|
Plagegeister aller Art und deren Bekämpfung: Win32/Provis!rts, Win32/Ragterneb.A, Win32/Meredrop, Win32/VB.RC, TrojanDropper:Win32/Bamital.CWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.08.2010, 11:52 | #1 | |
| Win32/Provis!rts, Win32/Ragterneb.A, Win32/Meredrop, Win32/VB.RC, TrojanDropper:Win32/Bamital.C Hallo, die Überschrift sind diejenigen Trojaner, die MS Security Essentials gefunden hat. Anbei ist mein Scan mit Malwarebytes-Anti-Malware und OTL. Könntet ihr mir helfen, wie ich diese Schädlinge von meinem Rechner entfernen kann? DANKE! Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.08.2010 12:29:55 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\***\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 53,85 Gb Total Space | 18,40 Gb Free Space | 34,17% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 70,28 Gb Free Space | 71,97% Space Free | Partition Type: NTFS Drive E: | 146,48 Gb Total Space | 67,07 Gb Free Space | 45,78% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.) PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - D:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - D:\Programme\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Users\***\Local Settings\Apps\F.lux\flux.exe () ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe File not found SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (SbieSvc) -- D:\Programme\Sandboxie\SbieSvc.exe (tzuk) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.) SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (postgresql-8.4) -- D:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (dtpd) -- D:\Programme\ShrewSoft\VPN Client\dtpd.exe () SRV - (iked) -- D:\Programme\ShrewSoft\VPN Client\iked.exe () SRV - (ipsecd) -- D:\Programme\ShrewSoft\VPN Client\ipsecd.exe () SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) ========== Driver Services (SafeList) ========== DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (TotRec8) -- C:\Windows\SysNative\drivers\TotRec8.sys (High Criteria inc.) DRV:64bit: - (TotRec7) -- C:\Windows\SysNative\drivers\TotRec7.sys (High Criteria inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc) DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (StarPortLite) StarPort Storage Controller (Lite) -- C:\Windows\SysNative\drivers\StarPortLite.sys (Rocket Division Software) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.) DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.) DRV - (SbieDrv) -- D:\Programme\Sandboxie\SbieDrv.sys (tzuk) DRV - (UfasoftSnifDriver4) -- D:\Programme\ICQSniffer\usft_sn4.sys (Ufasoft) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 B3 9D 2B 69 A3 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 0 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {a6fd85ed-e919-4a43-a5af-8da18bda539f}:1.0.7 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:1.0.5 FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5 FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {FFA36170-80B1-4535-B0E3-A4569E497DD0}:3.0.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}:5.0.22 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=" FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "localhost" FF - prefs.js..network.proxy.backup.socks_port: 9050 FF - prefs.js..network.proxy.backup.ssl: "localhost" FF - prefs.js..network.proxy.backup.ssl_port: 9666 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.08.22 12:13:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.08.22 12:13:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2010.08.27 14:51:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2010.08.22 12:13:38 | 000,000,000 | ---D | M] [2010.02.01 22:05:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.02.01 22:05:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.04.30 12:13:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions [2010.04.30 11:20:28 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0} [2010.04.30 11:20:28 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593} [2010.04.30 12:13:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.04.30 12:13:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.04.30 12:13:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.30 12:13:38 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} [2010.08.24 21:41:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\opg763s7.default\extensions [2010.04.28 23:24:26 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\opg763s7.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67} [2010.02.18 14:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\opg763s7.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2010.05.13 00:29:12 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\opg763s7.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2010.06.07 09:09:48 | 000,000,000 | ---D | M] (Selenium IDE) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\opg763s7.