Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Dropper.Gen eapp32hst.dll

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.10.2010, 02:37   #1
Frohbarsch
 
TR/Dropper.Gen eapp32hst.dll - Standard

TR/Dropper.Gen eapp32hst.dll



Liebe Alle,

Seit einer halben Stunde warnt mich Windows 7, dass eine fremde Person versucht, meine Passwörter auszuforschen, dass mein PC von gefährlichen Viren befallen ist , etc...
Antivir meldet sich auf anklicken der ununterbrochen auftauchenden Meldungen immer mit einem Fund in einer Datei, die fortlaufend neu erstellt wird, diese Datei heißt "fiu*.tmp", wobei das * nach jedem Löschen neu beziffert wird. Sie befindet sich im Users/AppData/Local/Temp - Ordner und wird offensichtlich "verursacht" durch eine gewisse "eapp32hst.dll". Diese zu löschen ist unmöglich, da sie von einer gewissen "dfrsnapnt.exe" verwendet wird. Zudem komme ich mit dem Löschen garnicht mehr nach und es zaubert mir inzwischen hübsche kleine Porno-Icons auf den Desktop. Da muss was massiv schief gegangen sein.
Windows meldet den
"TrojanASPX.JS.WIN32", während Antivir den "TR/Dropper.Gen" aufzeigt. Oder ist das ein und derselbe?
Ich hab jetzt ein bißchen Angst.
Ich war lange nicht mehr hier, werde mich an JEDE Anleitung halten, bitte aber im selben Atemzug um Nachsicht, ich bin gerade mitten in einem Projekt und muss am PC arbeiten und habe eigentlich so gut wie garkeine Zeit, mich durch viele Foren und Google zu lesen, bin mir aber sicher, dass ich auf genug stoßen würde. Jedoch will ich nicht ziellose Unternehmungen machen, die nicht auf meinen Fall spezialisiert sind.
Vom Internet habe ich mich derweil abgestöpselt, schreibe von meinem Macbook aus.
Ich hoffe dringendst, dass ihr mir netterweise helfen mögt, ich werde versuchen, alles, was ihr mir vorschlagt, akkurat abzuhandeln.
Nur eine Frage vorweg:
Sehr gefährlich, dieser Virus? (Wahrscheinlich eh mehrere...)
Ich danke für die Aufmerksamkeit!

Liebe Grüße,
Trauerbarsch

PS.: Noch etwas: Ich hab versucht, die "drfgsnapnt.exe" zu löschen - das ging nicht, weil in Verwendung. Beim Versuch, mittels strg+alt+entf den Taskmanager aufzurufen, erscheint dieser nicht mehr im Menü - der ist einfach weg...

Geändert von Frohbarsch (12.10.2010 um 02:50 Uhr)

Alt 12.10.2010, 08:25   #2
Chris4You
 
TR/Dropper.Gen eapp32hst.dll - Standard

TR/Dropper.Gen eapp32hst.dll



Hi,

das sollte "Rogue-Malware" sein, ein pseudo "Virenscanner"...
Ist das ein 64-Bit System?


Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Falls nach der Installation der Start von MAM nicht klappt, benenne die "mbam.exe" in "test.com" um...

Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris
__________________

__________________

Alt 12.10.2010, 14:19   #3
Frohbarsch
 
TR/Dropper.Gen eapp32hst.dll - Standard

TR/Dropper.Gen eapp32hst.dll



Hallo, vielen Dank für die ersten Hilfsmaßnahmen.
Jetzt habe ich gerade Malware durchlaufen lassen (dauer ca. 1 Stunde) und als ich mir das Log ansehen wollte kam eine englische Fake-Meldung, dass Systemdateien auf meinem Computer "damaged" wären und ich werde in Kürze abgemeldet - woraufhin der PC herunterfuhr. Ich hatte keine Chance, das Logfile zu speichern.
Danach habe ich einen Quickscan laufen lassen, der 19 Einträge gefunden hat. (Der Fullscan hatte 20 gefunden).
Die Einträge habe ich gelöscht. Beim Start von Windows kommen jetzt 2 Fehlermeldungen, dass er gewisse Module nicht laden konnte. Aber die Fake-Meldungen und Pornobildchen sind verschwunden. Im Anhang poste ich nun die diversen Logfiles (Malware nur Quickscan, einen Fullscan mache ich jetzt nochmal).
Danke nochmals!
Grüße,
Zitterbarsch

Hier die Logs:
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4800

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.10.2010 15:20:32
mbam-log-2010-10-12 (15-20-32).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 136868
Laufzeit: 4 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
C:\Users\J\AppData\Local\Temp\dfrgsnapnt.exe (Trojan.FakeAlert) -> No action taken.

