fast) alle verseucht sind, d.h. wer die benutzt, ist selber Schuld. Zitat:
Damit hast du den ersten Preis gewonnen und der lautet => http://www.trojaner-board.de/51262-a...sicherung.html Ich bin raus, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
| Themen zu WORM/Conficker.Y.13 in G:\RECYCLER\...\jwgkvsq.vmx |
| aktuell, antivir, avira, avira antivir, eingestuft, entschieden, frage, fragen, gestern, heute, not, offen, personal, persönliche, programm, recycler, report, richtig, sache, scan, scanne, scannen, verwenden, viren, virus, warum |
Linear-Darstellung