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f} [2010.04.28 23:16:05 | 000,000,000 | ---D | M] (Ecosia (eco-friendly search engine)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\opg763s7.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0} [2010.08.20 09:38:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\opg763s7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.20 11:52:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\opg763s7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.06.30 20:03:41 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\opg763s7.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0} [2010.05.06 20:20:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\opg763s7.default\extensions\firebug@software.joehewitt.com [2010.02.18 14:15:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\opg763s7.default\extensions\firefox@tvunetworks.com O1 HOSTS File: ([2010.04.18 10:08:51 | 000,001,377 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (Mouse Gestures) - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll (Drowse) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [IM Sniffer] File not found O4 - HKLM..\Run: [StartCCC] D:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [F.lux] C:\Users\***\Local Settings\Apps\F.lux\flux.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Mouse Gestures... - {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - C:\Programme\Internet Explorer\Plugins\Drowse\MouseGestures.dll (Drowse) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{348d58f3-174c-11df-a438-00262d7a7c33}\Shell - "" = AutoRun O33 - MountPoints2\{348d58f3-174c-11df-a438-00262d7a7c33}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Start.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.29 11:59:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MSA [2010.08.29 11:49:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.08.29 11:49:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.08.29 11:49:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.08.29 11:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.27 19:08:10 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\GTA San Andreas User Files [2010.08.27 19:05:56 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\gta [2010.08.27 18:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2010.08.26 11:41:31 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\fritzzz [2010.08.26 09:59:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Ordnerrrr [2010.08.26 09:56:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Ordnerrrrrrrr [2010.08.26 09:50:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\laml [2010.08.26 09:49:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Ordner [2010.08.25 11:46:21 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2010.08.22 15:02:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2010.08.22 14:57:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Player Classic [2010.08.22 12:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.08.21 22:13:20 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll [2010.08.20 12:22:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apps [2010.08.20 12:22:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Deployment [2010.08.12 21:53:31 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010.08.12 21:53:30 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010.08.12 21:53:30 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010.08.12 21:53:20 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.08.12 21:53:20 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.08.12 21:53:19 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.08.12 21:53:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.08.12 21:53:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.08.12 21:53:18 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.08.12 21:53:06 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2010.08.12 21:53:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010.08.12 21:53:04 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2010.08.10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2010.08.03 21:17:09 | 000,052,568 | ---- | C] (Adobe Systems Inc) -- C:\Windows\SysNative\AdobePDF.dll [2010.03.25 18:17:59 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.29 12:27:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.29 12:27:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.29 12:27:13 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys [2010.08.29 12:26:37 | 003,407,872 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.08.29 12:26:36 | 003,428,125 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.08.29 12:23:47 | 000,016,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.29 12:23:47 | 000,016,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.29 11:49:10 | 000,000,656 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.29 01:27:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065838793-3908722477-3394782243-1001UA.job [2010.08.28 21:34:07 | 000,056,715 | ---- | M] () -- C:\Users\***\Desktop\test.pdf [2010.08.27 20:01:01 | 000,002,048 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2010.08.27 15:20:42 | 001,012,109 | ---- | M] () -- C:\Users\***\Desktop\laml.docx [2010.08.26 15:51:17 | 000,509,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.08.26 13:18:56 | 000,002,496 | ---- | M] () -- C:\Users\***\soapui-settings.xml [2010.08.26 13:13:50 | 000,658,489 | ---- | M] () -- C:\Users\***\Desktop\laml.pptx [2010.08.26 12:27:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065838793-3908722477-3394782243-1001Core.job [2010.08.26 11:44:48 | 001,523,276 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.26 11:44:48 | 000,662,682 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.26 11:44:48 | 000,623,004 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.26 11:44:48 | 000,134,704 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.26 11:44:48 | 000,110,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.26 11:39:27 | 000,119,000 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.26 09:54:54 | 003,539,811 | ---- | M] () -- C:\Users\***\Desktop\bibliothek.jar [2010.08.26 09:27:42 | 021,098,360 | ---- | M] () -- C:\Users\***\Desktop\archiv.zip [2010.08.12 15:03:01 | 000,011,571 | ---- | M] () -- C:\Users\***\Report.pdf [2010.08.10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.29 11:49:10 | 000,000,656 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.28 21:34:06 | 000,056,715 | ---- | C] () -- C:\Users\***\Desktop\test.pdf [2010.08.26 13:13:49 | 000,658,489 | ---- | C] () -- C:\Users\***\Desktop\laml.pptx [2010.08.26 11:35:58 | 001,012,109 | ---- | C] () -- C:\Users\***\Desktop\laml.docx [2010.08.26 09:54:52 | 003,539,811 | ---- | C] () -- C:\Users\***\Desktop\bibliothek.jar [2010.08.26 09:50:17 | 021,098,360 | ---- | C] () -- C:\Users\***\Desktop\archiv.zip [2010.08.20 12:22:35 | 000,001,118 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065838793-3908722477-3394782243-1001UA.job [2010.08.20 12:22:34 | 000,001,066 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065838793-3908722477-3394782243-1001Core.job [2010.08.12 15:03:00 | 000,011,571 | ---- | C] () -- C:\Users\***\Report.pdf [2010.07.12 10:32:39 | 000,001,570 | ---- | C] () -- C:\Windows\Sandboxie.ini [2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2010.05.02 13:08:06 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2010.04.20 23:15:48 | 000,000,093 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2010.03.25 18:18:01 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2uvc.sys [2010.03.25 18:18:01 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncduvc.sys [2010.03.25 18:17:59 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys [2010.03.25 18:17:59 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys [2010.03.25 18:17:59 | 000,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini [2010.03.04 13:30:03 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2010.02.23 18:09:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.20 01:40:17 | 001,529,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.02.16 22:46:06 | 000,007,602 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2010.02.12 01:17:39 | 000,000,120 | ---- | C] () -- C:\Users\***\AppData\Roaming\psppirerc [2010.02.02 19:08:08 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.02.01 22:59:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.09.16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.03.02 11:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2005.01.03 11:10:44 | 000,319,488 | ---- | C] () -- C:\Windows\SysWow64\DLXAPI32.DLL ========== LOP Check ========== [2010.07.28 18:11:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AIMP [2010.05.16 18:50:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2010.02.11 22:38:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2010.04.10 19:12:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations [2010.08.05 10:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2010.04.01 19:54:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2010.02.07 17:06:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EuroTalk [2010.06.18 20:49:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Facebook [2010.08.24 16:18:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2010.02.01 23:06:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit [2010.06.26 16:40:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fxgen [2010.03.28 00:30:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro [2010.02.21 16:15:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.07.20 14:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.03.20 23:59:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\It´s your time 2! [2010.04.30 11:05:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JonDo [2010.07.18 23:10:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MetaQuotes [2010.08.29 12:01:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MSA [2010.04.17 