Infizierte Speichermodule:
C:\Users\J\AppData\Local\dlfHCE.dll (Trojan.Hiloti) -> No action taken.
C:\Users\J\AppData\Roaming\Bitrix Security\kahvux.dll (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pwiwurizevu (Trojan.Hiloti) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dfrgsnapnt.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msav (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\J\AppData\Local\dlfHCE.dll (Trojan.Hiloti) -> No action taken.
C:\Users\J\AppData\Local\Temp\dfrgsnapnt.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\J\AppData\Local\Temp\0.3038410166821255.exe (Spyware.Passwords.XGen) -> No action taken.
C:\Users\J\AppData\Local\Temp\0.6427164970198376.exe (Spyware.Passwords.XGen) -> No action taken.
C:\Users\J\AppData\Local\Temp\eapp32hst.dll (Trojan.FakeAV) -> No action taken.
C:\Users\J\AppData\Local\Temp\hSrPbRyMKG.exe (Trojan.Hiloti) -> No action taken.
C:\Users\J\AppData\Local\Temp\WINDOWS_SECURITY_CENTER.exe (Spyware.Passwords.XGen) -> No action taken.
C:\Users\J\AppData\Local\Temp\wscsvc32.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\J\AppData\Roaming\Bitrix Security\kahvux.dll (Trojan.FakeAlert) -> No action taken.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.10.2010 15:31:31 - Run 1
OTL by OldTimer - Version 3.2.15.1     Folder = C:\Users\J\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 76,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139,75 Gb Total Space | 23,65 Gb Free Space | 16,93% Space Free | Partition Type: NTFS
Drive D: | 139,61 Gb Total Space | 139,52 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive G: | 115,04 Gb Total Space | 114,94 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
 
Computer Name: ZIPFI7 | User Name: J | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWow64\crypserv.exe File not found
PRC - C:\Users\J\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
PRC - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\mafwTray.exe (Avid Technology, Inc.)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\J\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\SysNative\TUProgSt.exe (TuneUp Software)
SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software)
SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (Crypkey License) -- C:\Windows\SysNative\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_062a651.dll ()
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (OS Selector) -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WTouchService) -- C:\Programme\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (CCALib8) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\SysNative\drivers\tdrpm251.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MAFW) -- C:\Windows\SysNative\drivers\mafw.sys (Avid Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (NetworkX) -- C:\Windows\SysNative\Ckldrv.sys ()
DRV - (pbfilter) -- C:\Programme\PeerBlock\pbfilter.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 99 E5 77 D5 BA CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.16 19:13:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.16 19:13:10 | 000,000,000 | ---D | M]
 
[2010.02.19 11:06:33 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\mozilla\Extensions
[2010.10.11 15:23:01 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\mozilla\Firefox\Profiles\6w5nqf3e.default\extensions
[2010.06.30 14:42:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\J\AppData\Roaming\mozilla\Firefox\Profiles\6w5nqf3e.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.06.30 14:42:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\J\AppData\Roaming\mozilla\Firefox\Profiles\6w5nqf3e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.19 11:06:34 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\mozilla\Firefox\Profiles\6w5nqf3e.default\extensions\DTToolbar@toolbarnet.com
[2010.10.11 15:23:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.08 12:58:39 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.09.10 18:44:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.10 18:44:03 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.10 18:44:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.10 18:44:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.10 18:44:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.23 21:36:03 | 000,002,382 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1                activate.adobe.com
O1 - Hosts: 127.0.0.1                practivate.adobe.com
O1 - Hosts: 127.0.0.1                ereg.adobe.com
O1 - Hosts: 127.0.0.1                activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1                wip3.adobe.com
O1 - Hosts: 127.0.0.1                3dns-3.adobe.com
O1 - Hosts: 127.0.0.1                3dns-2.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1                ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1                activate-sea.adobe.com
O1 - Hosts: 127.0.0.1                wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1                activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1                               adobe.activate.com
O1 - Hosts: 127.0.0.1                               adobeereg.com                        
O1 - Hosts: 127.0.0.1                               www.adobeereg.com                    
O1 - Hosts: 127.0.0.1                               wwis-dubc1-vip60.adobe.com           
O1 - Hosts: 127.0.0.1                               125.252.224.90                       
O1 - Hosts: 127.0.0.1                               125.252.224.91
O1 - Hosts: 127.0.0.1                               hl2rcv.adobe.com# Start of Entries made by A1C V1x0r's cs5 Activator 
O1 - Hosts: 0.0.0.0       localhost 
O1 - Hosts: 127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1 practivate.adobe.com 
O1 - Hosts: 127.0.0.1 ereg.adobe.com 
O1 - Hosts: 12 more lines...
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [MAFWTaskbarApp] C:\Windows\SysWOW64\mafwTray.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [PeerBlock] C:\Programme\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0577f540-1e40-11df-87ee-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0577f540-1e40-11df-87ee-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Bin\ASSETUP.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.12 14:23:17 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\J\Desktop\OTL.exe
