|
Plagegeister aller Art und deren Bekämpfung: Problem mit Trojaner tr crypt.epack.gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.11.2010, 23:58 | #1 |
| Problem mit Trojaner tr crypt.epack.gen2 Hallo! Ich hoffe, dass ihr mir helfen könnt! Habe von avira die meldung bekommen, dass sich in meinem system ein tr crypt.epack.gen2 trojaner versteckt und hab schon alles von avira ausprobiert, verweigern - nix, in quarantäne - nix, löschen - nix... wurde alles nur noch schlimmer, hab ich das gefühl. habe auf bestimmte dateien keinen zugriff mehr, obwohl ich als admin angemeldet bin und bekomme stets die fehlermeldung von rundlll32.exe, dass ich keine berechtigung zum zugriff habe. noch zur info: habe vista 32-bit und avira 9. hier der report von malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5063 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 06.11.2010 23:50:48 mbam-log-2010-11-06 (23-50-48).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 161474 Laufzeit: 17 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 6 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\X3EKEPXJP2 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\System32\drivers\98597511.sys (Rootkit.Agent.H) -> Quarantined and deleted successfully. C:\Windows\System32\drivers\99093622.sys (Rootkit.Agent.H) -> Quarantined and deleted successfully. C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Hilfe.. |
07.11.2010, 00:46 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit Trojaner tr crypt.epack.gen2Zitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
07.11.2010, 15:12 | #3 |
| Problem mit Trojaner tr crypt.epack.gen2 Sooo... Hier also der vollständige Scan:
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5064 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 07.11.2010 10:25:36 mbam-log-2010-11-07 (10-25-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 382966 Laufzeit: 2 Stunde(n), 2 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\System Volume Information\SystemRestore\FRStaging\Users\Jenny\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully. C:\Users\***\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully. Hier das OTL-Logfile: Code:
ATTFilter OTL logfile created on: 07.11.2010 14:56:42 - Run 3 OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,78 Gb Total Space | 46,08 Gb Free Space | 20,69% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,12 Gb Free Space | 61,15% Space Free | Partition Type: NTFS Drive H: | 298,02 Gb Total Space | 162,72 Gb Free Space | 54,60% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Dell Support Center\gs_agent\dsc.exe (SupportSoft, Inc.) PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) ========== Driver Services (SafeList) ========== DRV - (WtSmpFlt) -- C:\Windows\System32\DRIVERS\wtsmpflt.sys File not found DRV - (wtsmpadap) -- C:\Windows\System32\DRIVERS\wtsmpadap.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys File not found DRV - (LVRS) -- C:\Windows\System32\DRIVERS\lvrs.sys File not found DRV - (LVMVDrv) -- C:\Windows\System32\DRIVERS\LVMVDrv.sys File not found DRV - (LVcKap) -- C:\Windows\System32\DRIVERS\LVcKap.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (BCM42RLY) -- C:\Windows\System32\drivers\BCM42RLY.sys File not found DRV - (99093622) -- C:\Windows\System32\DRIVERS\99093622.sys File not found DRV - (98597511) -- C:\Windows\System32\DRIVERS\98597511.sys File not found DRV - (uti5ndy0) -- C:\Windows\System32\drivers\uti5ndy0.sys () DRV - (LVUVC) Logitech QuickCam Pro 9000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (98597512) -- C:\Windows\system32\DRIVERS\98597512.sys (Kaspersky Lab) DRV - (77506082) -- C:\Windows\system32\DRIVERS\77506082.sys (Kaspersky Lab) DRV - (71022332) -- C:\Windows\system32\DRIVERS\71022332.sys (Kaspersky Lab) DRV - (07598482) -- C:\Windows\system32\DRIVERS\07598482.sys (Kaspersky Lab) DRV - (setup_9.0.0.722_05.11.2010_22-12drv) -- C:\Windows\System32\drivers\7750608.sys (Kaspersky Lab) DRV - (99093621) -- C:\Windows\System32\drivers\99093621.sys (Kaspersky Lab) DRV - (77506081) -- C:\Windows\System32\drivers\77506081.sys (Kaspersky Lab) DRV - (71022331) -- C:\Windows\System32\drivers\71022331.sys (Kaspersky Lab) DRV - (07598481) -- C:\Windows\System32\drivers\07598481.sys (Kaspersky Lab) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro ) DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro ) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation) DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation) DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation) DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation) DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation) DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation) DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation) DRV - (PCAMp50) -- C:\Windows\System32\drivers\PCAMp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=6080702 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=6080702 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 8C 6F C2 F8 7D CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=" FF - prefs.js..browser.search.order.1: "Fast Browser Search" FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={947DCE2B-C81E-EE19-3397-AA1C3D2D8433}&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 14:07:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.20 13:11:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.20 13:11:50 | 000,000,000 | ---D | M] [2009.02.07 02:21:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2009.02.07 02:21:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.10.26 21:42:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\j9cwjmtr.default\extensions [2010.11.05 21:23:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\j9cwjmtr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.05 21:23:52 | 000,000,000 | ---D | M] (My Web Tattoo (Fast Browser Search)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\j9cwjmtr.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} [2009.08.10 11:38:06 | 000,005,407 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\j9cwjmtr.default\searchplugins\fast-browser-search.xml [2009.05.06 21:29:37 | 000,001,632 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\j9cwjmtr.default\searchplugins\live-search.xml [2010.10.25 19:31:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.05 20:49:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.25 19:31:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.09.21 08:48:28 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.21 08:48:28 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.21 08:48:28 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.21 08:48:28 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.21 08:48:28 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Programme\ArcSoft\MediaConverter 2.5 for Philips\Stream Ripper\ArcURLRecord.dll (ArcSoft, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_05.11.2010_22-12.lnk = C:\Users\***\Desktop\Virus Removal Tool4\setup_9.0.0.722_05.11.2010_22-12\startup.exe () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Computer) O15 - HKCU\..Trusted Ranges: GD ([http] in Computer) O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} hxxp://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab (MSN Photo Upload Tool) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1221907588 (Image Uploader Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1216076313 (Image Uploader Control) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0858ccca-d557-11df-9e5d-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{0858ccca-d557-11df-9e5d-001c2357f659}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{3856cf60-2063-11df-96fb-00ade1ac1c1a}\Shell - "" = AutoRun O33 - MountPoints2\{3856cf60-2063-11df-96fb-00ade1ac1c1a}\Shell\AutoRun\command - "" = H:\Start.exe -- File not found O33 - MountPoints2\{3856cf63-2063-11df-96fb-001e101f7f74}\Shell - "" = AutoRun O33 - MountPoints2\{3856cf63-2063-11df-96fb-001e101f7f74}\Shell\AutoRun\command - "" = H:\Start.exe -- File not found O33 - MountPoints2\{6c357368-c8ae-11de-9a43-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{6c357368-c8ae-11de-9a43-001c2357f659}\Shell\AutoRun\command - "" = F:\LEFT-DOWN-AUTORUN-2.EXE -- File not found O33 - MountPoints2\{6da92a9d-2060-11df-8670-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6da92a9d-2060-11df-8670-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Start.exe -- File not found O33 - MountPoints2\{6da92b0d-2060-11df-8670-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{6da92b0d-2060-11df-8670-001c2357f659}\Shell\AutoRun\command - "" = H:\Start.exe -- File not found O33 - MountPoints2\{85257fc9-d532-11df-b35f-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{85257fc9-d532-11df-b35f-001c2357f659}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{85257fd7-d532-11df-b35f-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{85257fd7-d532-11df-b35f-001c2357f659}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{85257fd8-d532-11df-b35f-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{85257fd8-d532-11df-b35f-001c2357f659}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{a2f41d9c-d9f2-11df-afff-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{a2f41d9c-d9f2-11df-afff-001c2357f659}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{aad71efc-2b2e-11de-83a6-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{aad71efc-2b2e-11de-83a6-001c2357f659}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found