23:08:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nitro PDF [2010.03.31 16:09:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2010.06.16 13:07:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.02.02 01:09:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2010.04.17 20:54:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit [2010.06.14 09:20:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Paltalk [2010.04.20 23:43:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RadioRipper [2010.04.20 22:40:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Search Settings [2010.02.27 14:53:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softplicity [2010.07.03 13:30:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SQL Developer [2010.02.08 11:42:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StarBurn [2010.04.08 17:00:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stata10 [2010.02.07 20:18:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion [2010.02.11 17:02:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2010.02.01 22:05:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.04.15 20:50:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tinn-R [2010.05.16 18:00:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TotalRecorder [2010.02.10 23:09:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Trillian [2010.02.20 13:39:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TurboFTP [2010.07.12 10:47:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark [2010.07.13 19:39:40 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:EC76150E @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1C425DFF < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.08.2010 12:29:55 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\***\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 53,85 Gb Total Space | 18,40 Gb Free Space | 34,17% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 70,28 Gb Free Space | 71,97% Space Free | Partition Type: NTFS Drive E: | 146,48 Gb Total Space | 67,07 Gb Free Space | 45,78% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "D:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "D:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{20140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 (Beta) "{20140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 (Beta) "{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{64A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18 (64-bit) "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7F5DD17B-35CB-B9FC-4EF0-71240AEB08D5}" = ATI Catalyst Install Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack "{8B963746-228D-35B2-BAFC-EFB79B4DF053}" = ccc-utility64 "{8C9D0CD0-429F-4E10-977F-FC57E995C08D}" = MySQL Server 5.1 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials "{9F313496-82E8-4A99-9D4C-311531023746}" = TortoiseSVN 1.6.7.18415 (64 bit) "{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{DE2C9D5F-C55C-30E8-9322-2B8E8B5DF87C}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu "{E4E8CCFD-621C-E05A-47FB-AB96E4F5CB50}" = ATI AVIVO64 Codecs "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware "{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F0B24BDC-7963-44D1-A570-1A9281F3A6F7}" = ActivePerl 5.10.1 Build 1007 (64-bit) "{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) "GPL Ghostscript 8.70" = GPL Ghostscript 8.70 "Microsoft Security Essentials" = Microsoft Security Essentials "nbi-glassfish-mod-3.0.1.22.0" = GlassFish Server Open Source Edition 3.0.1 "nbi-nb-base-6.9.0.0.0" = NetBeans IDE 6.9 "nbi-tomcat-6.0.26.0.0" = Apache Tomcat 6.0.26 "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Sandboxie" = Sandboxie 3.46 (64-bit) "Shrew Soft VPN Client" = Shrew Soft VPN Client "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package "{0B3689FB-8AF1-7C0E-58AF-C9B7CDC0D3AE}" = CCC Help Czech "{1178262C-BA31-9A27-8507-0143DD55BCDD}" = CCC Help Hungarian "{1252F398-5142-4D81-AD31-8B0204C26E8C}" = ARIS Express "{20140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 (Beta) "{20140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 (Beta) "{20140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 (Beta) "{20140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 (Beta) "{20140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 (Beta) "{20140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 (Beta) "{20140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta) "{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta) "{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta) "{20140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 (Beta) "{20140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 (Beta) "{20140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 (Beta) "{20140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 (Beta) "{20140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 (Beta) "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{250DA7DE-37D3-ED70-90D6-90B99EE0D110}" = CCC