[2010.10.12 14:13:18 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\Malwarebytes
[2010.10.12 14:13:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.10.12 14:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.12 14:13:02 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.10.12 14:13:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.10.12 14:12:18 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\J\Desktop\mbam-setup.exe
[2010.10.12 02:53:39 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\Bitrix Security
[2010.09.29 14:46:52 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\WinRAR
[2010.09.28 22:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMind
[2010.09.28 18:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2010.09.28 18:33:33 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Local\eMule
[2010.09.28 18:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMule
[2010.09.27 18:38:15 | 000,000,000 | ---D | C] -- C:\Users\J\Documents\FIFA 11
[2010.09.27 17:44:28 | 000,000,000 | ---D | C] -- C:\Users\J\Documents\Warzone 2100 2.3
[2010.09.27 15:47:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2010.09.24 20:25:11 | 000,000,000 | ---D | C] -- C:\Windows\Acronis
[2010.09.24 15:49:00 | 003,694,360 | ---- | C] (Acronis) -- C:\Windows\SysNative\AutoPartNt.exe
[2010.09.22 01:31:37 | 000,000,000 | ---D | C] -- C:\Users\J\Documents\EA Games
[2010.09.22 01:08:29 | 000,000,000 | ---D | C] -- C:\Windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
[2010.09.21 21:11:07 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\Need for Speed World
[2010.09.21 20:47:30 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Local\Electronic_Arts_Inc
[2010.09.21 20:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010.09.21 20:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010.09.12 18:50:01 | 000,000,000 | ---D | C] -- C:\Users\J\Documents\MyBackups
[2010.09.12 18:48:43 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\Acronis
[2010.09.12 18:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010.09.12 18:34:30 | 000,250,400 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010.09.12 18:34:16 | 001,455,648 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm251.sys
[2010.09.12 18:34:14 | 000,929,312 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010.09.12 18:33:56 | 000,276,576 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010.09.12 18:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2010.09.12 18:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.12 15:32:51 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010.10.12 15:28:04 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.12 15:28:04 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.12 15:23:16 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.10.12 15:22:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.12 15:22:12 | 536,125,439 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.12 14:23:21 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\J\Desktop\OTL.exe
[2010.10.12 14:13:07 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.12 14:12:31 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\J\Desktop\mbam-setup.exe
[2010.10.05 10:19:23 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.10.05 04:04:07 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.10.05 04:04:07 | 000,645,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.10.05 04:04:07 | 000,607,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.10.05 04:04:07 | 000,126,822 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.10.05 04:04:07 | 000,103,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.09.28 22:22:49 | 000,014,668 | ---- | M] () -- C:\Users\J\Documents\Homepage.xmind
[2010.09.28 17:35:38 | 000,000,161 | ---- | M] () -- C:\Windows\SysNative\autopart.opt
[2010.09.27 17:43:54 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.09.27 17:43:54 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.09.24 20:16:25 | 000,276,576 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010.09.24 15:50:16 | 000,001,024 | ---- | M] () -- C:\Windows\SysNative\AutoPartNt.let
[2010.09.24 15:49:00 | 003,694,360 | ---- | M] (Acronis) -- C:\Windows\SysNative\AutoPartNt.exe
[2010.09.12 18:34:30 | 000,250,400 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010.09.12 18:34:16 | 001,455,648 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm251.sys
[2010.09.12 18:34:14 | 000,929,312 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.12 14:13:07 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 22:22:49 | 000,014,668 | ---- | C] () -- C:\Users\J\Documents\Homepage.xmind
[2010.09.24 20:25:11 | 000,000,161 | ---- | C] () -- C:\Windows\SysNative\autopart.opt
[2010.09.24 15:49:00 | 000,001,024 | ---- | C] () -- C:\Windows\SysNative\AutoPartNt.let
[2010.06.06 16:11:15 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2010.04.06 21:45:50 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.26 00:44:25 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ArtFfct.dll
[2010.02.25 19:06:45 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2010.02.22 23:16:32 | 000,007,610 | ---- | C] () -- C:\Users\J\AppData\Local\Resmon.ResmonCfg
[2010.02.20 20:09:18 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.02.20 20:09:18 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.02.20 20:09:09 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.02.20 20:09:09 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.02.20 19:53:44 | 000,022,518 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.02.20 19:51:44 | 000,016,324 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.02.20 05:45:38 | 000,000,061 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010.02.20 05:45:34 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2009.12.17 02:16:18 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\UNDERFLW.DLL
[2009.12.17 01:50:41 | 000,011,910 | ---- | C] () -- C:\Windows\SysWow64\GENMIDI.DLL
[2009.12.17 01:50:41 | 000,011,910 | ---- | C] () -- C:\Windows\Genmidi.dll
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.14 01:16:42 | 000,056,880 | ---- | C] () -- C:\Windows\SysWow64\scvideo.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.12.01 19:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1