O33 - MountPoints2\{c28654b5-d2a1-11de-b0a9-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{c28654b5-d2a1-11de-b0a9-001c2357f659}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O33 - MountPoints2\{d02c1c5e-d638-11df-8ed8-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{d02c1c5e-d638-11df-8ed8-001c2357f659}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{d02c1c60-d638-11df-8ed8-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{d02c1c60-d638-11df-8ed8-001c2357f659}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{d725d863-205e-11df-ad76-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{d725d863-205e-11df-ad76-001c2357f659}\Shell\AutoRun\command - "" = H:\Start.exe -- File not found O33 - MountPoints2\{e2373949-d5f7-11df-b2b3-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{e2373949-d5f7-11df-b2b3-001c2357f659}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{e237394a-d5f7-11df-b2b3-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{e237394a-d5f7-11df-b2b3-001c2357f659}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Start.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.06 23:07:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.11.06 23:06:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.06 23:06:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.06 23:06:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.06 23:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.06 22:45:01 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\7750608.sys [2010.11.06 22:45:01 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\77506081.sys [2010.11.06 22:45:01 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\77506082.sys [2010.11.06 22:45:01 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Virus Removal Tool4 [2010.11.06 22:13:17 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\9859751.sys [2010.11.06 22:13:17 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\98597512.sys [2010.11.06 22:13:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Virus Removal Tool3 [2010.11.06 22:04:51 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\7102233.sys [2010.11.06 22:04:51 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\71022331.sys [2010.11.06 22:04:51 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\71022332.sys [2010.11.06 11:22:34 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Virus Removal Tool2 [2010.11.06 00:52:08 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\9909362.sys [2010.11.06 00:52:08 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\99093621.sys [2010.11.06 00:52:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Virus Removal Tool1 [2010.11.05 21:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.11.05 21:47:58 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\0759848.sys [2010.11.05 21:47:58 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\07598481.sys [2010.11.05 21:47:58 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\07598482.sys [2010.11.05 21:47:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Virus Removal Tool [2010.11.03 10:07:13 | 000,000,000 | ---D | C] -- C:\sj646 [2010.10.27 14:11:38 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010.10.27 14:11:37 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.10.27 14:11:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.10.25 19:31:02 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.10.25 19:31:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.10.25 19:31:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.10.25 17:42:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Nero [2010.10.24 20:57:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\logishrd [2010.10.24 20:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2010.10.24 20:56:46 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\LWS [2010.10.20 15:34:39 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\rsdownloads [2010.10.20 15:34:18 | 000,000,000 | ---D | C] -- C:\Programme\RSDownloader 2.3 [2010.10.20 15:20:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\kikin [2010.10.20 15:20:41 | 000,000,000 | ---D | C] -- C:\Programme\kikin [2010.10.20 13:59:01 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\LimeWire [2010.10.20 13:56:40 | 000,000,000 | ---D | C] -- C:\Programme\LimeWire [2010.10.13 22:08:59 