Help Turkish "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{2E32576B-75F7-2D13-4809-FF14DA271930}" = CCC Help Dutch "{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22 "{32A3A4F4-B792-11D6-A78A-00B0D0150220}" = J2SE Development Kit 5.0 Update 22 "{33E5C80C-8D37-541E-74A6-51D527336A31}" = CCC Help Portuguese "{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = MetaTrader - Masterforex 4.00 "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43BB11DF-96BE-011A-46C4-338B7432E278}" = CCC Help English "{43D494C7-3F5B-BD67-7C09-323725A7DBA0}" = CCC Help Korean "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2 "{57D89CD5-09D1-6775-5D28-FBF8E62D5906}" = CCC Help Danish "{584E5DA5-F6A4-90EA-C9D6-9D36638055A6}" = CCC Help Norwegian "{593A6D1B-DC94-38F5-3158-A3861F7360C9}" = Catalyst Control Center InstallProxy "{59569A68-C301-4EDD-2DEC-A555851AEE5E}" = Catalyst Control Center Localization All "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6395D480-9F3B-4930-8204-B91C8882F967}" = Stata 10 "{6510C671-1D30-7669-18A8-2F13DC818E4B}" = CCC Help Greek "{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D863265-A79F-9214-9F2A-C4D1FC8FDFF6}" = ccc-core-static "{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76DC93F5-9C94-79F6-B39F-11055EF7A582}" = CCC Help Thai "{7BEB1F41-755A-C8CB-45B0-C5DEBEA241C9}" = CCC Help Chinese Traditional "{7DB1E30A-214A-4DBA-B96A-8E5E70112C94}" = Mouse Gestures for Internet Explorer (x64) "{7F5DD739-DB41-DA6A-9912-89C04E20C130}" = CCC Help Finnish "{830ECBA3-2D98-2174-93A4-DDF90A2C41D5}" = Catalyst Control Center Core Implementation "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BB235BF-8740-48CF-9843-F502F5F07EC1}" = PostgreSQL OLE DB Provider "{8D0DF06F-6AC2-D9C3-B29F-810CB9E836D8}" = CCC Help Swedish "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8DFE0123-0723-165C-29CF-28409D8E462C}" = CCC Help French "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-00D1-0407-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (German) "{901AB58E-FB3C-1F64-7795-5BE7F7DB66A6}" = CCC Help Russian "{A18B2647-60E3-0A6E-AF17-2FD9DF46DC41}" = CCC Help Italian "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-1033-F400-7761-000000000004}_934" = Adobe Acrobat 9.3.4 - CPSID_83708 "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{B0559ABA-D32C-55AD-5943-3E8BF9E6D749}" = Catalyst Control Center Graphics Full New "{B1AC5371-C952-99DC-1C0C-2C0BE8A0F1F8}" = CCC Help Chinese Standard "{B7F9F9C6-8F06-2E00-63E2-DC8F1E73EE54}" = CCC Help Polish "{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep(TM) "{C3E67109-58DF-1C4A-BB9A-14BEC5787BFC}" = Catalyst Control Center Graphics Full Existing "{C82185E8-C27B-4EF4-2010-3333BC2C2B6D}" = Microsoft AutoRoute 2010 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE4120DD-97B3-78AD-2535-00031F6ED246}" = Catalyst Control Center Graphics Light "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{DAD9BED2-5833-4EA2-57EC-550F94F8588B}" = Catalyst Control Center Graphics Previews Vista "{E48F1CB2-4D52-B847-5442-7C3897983BBD}" = CCC Help Spanish "{EB646CCD-FA56-CEC6-A91A-C18EF9D5C3B5}" = CCC Help German "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F8D315CF-615E-3AAC-ABF6-C0FA91EDDDBA}" = Microsoft Visual C# 2008 Express Edition with SP1 - DEU "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FACE7F75-E485-06CA-01AA-C1633F43667F}" = CCC Help Japanese "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AIMP2" = AIMP2 "Aspell" = Aspell Data "Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de) "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode) "CCleaner" = CCleaner "CollabNet Subversion Client" = CollabNet Subversion Client 1.5.5 "Digital Editions" = Adobe Digital Editions "ElsterFormular 11.2.0.4074" = ElsterFormular "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "FileZilla Client" = FileZilla Client 3.3.4.1 "Forex EA Generator_is1" = Forex EA Generator "GMX SMS-Manager" = GMX SMS-Manager "GPL Ghostscript 8.71" = GPL Ghostscript 8.71 "Grep-2.5.4_is1" = GnuWin32: Grep-2.5.4 "ICQ Sniffer v1.2 Evaluation Version " = ICQ Sniffer v1.2 Evaluation Version "ICQToolbar" = ICQ Toolbar "IM Sniffer" = IM Sniffer 1.0 "IrfanView" = IrfanView (remove only) "JAP" = JAP "Kill-ID für Chrome_is1" = Kill-ID 1.2.4.0 für Chrome "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "libpq64 8.4.2-1" = libpq64 8.4.2-1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MetaTrader 5" = MetaTrader 5 "Microsoft Visual C# 2008 Express Edition with SP1 - DEU" = Microsoft Visual C# 2008 Express Edition mit SP1 - DEU "MigrationWizard 1.1-4" = EnterpriseDB MigrationWizard 1.1 "Miranda IM" = Miranda IM 0.8.22 "mIRC" = mIRC "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6) "Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1) "Norwegisch AKTIV" = Norwegisch AKTIV "Notepad++" = Notepad++ "Npgsql 2.0.6-1" = Npgsql 2.0.6 "Office14.SingleImage" = Microsoft Office Professional 2010 "PalTalk8.2" = PaltalkScene "PDF