< End of report >
         
--- --- ---
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.10.2010 15:31:31 - Run 1
OTL by OldTimer - Version 3.2.15.1     Folder = C:\Users\J\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 76,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139,75 Gb Total Space | 23,65 Gb Free Space | 16,93% Space Free | Partition Type: NTFS
Drive D: | 139,61 Gb Total Space | 139,52 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive G: | 115,04 Gb Total Space | 114,94 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
 
Computer Name: ZIPFI7 | User Name: J | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F94D3B9-2B02-9C37-740B-A59C7B8D17CC}" = ATI Catalyst Install Manager
"{61FCE7FA-FB84-649F-4075-61B8F194FCCD}" = ATI AVIVO64 Codecs
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A792E67C-FDA4-A301-0C3C-53BA86EFBB5A}" = ccc-utility64
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.5
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{02698606-3A21-489D-9D2A-75C9E8D3E5BD}" = Adobe Creative Suite 5 Design Premium
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3D6A24EA-A543-6C84-351E-D7646E7AB86E}" = Catalyst Control Center InstallProxy
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision(R)
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{451C4ACA-0B6A-4564-BD9D-A6C365DB9C76}_is1" = Bombermaaan 1.4
"{47CAFF95-C3D8-ABF2-70BC-89DE00D8FB19}" = Catalyst Control Center Graphics Light
"{4962EBAC-AE7C-1B22-1EA0-0916A7E40954}" = Catalyst Control Center Graphics Full Existing
"{49A62E2B-B35C-941D-DF48-601207CF14C0}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A490E11-6C8A-777C-4E00-43F3CC16A1EC}" = CCC Help English
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77919701-C3E7-09AA-D2F7-DBF42CD7C13D}" = Catalyst Control Center HydraVision Full
"{78B2F09F-BDC7-7865-CF4C-233B64A3BE51}" = Catalyst Control Center Graphics Full New
"{7AD8FE70-1A35-492C-9AA8-E9F9C1833040}" = Star Wars X-Wing Alliance DE
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCC78EF-027E-40E0-9B61-39932C65E3FE}" = Acronis Disk Director Home
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}" = AmpliTube2
"{CA7D1914-153C-6FD9-4B80-9F5BF3B760E1}" = HydraVision
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D241BBEC-B1C7-7953-EDDE-D90A654A8D2C}" = ccc-core-static
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D5C24E77-099E-9B84-5BE2-708E70B938A9}" = Catalyst Control Center Core Implementation
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo
"{DC4757E2-BAE3-0BFE-C6E5-576CB911FF52}" = Catalyst Control Center Graphics Previews Vista
"{FC272B66-8372-49EF-A642-28CAD2B9EAC9}" = Tron 2.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Applied Accoustics String Studio VS 1 VST DX v1.0" = Applied Accoustics String Studio VS 1 VST DX v1.0
"Arturia Minimoog V v1.0" = Arturia Minimoog V v1.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.12.7" = Biet-O-Matic v2.12.7
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Cinergy XS Series" = Cinergy XS Series V5.09.0304.00a
"CSCLIB" = Canon Camera Support Core Library
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Disk Doctors Undelete_is1" = Disk Doctors Undelete Version 1.0.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DPP" = Canon Utilities Digital Photo Professional 2.1
"eMule" = eMule
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Scanner" = EPSON Scan
"FastStone Capture" = FastStone Capture 5.3
"Hurrican_is1" = Hurrican 1.0.0.4
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Singularity(TM)
"JDownloader" = JDownloader
"LanTalk.NET_is1" = LanTalk.NET
"Live 8.0.1" = Live 8.0.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Native Instruments B4 v1.11" = Native Instruments B4 v1.11
"Native Instruments FM7" = Native Instruments FM7
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Pro-52 v2.0-OxYGeN" = Native Instruments Pro-52 v2.0-OxYGeN
"OpenAL" = OpenAL
"Pen Tablet Driver" = Bamboo
"PhotoStitch" = Canon Utilities PhotoStitch
"PokerStars.net" = PokerStars.net
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Soulseek2" = SoulSeek 157 NS 13e
"SpeedFan" = SpeedFan (remove only)
"Steinberg LM-4 VSTi v1.1" = Steinberg LM-4 VSTi v1.1
"SubDownloader2" = SubDownloader2
"TeamViewer 5" = TeamViewer 5
"TenomichiStreamer" = StreamMyGame software
"The Blocklist Manager_is1" = BLM 2.7.7
"TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.0
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.0.5
"VueScan" = VueScan
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Warzone 2100" = Warzone 2100
"WinRAR archiver" = WinRAR
"XMind" = XMind
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"Zuma's Revenge!1.0" = Zuma's Revenge!
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.4.1
"HappyFoto Bestellsoftware" = HappyFoto Bestellsoftware
"sc10-ORF_MAIN" = ORF-Ski Challenge 2010
"TeamBeam WebStart" = TeamBeam WebStart
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.09.2010 16:37:03 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll".  Die abhängige
 Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.09.2010 16:38:32 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\Adobe\adobe premiere pro cs4\MPEGHDVExport.exe".  Die abhängige Assemblierung
 "Plug-ins&#x5c;Common&#x5c;TSStrider,type="win32",version="1.0.0.0"" konnte nicht
 gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error - 01.10.2010 14:57:22 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\J\Downloads\SoftonicDownloader35529.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 02.10.2010 14:58:09 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe".  Die abhängige
 Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.10.2010 14:58:39 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error - 02.10.2010 14:59:08 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe".  Die abhängige
 Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.10.2010 14:59:22 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe".  Die 
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.10.2010 14:59:31 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll".  Die abhängige
 Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.10.2010 15:01:32 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\Adobe\adobe premiere pro cs4\MPEGHDVExport.exe".  Die abhängige Assemblierung
 "Plug-ins&#x5c;Common&#x5c;TSStrider,type="win32",version="1.0.0.0"" konnte nicht
 gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error - 05.10.2010 04:28:55 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\J\Downloads\SoftonicDownloader35529.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
[ System Events ]
Error - 21.08.2010 09:32:18 | Computer Name = Zipfi7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
Error - 21.08.2010 14:27:18 | Computer Name = Zipfi7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
Error - 22.08.2010 14:07:09 | Computer Name = Zipfi7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
Error - 23.08.2010 04:14:41 | Computer Name = Zipfi7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
Error - 25.08.2010 18:37:53 | Computer Name = Zipfi7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
Error - 26.08.2010 15:21:13 | Computer Name = Zipfi7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
Error - 26.08.2010 19:50:40 | Computer Name = Zipfi7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
Error - 26.08.2010 20:47:31 | Computer Name = Zipfi7 | Source = DCOM | ID = 10010
Description = 
 
Error - 26.08.2010 21:08:03 | Computer Name = Zipfi7 | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht vergrößert werden kann.
 
Error - 27.08.2010 07:58:51 | Computer Name = Zipfi7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
 
< End of report >
         
--- --- ---
__________________

Geändert von Frohbarsch (12.10.2010 um 14:45 Uhr)

Alt 12.10.2010, 14:43   #4
Chris4You
 
TR/Dropper.Gen eapp32hst.dll - Standard

TR/Dropper.Gen eapp32hst.dll



Hi,

ev. im abgesicherten Modus (F8 beim Booten) probieren...
Wenn das wieder passiert, nenne die mbam.exe mal auf test.com um...

Ist das ein 64Bit-System?

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 12.10.2010, 14:53   #5
Frohbarsch
 
TR/Dropper.Gen eapp32hst.dll - Standard

TR/Dropper.Gen eapp32hst.dll



Achja, hatte ich vergessen - ist ein 64Bit System.
Insgesamt macht es mir aber jetzt einen besseren Eindruck - Ich hab keine Fake-Meldungen mehr und die dubiosen Dateien im Temp-Ordner sind gelöscht.

Eine Frage: Wenn man sich so eine infizierte Datei durch irgendetwas herunterlädt - legt der Trojaner dann gleich los, oder gibt es auch eine Art "Inkubationszeit"? Das ganze hat gestern plötzlich angefangen, nachdem ich mir bei Chip.de zwei Free-Games runtergeladen hatte... Aber vielleicht kommt es auch anderswo her?


Alt 12.10.2010, 15:26   #6
Chris4You
 
TR/Dropper.Gen eapp32hst.dll - Standard

TR/Dropper.Gen eapp32hst.dll



Hi,

Nomalerweise legt das Teil gleich los... max. (wenn Treiber installiert werden) bis zum nächsten Systemstart...

Java ist veraltet, updaten!
Download Java-Downloads für alle Betriebssysteme
Schliesse alle Programme auch Deinen Webbrowser
Über "Start -> Einstellungen -> Systemsteuerung -> Software
entferne alle älteren Versionen von Java Runtime Environment (JRE of J2SE)
Auch auf C:\Programme\Java entfernen!
Nachdem alles entfernt wurde --->Rechner neu starten
Installiere jetzt vom Desktop aus die neue Version!


Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
PRC - C:\Windows\SysWow64\crypserv.exe File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1

:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Sonst sieht es gut aus...
Keine Umleitungen etc.?

chris
__________________
--> TR/Dropper.Gen eapp32hst.dll

Alt 12.10.2010, 18:15   #7
Frohbarsch
 
TR/Dropper.Gen eapp32hst.dll - Standard

TR/Dropper.Gen eapp32hst.dll



Hallo Chris,
erstmal vielen Dank für die erste Auswertung.
Ich habe jetzt nochmal einen Full-Scan mit Malware laufen lassen, der nochmal 5 (bzw 4) Einträge gebracht hat, die ich bereinigt habe. Deswegen habe ich auch OTL nochmal laufen lassen, da er bei den Fixes, die du mir geschickt hast hängen geblieben ist, anscheinend hat sich da inzwischen was geändert gehabt.
Hier also nochmal die neuesten Logs der beiden Programme.
Java werde ich auch gleich updaten.
Nochmals vielen Dank, sieht wieder viel besser aus!
Nur noch eine Frage: muss ich trotzdem neu aufsetzen? Ich weiß, man kann nie vorsichti genug sein, aber glaubst du ist es wirklich notwendig?
Ach, und noch was: was meinst du mit "Umleitungen"?
Schöne Grüße,
Hier die Logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4800

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.10.2010 17:17:34
mbam-log-2010-10-12 (17-17-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 338160
Laufzeit: 52 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJXMHF3M\5-direct[1].ex (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJXMHF3M\setup[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSBEBTNG\5-direct[1].ex (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\J\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSBEBTNG\setup[2].exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\J\Desktop\Programme & Tools\hda_srv\hdl_dumb.exe (Trojan.Dropper) -> Not selected for removal.


-----------------------------------------OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.10.2010 19:05:51 - Run 3
OTL by OldTimer - Version 3.2.15.1     Folder = C:\Users\J\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 77,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139,75 Gb Total Space | 23,66 Gb Free Space | 16,93% Space Free | Partition Type: NTFS
Drive D: | 139,61 Gb Total Space | 139,52 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive G: | 115,04 Gb Total Space | 114,94 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
 
Computer Name: ZIPFI7 | User Name: J | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWow64\crypserv.exe File not found
PRC - C:\Users\J\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
PRC - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\mafwTray.exe (Avid Technology, Inc.)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\J\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\SysNative\TUProgSt.exe (TuneUp Software)
SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software)
SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (Crypkey License) -- C:\Windows\SysNative\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_062a651.dll ()
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (OS Selector) -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WTouchService) -- C:\Programme\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (CCALib8) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\SysNative\drivers\tdrpm251.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MAFW) -- C:\Windows\SysNative\drivers\mafw.sys (Avid Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (NetworkX) -- C:\Windows\SysNative\Ckldrv.sys ()
DRV - (pbfilter) -- C:\Programme\PeerBlock\pbfilter.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 99 E5 77 D5 BA CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.16 19:13:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.16 19:13:10 | 000,000,000 | ---D | M]
 