Blender" = PDF Blender "pgJDBC 8.4-701-1" = pgJDBC 8.4-701 "PostgreSQL 8.4" = PostgreSQL 8.4 "psqlODBC 08.04.0100-1" = psqlODBC 08.04.0100 "R for Windows 2.10.1_is1" = R for Windows 2.10.1 "ResourceHacker_is1" = Resource Hacker Version 3.5.2 "Schwedisch Aktiv" = Schwedisch AKTIV "SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.2 for Windows "Slony_I_PG84 2.0.2-1" = Slony 2.0.2 "SopCast" = SopCast 3.2.4 "StarBurn_is1" = StarBurn Version 12r10 (Build 0x20091021) "Tiff Combine_is1" = Tiff Combine "TotalRecorder" = Total Recorder 8.1 "Trillian" = Trillian "TuningWizard 1.3-2" = EnterpriseDB TuningWizard 1.3 "TVUPlayer" = TVUPlayer 2.5.0.1 "TYPO3Winstaller_4.3.1" = TYPO3Winstaller - TYPO3 4.3.1 "Veetle TV" = Veetle TV 0.9.17 "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.1.3 "VP Suite 4.2" = VP Suite 4.2 "WebCEO70_is1" = Web CEO 8.1 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "Wireshark" = Wireshark 1.2.6 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "ARIS Express 2.1" = ARIS Express 2.1 "Dropbox" = Dropbox "Facebook Plug-In" = Facebook Plug-In "Flux" = F.lux "Google Chrome" = Google Chrome "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2) "RadioRipper" = RadioRipper 1.1d BETA5 "UfasoftSniffer" = Ufasoft Snif 4.2.120 "Winamp Detect" = Winamp Detector Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.08.2010 16:01:55 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 28.08.2010 16:02:43 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 28.08.2010 16:03:14 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 28.08.2010 16:03:48 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 28.08.2010 16:03:48 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 28.08.2010 16:26:49 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 29.08.2010 05:34:14 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 29.08.2010 05:34:14 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 29.08.2010 06:33:23 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 29.08.2010 06:33:23 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ System Events ] Error - 21.08.2010 06:34:17 | Computer Name = ***-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 22.08.2010 06:11:28 | Computer Name = ***-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 22.08.2010 11:38:12 | Computer Name = ***-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?22.?08.?2010 um 16:46:31 unerwartet heruntergefahren. Error - 23.08.2010 05:25:04 | Computer Name = ***-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 28.08.2010 16:01:15 | Computer Name = ***-PC | Source = Microsoft Antimalware | ID = 1008 Description = %%861 has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Meredrop&threatid=2147575279 User: ***-PC\*** Name: Trojan:Win32/Meredrop ID: 2147575279 Severity: Severe Category: Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.89.542.0, AS: 1.89.542.0 Engine Version: 1.1.6103.0 Error - 28.08.2010 16:01:15 | Computer Name = ***-PC | Source = Microsoft Antimalware | ID = 1008 Description = %%861 has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Bamital.C&threatid=2147637455 User: ***-PC\*** Name: TrojanDropper:Win32/Bamital.C ID: 2147637455 Severity: Severe Category: Trojan Dropper Path: Action: %%808 Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.89.542.0, AS: 1.89.542.0 Engine Version: 1.1.6103.0 Error - 28.08.2010 16:01:15 | Computer Name = ***-PC | Source = Microsoft Antimalware | ID = 1008 Description = %%861 has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Meredrop&threatid=2147575279 User: ***-PC\*** Name: Trojan:Win32/Meredrop ID: 2147575279 Severity: Severe Category: Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.89.542.0, AS: 1.89.542.0 Engine Version: 1.1.6103.0 Error - 28.08.2010 16:01:15 | Computer Name = ***-PC | Source = Microsoft Antimalware | ID = 1008 Description = %%861 has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Bamital.C&threatid=2147637455 User: ***-PC\*** Name: TrojanDropper:Win32/Bamital.C ID: 2147637455 Severity: Severe Category: Trojan Dropper Path: Action: %%808 Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.89.542.0, AS: 1.89.542.0 Engine Version: 1.1.6103.0 Error - 29.08.2010 05:58:32 | Computer Name = ***-PC | Source = Microsoft Antimalware | ID = 1008 Description = %%861 has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:JS/Obfuscator&threatid=2147632206 User: ***-PC\*** Name: VirTool:JS/Obfuscator ID: 2147632206 Severity: Severe Category: Tool Path: Action: %%808 Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.89.542.0, AS: 1.89.542.0 Engine Version: 1.1.6103.0 Error - 29.08.2010 06:15:03 | Computer Name = ***-PC | Source = DCOM | ID = 10010 Description = < End of report > |
29.08.2010, 22:29 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Provis!rts, Win32/Ragterneb.A, Win32/Meredrop, Win32/VB.RC, TrojanDropper:Win32/Bamital.C Moin Ferit, finde ich ja toll, dass Du den Weg vom www.politik-forum.eu • Foren-Übersicht hier ins TB gefunden hast!