[2010.02.19 11:06:33 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\mozilla\Extensions
[2010.10.12 15:43:02 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\mozilla\Firefox\Profiles\6w5nqf3e.default\extensions
[2010.06.30 14:42:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\J\AppData\Roaming\mozilla\Firefox\Profiles\6w5nqf3e.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.06.30 14:42:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\J\AppData\Roaming\mozilla\Firefox\Profiles\6w5nqf3e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.19 11:06:34 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\mozilla\Firefox\Profiles\6w5nqf3e.default\extensions\DTToolbar@toolbarnet.com
[2010.10.12 15:43:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.08 12:58:39 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.09.10 18:44:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.10 18:44:03 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.10 18:44:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.10 18:44:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.10 18:44:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.23 21:36:03 | 000,002,382 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1                activate.adobe.com
O1 - Hosts: 127.0.0.1                practivate.adobe.com
O1 - Hosts: 127.0.0.1                ereg.adobe.com
O1 - Hosts: 127.0.0.1                activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1                wip3.adobe.com
O1 - Hosts: 127.0.0.1                3dns-3.adobe.com
O1 - Hosts: 127.0.0.1                3dns-2.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1                ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1                activate-sea.adobe.com
O1 - Hosts: 127.0.0.1                wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1                activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1                               adobe.activate.com
O1 - Hosts: 127.0.0.1                               adobeereg.com                        
O1 - Hosts: 127.0.0.1                               www.adobeereg.com                    
O1 - Hosts: 127.0.0.1                               wwis-dubc1-vip60.adobe.com           
O1 - Hosts: 127.0.0.1                               125.252.224.90                       
O1 - Hosts: 127.0.0.1                               125.252.224.91
O1 - Hosts: 127.0.0.1                               hl2rcv.adobe.com# Start of Entries made by A1C V1x0r's cs5 Activator 
O1 - Hosts: 0.0.0.0       localhost 
O1 - Hosts: 127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1 practivate.adobe.com 
O1 - Hosts: 127.0.0.1 ereg.adobe.com 
O1 - Hosts: 12 more lines...
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [MAFWTaskbarApp] C:\Windows\SysWOW64\mafwTray.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [PeerBlock] C:\Programme\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0577f540-1e40-11df-87ee-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0577f540-1e40-11df-87ee-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Bin\ASSETUP.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.12 18:55:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.10.12 14:23:17 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\J\Desktop\OTL.exe
[2010.10.12 14:13:18 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\Malwarebytes
[2010.10.12 14:13:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.10.12 14:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.12 14:13:02 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.10.12 14:13:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.10.12 14:12:18 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\J\Desktop\mbam-setup.exe
[2010.10.12 02:53:39 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\Bitrix Security
[2010.09.29 14:46:52 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\WinRAR
[2010.09.28 22:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMind
[2010.09.28 18:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2010.09.28 18:33:33 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Local\eMule
[2010.09.28 18:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMule
[2010.09.27 18:38:15 | 000,000,000 | ---D | C] -- C:\Users\J\Documents\FIFA 11
[2010.09.27 17:44:28 | 000,000,000 | ---D | C] -- C:\Users\J\Documents\Warzone 2100 2.3
[2010.09.27 15:47:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2010.09.24 20:25:11 | 000,000,000 | ---D | C] -- C:\Windows\Acronis
[2010.09.24 15:49:00 | 003,694,360 | ---- | C] (Acronis) -- C:\Windows\SysNative\AutoPartNt.exe
[2010.09.22 01:31:37 | 000,000,000 | ---D | C] -- C:\Users\J\Documents\EA Games
[2010.09.22 01:08:29 | 000,000,000 | ---D | C] -- C:\Windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
[2010.09.21 21:11:07 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\Need for Speed World
[2010.09.21 20:47:30 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Local\Electronic_Arts_Inc
[2010.09.21 20:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010.09.21 20:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.12 19:04:36 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.12 19:04:36 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.12 19:00:17 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.10.12 18:59:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.12 18:58:59 | 536,125,439 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.12 15:32:51 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010.10.12 14:23:21 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\J\Desktop\OTL.exe
[2010.10.12 14:13:07 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.12 14:12:31 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\J\Desktop\mbam-setup.exe
[2010.10.05 10:19:23 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.10.05 04:04:07 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.10.05 04:04:07 | 000,645,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.10.05 04:04:07 | 000,607,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.10.05 04:04:07 | 000,126,822 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.10.05 04:04:07 | 000,103,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.09.28 22:22:49 | 000,014,668 | ---- | M] () -- C:\Users\J\Documents\Homepage.xmind
[2010.09.28 17:35:38 | 000,000,161 | ---- | M] () -- C:\Windows\SysNative\autopart.opt
[2010.09.27 17:43:54 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.09.27 17:43:54 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.09.24 20:16:25 | 000,276,576 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010.09.24 15:50:16 | 000,001,024 | ---- | M] () -- C:\Windows\SysNative\AutoPartNt.let
[2010.09.24 15:49:00 | 003,694,360 | ---- | M] (Acronis) -- C:\Windows\SysNative\AutoPartNt.exe
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.12 14:13:07 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 22:22:49 | 000,014,668 | ---- | C] () -- C:\Users\J\Documents\Homepage.xmind
[2010.09.24 20:25:11 | 000,000,161 | ---- | C] () -- C:\Windows\SysNative\autopart.opt
[2010.09.24 15:49:00 | 000,001,024 | ---- | C] () -- C:\Windows\SysNative\AutoPartNt.let
[2010.06.06 16:11:15 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2010.04.06 21:45:50 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.26 00:44:25 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ArtFfct.dll
[2010.02.25 19:06:45 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2010.02.22 23:16:32 | 000,007,610 | ---- | C] () -- C:\Users\J\AppData\Local\Resmon.ResmonCfg
[2010.02.20 20:09:18 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.02.20 20:09:18 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.02.20 20:09:09 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.02.20 20:09:09 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.02.20 19:53:44 | 000,022,518 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.02.20 19:51:44 | 000,016,324 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.02.20 05:45:38 | 000,000,061 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010.02.20 05:45:34 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2009.12.17 02:16:18 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\UNDERFLW.DLL
[2009.12.17 01:50:41 | 000,011,910 | ---- | C] () -- C:\Windows\SysWow64\GENMIDI.DLL
[2009.12.17 01:50:41 | 000,011,910 | ---- | C] () -- C:\Windows\Genmidi.dll
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.14 01:16:42 | 000,056,880 | ---- | C] () -- C:\Windows\SysWow64\scvideo.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.12.01 19:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1

< End of report >
         
--- --- ---
----------------------------------------------OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.10.2010 19:05:51 - Run 3
OTL by OldTimer - Version 3.2.15.1     Folder = C:\Users\J\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 77,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139,75 Gb Total Space | 23,66 Gb Free Space | 16,93% Space Free | Partition Type: NTFS
Drive D: | 139,61 Gb Total Space | 139,52 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive G: | 115,04 Gb Total Space | 114,94 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
 
Computer Name: ZIPFI7 | User Name: J | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F94D3B9-2B02-9C37-740B-A59C7B8D17CC}" = ATI Catalyst Install Manager
"{61FCE7FA-FB84-649F-4075-61B8F194FCCD}" = ATI AVIVO64 Codecs
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A792E67C-FDA4-A301-0C3C-53BA86EFBB5A}" = ccc-utility64
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.5
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{02698606-3A21-489D-9D2A-75C9E8D3E5BD}" = Adobe Creative Suite 5 Design Premium
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3D6A24EA-A543-6C84-351E-D7646E7AB86E}" = Catalyst Control Center InstallProxy
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision(R)
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{451C4ACA-0B6A-4564-BD9D-A6C365DB9C76}_is1" = Bombermaaan 1.4
"{47CAFF95-C3D8-ABF2-70BC-89DE00D8FB19}" = Catalyst Control Center Graphics Light
"{4962EBAC-AE7C-1B22-1EA0-0916A7E40954}" = Catalyst Control Center Graphics Full Existing
"{49A62E2B-B35C-941D-DF48-601207CF14C0}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A490E11-6C8A-777C-4E00-43F3CC16A1EC}" = CCC Help English
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77919701-C3E7-09AA-D2F7-DBF42CD7C13D}" = Catalyst Control Center HydraVision Full
"{78B2F09F-BDC7-7865-CF4C-233B64A3BE51}" = Catalyst Control Center Graphics Full New
"{7AD8FE70-1A35-492C-9AA8-E9F9C1833040}" = Star Wars X-Wing Alliance DE
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCC78EF-027E-40E0-9B61-39932C65E3FE}" = Acronis Disk Director Home
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}" = AmpliTube2
"{CA7D1914-153C-6FD9-4B80-9F5BF3B760E1}" = HydraVision
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D241BBEC-B1C7-7953-EDDE-D90A654A8D2C}" = ccc-core-static
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D5C24E77-099E-9B84-5BE2-708E70B938A9}" = Catalyst Control Center Core Implementation
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo
"{DC4757E2-BAE3-0BFE-C6E5-576CB911FF52}" = Catalyst Control Center Graphics Previews Vista
"{FC272B66-8372-49EF-A642-28CAD2B9EAC9}" = Tron 2.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Applied Accoustics String Studio VS 1 VST DX v1.0" = Applied Accoustics String Studio VS 1 VST DX v1.0
"Arturia Minimoog V v1.0" = Arturia Minimoog V v1.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.12.7" = Biet-O-Matic v2.12.7
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Cinergy XS Series" = Cinergy XS Series V5.09.0304.00a
"CSCLIB" = Canon Camera Support Core Library
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Disk Doctors Undelete_is1" = Disk Doctors Undelete Version 1.0.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DPP" = Canon Utilities Digital Photo Professional 2.1
"eMule" = eMule
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Scanner" = EPSON Scan
"FastStone Capture" = FastStone Capture 5.3
"Hurrican_is1" = Hurrican 1.0.0.4
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Singularity(TM)
"JDownloader" = JDownloader
"LanTalk.NET_is1" = LanTalk.NET
"Live 8.0.1" = Live 8.0.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Native Instruments B4 v1.11" = Native Instruments B4 v1.11
"Native Instruments FM7" = Native Instruments FM7
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Pro-52 v2.0-OxYGeN" = Native Instruments Pro-52 v2.0-OxYGeN
"OpenAL" = OpenAL
"Pen Tablet Driver" = Bamboo
"PhotoStitch" = Canon Utilities PhotoStitch
"PokerStars.net" = PokerStars.net
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Soulseek2" = SoulSeek 157 NS 13e
"SpeedFan" = SpeedFan (remove only)
"Steinberg LM-4 VSTi v1.1" = Steinberg LM-4 VSTi v1.1
"SubDownloader2" = SubDownloader2
"TeamViewer 5" = TeamViewer 5
"TenomichiStreamer" = StreamMyGame software
"The Blocklist Manager_is1" = BLM 2.7.7
"TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.0
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.0.5
"VueScan" = VueScan
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Warzone 2100" = Warzone 2100
"WinRAR archiver" = WinRAR
"XMind" = XMind
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"Zuma's Revenge!1.0" = Zuma's Revenge!
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.4.1
"HappyFoto Bestellsoftware" = HappyFoto Bestellsoftware
"sc10-ORF_MAIN" = ORF-Ski Challenge 2010
"TeamBeam WebStart" = TeamBeam WebStart
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.09.2010 16:38:32 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\Adobe\adobe premiere pro cs4\MPEGHDVExport.exe".  Die abhängige Assemblierung
 "Plug-ins&#x5c;Common&#x5c;TSStrider,type="win32",version="1.0.0.0"" konnte nicht
 gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error - 01.10.2010 14:57:22 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\J\Downloads\SoftonicDownloader35529.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 02.10.2010 14:58:09 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe".  Die abhängige
 Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.10.2010 14:58:39 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error - 02.10.2010 14:59:08 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe".  Die abhängige
 Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.10.2010 14:59:22 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe".  Die 
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.10.2010 14:59:31 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll".  Die abhängige
 Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.10.2010 15:01:32 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\Adobe\adobe premiere pro cs4\MPEGHDVExport.exe".  Die abhängige Assemblierung
 "Plug-ins&#x5c;Common&#x5c;TSStrider,type="win32",version="1.0.0.0"" konnte nicht
 gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error - 05.10.2010 04:28:55 | Computer Name = Zipfi7 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\J\Downloads\SoftonicDownloader35529.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 12.10.2010 12:56:32 | Computer Name = Zipfi7 | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.15.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 13a0    Startzeit:
 01cb6a20a6479ead    Endzeit: 0    Anwendungspfad: C:\Users\J\Desktop\OTL.exe    Berichts-ID:
 a6fe4e36-d621-11df-8ebc-90e6ba885139  
 