__________________Ich würde vorschlagen, Du machst erstmal einen Vollscan mit malwarebytes. Aktualisiere Malwarebytes aber bitte vorher über den Updatebutton im Programm. Du hast einen Quickscan gemacht, der reicht zwar idR aus, ich möchte aber lieber einen Vollscan am Anfang haben. Und auch eine Entwarnung kann ich Dir geben, Du hast ein 64-Bit-Windows, diese Versionen sind die sichersten, da MS da einen besonderen Schutz eingebaut hat (Kernel Patch Protection bzw. Kernel Patch Guard), der den Betriebssystemkernel vor (bösartigen) Veränderungen schützt. Rootkits sind somit so nicht nicht möglich und Schädlinge können sich nicht tief vergraben Zitat:
__________________ |
29.08.2010, 23:54 | #3 | |||
| Win32/Provis!rts, Win32/Ragterneb.A, Win32/Meredrop, Win32/VB.RC, TrojanDropper:Win32/Bamital.CZitat:
Zitat:
Zitat:
Was ist daran so schlimm? Ist das etwa nicht legal? Oder andere Frage: sollte ich es immer auf dem aktuellen Stand halten? |
30.08.2010, 00:56 | #4 |
| Win32/Provis!rts, Win32/Ragterneb.A, Win32/Meredrop, Win32/VB.RC, TrojanDropper:Win32/Bamital.C Hi cosinus, der Vollscan ist durchgelaufen und es wurden keine infizierten Dateien gefunden. Ist der Rechner wieder in Ordnung? |
30.08.2010, 13:23 | #5 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Provis!rts, Win32/Ragterneb.A, Win32/Meredrop, Win32/VB.RC, TrojanDropper:Win32/Bamital.CZitat:
Die OTL-Logs sind auch unauffällig
__________________ Logfiles bitte immer in CODE-Tags posten |
30.08.2010, 16:16 | #6 | |
| Win32/Provis!rts, Win32/Ragterneb.A, Win32/Meredrop, Win32/VB.RC, TrojanDropper:Win32/Bamital.CZitat:
|
30.08.2010, 16:36 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Provis!rts, Win32/Ragterneb.A, Win32/Meredrop, Win32/VB.RC, TrojanDropper:Win32/Bamital.C Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
30.08.2010, 20:13 | #8 |
| Win32/Provis!rts, Win32/Ragterneb.A, Win32/Meredrop, Win32/VB.RC, TrojanDropper:Win32/Bamital.C Nein, gar nichts. Läuft alles wie geschmiert! Danke nochmals, Arne! Das Thema kann geschlossen werden. |
Themen zu Win32/Provis!rts, Win32/Ragterneb.A, Win32/Meredrop, Win32/VB.RC, TrojanDropper:Win32/Bamital.C |
.dll, 0x00000001, 64-bit, adblock, alternate, autorun, bho, c:\windows\system32\rundll32.exe, components, document, entfernen, error, excel, excel.exe, explorer, favicon, fehler, firefox, flash player, format, google, google chrome, hängen, install.exe, jondofox, js/obfuscator, langs, location, logfile, microsoft office word, microsoft security, microsoft security essentials, mozilla, mozilla thunderbird, ms security essentials, nlssrv32.exe, oldtimer, otl.exe, pdf, pdfforge toolbar, plug-in, programdata, programme, registry, rundll, saver, scan, schattenkopien, schwedisch, security, senden, shell32.dll, shortcut, software, spigot, sptd.sys, studio, syswow64, trojan:win32/meredrop, trojaner, visual studio, vlc media player, webcheck |