[ System Events ]
Error - 21.08.2010 09:32:18 | Computer Name = Zipfi7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
Error - 21.08.2010 14:27:18 | Computer Name = Zipfi7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
Error - 22.08.2010 14:07:09 | Computer Name = Zipfi7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
Error - 23.08.2010 04:14:41 | Computer Name = Zipfi7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
Error - 25.08.2010 18:37:53 | Computer Name = Zipfi7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
Error - 26.08.2010 15:21:13 | Computer Name = Zipfi7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
Error - 26.08.2010 19:50:40 | Computer Name = Zipfi7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
Error - 26.08.2010 20:47:31 | Computer Name = Zipfi7 | Source = DCOM | ID = 10010
Description = 
 
Error - 26.08.2010 21:08:03 | Computer Name = Zipfi7 | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht vergrößert werden kann.
 
Error - 27.08.2010 07:58:51 | Computer Name = Zipfi7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
 
< End of report >
         
--- --- ---

Alt 13.10.2010, 11:12   #8
Chris4You
 
TR/Dropper.Gen eapp32hst.dll - Standard

TR/Dropper.Gen eapp32hst.dll



Hi,

das sieht doch schon viel besser aus, noch irgendwelche Probleme?

JAVA
Deine Javasoftware ist veraltet!
Download Java-Downloads für alle Betriebssysteme
Schliesse alle Programme auch Deinen Webbrowser
Über "Start -> Einstellungen -> Systemsteuerung -> Software
entferne alle älteren Versionen von Java Runtime Environment (JRE of J2SE)
Auch auf C:\Programme\Java entfernen!
Nachdem alles entfernt wurde --->Rechner neu starten
Installiere jetzt vom Desktop aus die neue Version!

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu TR/Dropper.Gen eapp32hst.dll
.dll, anleitung, datei, erstellt, foren, frage, fund, gefährliche, gen, google, internet, kleine, klicke, löschen, meldungen, neu, ordner, passwörter, tr/dropper.gen, verursacht, viren, virus, virus?, weg..., windows, windows 7




Ähnliche Themen: TR/Dropper.Gen eapp32hst.dll


  1. tr/dropper.gen
    Log-Analyse und Auswertung - 29.10.2014 (9)
  2. (mehrere) Trojanermeldung(en) AVG (Win8.1) : "Trojaner: Dropper.Generic2.ANGG.dropper"
    Log-Analyse und Auswertung - 11.07.2014 (3)
  3. Trojaner TR/Crypt.ZPACK.Gen infiziert (eapp32hst.dll)
    Plagegeister aller Art und deren Bekämpfung - 19.10.2010 (17)
  4. TR/Crypt.ZPACK.Gen in C:\Users\***\AppData\Local\Temp\eapp32hst.dl
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (18)
  5. eapp32hst.dll - TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (3)
  6. Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (9)
  7. TR/Dropper.gen
    Plagegeister aller Art und deren Bekämpfung - 21.10.2009 (0)
  8. TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 09.09.2009 (40)
  9. TR/dropper.gen
    Plagegeister aller Art und deren Bekämpfung - 05.08.2009 (1)
  10. TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.07.2009 (29)
  11. Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 17.07.2009 (2)
  12. TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 26.06.2009 (44)
  13. TR.Dropper.GEn
    Log-Analyse und Auswertung - 16.06.2009 (0)
  14. Dropper.Gen?
    Plagegeister aller Art und deren Bekämpfung - 26.06.2008 (5)
  15. TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 21.05.2008 (21)
  16. TR Dropper Gen.
    Log-Analyse und Auswertung - 14.05.2008 (1)
  17. TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 11.05.2008 (3)

Zum Thema TR/Dropper.Gen eapp32hst.dll - Liebe Alle, Seit einer halben Stunde warnt mich Windows 7, dass eine fremde Person versucht, meine Passwörter auszuforschen, dass mein PC von gefährlichen Viren befallen ist , etc... Antivir meldet - TR/Dropper.Gen eapp32hst.dll...
Archiv
Du betrachtest: TR/Dropper.Gen eapp32hst.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.