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.13 22:08:34 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.13 22:08:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.10.13 22:07:27 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.13 22:07:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.13 22:07:24 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.13 22:07:23 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.10.13 22:07:23 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.13 22:07:23 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.13 22:07:23 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.13 22:07:23 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.13 22:07:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.10.13 22:07:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.10.13 22:07:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.10.13 22:07:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.10.13 22:07:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.13 22:07:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.13 22:07:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.10.13 22:07:22 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.13 22:07:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.13 22:07:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.13 22:07:18 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.13 22:07:18 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.13 22:07:11 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.13 22:07:10 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.13 22:07:09 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.12 22:09:36 | 000,000,000 | ---D | C] -- C:\Programme\Zattoo4 [2010.10.12 21:18:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LogiShrd [2010.10.12 21:16:54 | 000,000,000 | ---D | C] -- C:\Programme\Logitech [2010.10.11 18:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2010.10.11 14:14:24 | 000,000,000 | ---D | C] -- C:\HP LJ1320 PCL6 Driver [2010.10.11 13:34:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Vodafone [2010.10.11 13:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone [2010.10.11 13:33:39 | 000,000,000 | ---D | C] -- C:\Programme\Vodafone [2010.10.11 13:33:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D53238E8-3427-491E-A57E-097FA966AAC1} ========== Files - Modified Within 30 Days ========== [2010.11.07 14:52:12 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2010.11.07 14:17:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.07 13:40:33 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.11.07 13:22:17 | 000,181,433 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.11.07 13:22:17 | 000,181,433 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.11.07 13:19:22 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.07 13:19:22 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.07 13:19:22 | 000,127,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.07 13:19:22 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.07 13:18:01 | 000,023,552 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.07 13:12:23 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.07 13:12:23 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.07 13:12:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.07 13:12:11 | 3217,522,688 | -HS- | M] () -- C:\hiberfil.sys [2010.11.07 10:29:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.11.06 23:06:47 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.06 22:49:45 | 000,007,168 | ---- | M] () -- C:\Windows\System32\drivers\uti5ndy0.sys [2010.11.06 22:46:28 | 000,002,204 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_05.11.2010_22-12.lnk [2010.11.05 19:44:35 | 000,206,321 | ---- | M] () -- C:\Users\***\Documents\USB [2010.11.05 17:19:33 | 000,355,893 | ---- | M] () -- C:\Users\***\Documents\lp_gy_franz%F6sisch_2009.pdf [2010.11.05 17:17:42 | 000,365,730 | ---- | M] () -- C:\Users\***\Documents\lp_gy_deutsch_2009.pdf [2010.11.05 12:31:54 | 000,142,693 | ---- | M] () -- C:\Users\***\Ipa-chart-all-1000px.png [2010.11.03 00:28:42 | 000,000,138 | ---- | M] () -- C:\Users\***\AppData\Roaming\default.rss [2010.11.03 00:04:38 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.01 09:46:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null [2010.10.25 15:21:23 | 000,046,080 | ---- | M] () -- C:\Users\***\Only Hope.doc [2010.10.24 21:55:37 | 000,067,288 | ---- | M] () -- C:\Users\***\Handzettel_Umzugsbeihilfe.pdf [2010.10.24 15:01:43 | 000,107,405 | ---- | M] () -- C:\Users\***\1620184189-foxi-comic.9.jpg [2010.10.23 18:24:17 | 000,024,977 | ---- | M] () -- C:\Users\***\satzung_zweitwohnungssteuer.pdf [2010.10.23 18:24:12 | 000,085,623 | ---- | M] () -- C:\Users\***\Anmeldung.pdf [2010.10.23 18:24:06 | 000,074,724 | ---- | M] () -- C:\Users\***\Handzettel_Info_Zweitwohnungssteuer.pdf [2010.10.23 18:18:11 | 000,094,022 | ---- | M] () -- C:\Users\***\Wohngeldantrag_Mietzuschuss_und_Lastenzuschuss.pdf [2010.10.20 19:04:23 | 000,048,821 | ---- | M] () -- C:\Users\***\Documents\simyo rechnung september.pdf [2010.10.20 11:53:11 | 000,151,569 | ---- | M] () -- C:\Users\***\simyokündigung.docx [2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.10.17 18:48:36 | 000,366,637 | ---- | M] () -- C:\Users\***\verbundtarif.pdf [2010.10.14 16:14:11 | 000,408,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.12 13:46:19 | 000,001,212 | ---- | M] () -- C:\Users\***\Documents\report.htm [2010.10.11 20:10:52 | 000,077,328 | ---- | M] () -- C:\Users\***\Documents\USB1 [2010.10.11 18:19:41 | 000,240,707 | ---- | M] () -- C:\Users\***\2010-10-11-1075613702_04-RG.pdf [2010.10.11 13:51:32 | 000,009,208 | ---- | M] () -- C:\Users\***\Kontoumsaetze_703_752653600_20101011_145102.pdf [2010.10.10 20:44:20 | 000,000,162 | -H-- | M] () -- C:\Users\***\Desktop\~$undenplan.docx ========== Files Created - No Company Name ========== [2010.11.06 23:06:47 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.06 22:07:28 | 000,002,204 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_05.11.2010_22-12.lnk [2010.11.06 11:26:32 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\uti5ndy0.sys [2010.11.05 20:14:08 | 000,010,891 | ---- | C] () -- C:\Users\***\hijackthis.log [2010.11.05 19:50:38 | 000,272,341 | ---- | C] () -- C:\Users\***\Setup.xml [2010.11.05 17:19:33 | 000,355,893 | ---- | C] () -- C:\Users\***\Documents\lp_gy_franz%F6sisch_2009.pdf [2010.11.05 17:17:42 | 000,365,730 | ---- | C] () -- C:\Users\***\Documents\lp_gy_deutsch_2009.pdf [2010.11.05 12:31:53 | 000,142,693 | ---- | C] () -- C:\Users\***\Ipa-chart-all-1000px.png [2010.11.03 23:26:59 | 000,023,552 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.25 15:21:22 | 000,046,080 | ---- | C] () -- C:\Users\***\Only Hope.doc [2010.10.24 21:55:37 | 000,067,288 | ---- | C] () -- C:\Users\***\Handzettel_Umzugsbeihilfe.pdf [2010.10.24 15:01:42 | 000,107,405 | ---- | C] () -- C:\Users\***\1620184189-foxi-comic.9.jpg [2010.10.23 18:24:17 | 000,024,977 | ---- | C] () -- C:\Users\***\satzung_zweitwohnungssteuer.pdf [2010.10.23 18:24:12 | 000,085,623 | ---- | C] () -- C:\Users\***\Anmeldung.pdf [2010.10.23 18:24:06 | 000,074,724 | ---- | C] () -- C:\Users\***\Handzettel_Info_Zweitwohnungssteuer.pdf [2010.10.23 18:18:11 | 000,094,022 | ---- | C] () -- C:\Users\***\Wohngeldantrag_Mietzuschuss_und_Lastenzuschuss.pdf [2010.10.20 19:04:23 | 000,048,821 | ---- | C] () -- C:\Users\***\Documents\simyo rechnung september.pdf [2010.10.20 11:53:11 | 000,151,569 | ---- | C] () -- C:\Users\***\simyokündigung.docx [2010.10.17 18:48:36 | 000,366,637 | ---- | C] () -- C:\Users\***\verbundtarif.pdf [2010.10.12 13:46:19 | 000,001,212 | ---- | C] () -- C:\Users\***\Documents\report.htm [2010.10.11 20:08:03 | 000,077,328 | ---- | C] () -- C:\Users\***\Documents\USB1 [2010.10.11 18:19:41 | 000,240,707 | ---- | C] () -- C:\Users\***\2010-10-11-1075613702_04-RG.pdf [2010.10.11 13:51:25 | 000,009,208 | ---- | C] () -- C:\Users\***\Kontoumsaetze_703_752653600_20101011_145102.pdf [2010.10.10 20:44:20 | 000,000,162 | -H-- | C] () -- C:\Users\***\Desktop\~$undenplan.docx [2010.10.08 18:00:58 | 000,206,321 | ---- | C] () -- C:\Users\***\Documents\USB [2010.10.04 21:14:50 | 000,000,138 | ---- | C] () -- C:\Users\***\AppData\Roaming\default.rss [2010.09.19 21:27:39 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2010.07.27 07:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010.07.27 07:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010.07.27 06:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.05.31 12:16:10 | 000,031,007 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2010.05.07 17:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2010.05.07 17:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2010.03.03 18:23:31 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll [2010.02.23 10:50:31 | 000,168,292 | ---- | C] () -- C:\ProgramData\gui.log [2010.01.28 22:31:44 | 000,000,103 | ---- | C] () -- C:\Windows\cedt.INI [2010.01.24 18:17:39 | 002,340,746 | ---- | C] () -- C:\Programme\Setup.exe [2010.01.24 18:17:39 | 000,000,715 | ---- | C] () -- C:\Programme\README.txt [2010.01.24 18:17:39 | 000,000,050 | ---- | C] () -- C:\Programme\Autorun.inf [2010.01.09 23:32:09 | 000,000,544 | ---- | C] () -- C:\Users\***\AppData\Roaming\ClipGet-FlvConverterDefaultSettings.xml [2010.01.09 22:38:34 | 000,000,025 | ---- | C] () -- C:\Users\***\AppData\Roaming\ClipGet-UpdatePerformed.txt [2010.01.09 22:38:19 | 000,000,234 | ---- | C] () -- C:\Users\***\AppData\Roaming\ClipGet-Activation.info [2010.01.09 22:25:58 | 000,000,993 | R--- | C] () -- C:\Windows\sam40.ini [2009.12.29 19:20:23 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2009.12.29 19:16:10 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.12.29 19:15:25 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.10.21 12:38:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.18 20:24:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009.08.18 20:14:31 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.06.13 20:08:09 | 000,008,788 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009.05.29 02:49:12 | 000,051,712 | ---- | C] () -- C:\Windows\System32\coodest.dll [2009.05.16 18:48:24 | 000,000,540 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini [2009.04.16 23:47:53 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.09.19 22:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.09.14 12:53:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.07.05 11:37:07 | 000,181,433 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.07.05 11:19:34 | 000,181,433 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.07.01 15:29:35 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.03.08 23:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll ========== LOP Check ========== [2010.05.05 19:04:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Broad Intelligence [2010.06.02 18:14:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Composer [2010.11.07 10:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Desktopicon [2010.06.23 18:23:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FT4u [2010.05.12 17:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg [2009.05.16 18:59:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake [2009.10.23 17:44:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Helios [2010.10.25 19:45:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kikin [2008.11.16 14:16:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2009.12.29 19:25:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2008.07.07 12:36:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobipocket [2009.05.16 18:14:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Philips [2008.11.03 13:42:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst [2010.06.02 18:14:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion [2010.06.12 11:55:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2009.10.02 23:06:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2010.10.11 13:34:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone [2010.11.07 10:29:11 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:EA031481 < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.11.2010 14:56:42 - Run 3 OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,78 Gb Total Space | 46,08 Gb Free Space | 20,69% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,12 Gb Free Space | 61,15% Space Free | Partition Type: NTFS Drive H: | 298,02 Gb Total Space | 162,72 Gb Free Space | 54,60% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{022E7BEC-87E2-40AB-857D-BCB13D723DDC}" = lport=2869 | protocol=6 | dir=in | app=system | "{11DC606E-1E92-438B-9C75-D797B7A2E05F}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{254FD17D-5863-4A8B-B13D-D447866DCE09}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{34B4D0A0-9035-4F0D-8848-4AC563934897}" = lport=2869 | protocol=6 | dir=in | app=system | "{4330A08A-8A08-44FA-9AAB-86974A0D817A}" = rport=2869 | protocol=6 | dir=out | app=system | "{753F1952-84C8-46E1-9B8F-B21132826AA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{86CDF347-FA6E-40AB-8E3C-C6D65E70B343}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{8750A43F-D5B5-497E-80DF-49DFC3EA7751}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A0C3B168-BBDE-4009-BB5F-E262C79D96E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{CEB56707-974B-47C8-9362-421A9FF64340}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F4B73BA3-E5FF-4866-8B88-32DB7B58A184}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{F5BB23C4-AFC8-4C9F-877A-DCD42605BD54}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01C66F6A-BF9F-40EE-BA6F-AD2DB6ED4143}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{0CAEE8D4-A95B-483B-8EB2-2FFC61D07599}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0CB9C369-3A14-4486-8C12-1F59DCF4B017}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{0D194112-0887-4033-A60B-C159040BCD9E}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe | "{10C2669F-4704-4861-B9EE-86A8E837492A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{10FF01D0-B4D6-470A-8E4E-C781472E4AA8}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe | "{11E47B62-A53F-4A5E-B048-514806776B28}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{11F6E7D4-C1FE-4D08-93AE-A076AC0C7840}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{148656FA-91BE-4444-B871-5AA3A7FE62AC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | "{19D0DC2A-73C5-47D0-9F3C-008D9877ED54}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{1D5597A6-6DA4-4BC8-A7A0-E73761143DCF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | "{1E2EA504-0D25-4D6E-A5A7-5CC9125D7C85}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{1F92D4F6-DF6F-48A6-A8E3-24DD7062EFEE}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{1FFBF05C-DA53-4629-BE46-FE538B824D03}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{29CF9D6C-CB66-4369-9232-1E159A722E4A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{389003A1-9C93-4AB7-B6E0-203DDC71CBC6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{39F2B4A6-CE1E-4D44-B6AC-E897F9151CAA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{43D17B44-677B-43E2-BDFE-CB65CB75256E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{48EF5BE1-DFAB-45CF-9C18-73EFE50DD41A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{4A423266-8499-4933-BE46-14B9CD812513}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{4CFD0F57-00BF-4878-9FE4-32F89FBA26B2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5365C6FA-9B8E-48DD-ADEB-9F78E20B0E34}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{53D0FBCE-0A78-468A-B94B-E099B8718505}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{66EA2E66-49B1-4CD5-AA7F-BC58D3C5E30A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6BAB3620-C939-4DDB-9CEF-9A7C23BAA0C0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6C2C69CD-F22E-440B-8BAE-DED113DA0C8F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6D8945B6-88E0-4CE8-9B70-2024251FB44C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{703F9835-7205-44C9-AF6B-A42941DE0559}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7FC02CDB-0E8D-4DB2-8F48-3915DFDB885B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{8058373A-17CA-4D3E-AA4B-D8500160D55C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{87210791-E125-4669-B2D5-506A55D79F32}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | "{87A0878B-46ED-460A-8BC4-E8AECF4BD3F0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8E6866EC-2566-429B-85CC-A7CE5B817EEC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{93D97B5A-5F93-451A-8216-C4C76E65425E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9634EAEA-60AE-49A1-9E10-4E59D133EC92}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{ABC3AC32-C4E8-4D83-9EBD-B4D711E40B65}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{AC75A154-778C-4E23-AFB3-F71DA38E20DD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AD0189F7-03AB-4F22-AB93-C4B42F140A0B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B9F8DC02-36EB-4B3C-8D93-8FB8840332B5}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe | "{BC4E76EE-437B-4ABE-8A65-CB96F560CFDB}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "{C23A8E9C-A79A-4D5E-9D63-154E792E0976}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C2B61451-FF6F-49E5-8736-AA4AE324487A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | "{C7CF1B69-286D-46F2-9C2F-C90FF1D290AB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CE885834-53FE-4853-835C-B1DF00F59B8B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | "{D0C4C673-8AC5-494D-B6CE-960FC231890D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D0FF4806-FCAF-4393-B610-BC6F188D714E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D2BC538A-E6A7-456C-BF74-30DFB7A35BE5}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{D3D863FA-E57A-43A2-94D3-355377A334BE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{D615B118-FEF6-4E1B-96B1-E2BD116151B3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D6EBBDB4-1EF0-4E48-92CA-3EC42F0619BB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DB36898F-394F-4EFE-9FC8-28F5A7518161}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "{DDF57D03-5172-4DD9-9B08-A18C27966ED1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DE24BA95-050B-4204-A11C-2E5EA047CD03}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E0B95B74-3A8E-419D-80C5-7DEF07D0D2DE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{E1049A83-4CA5-42AC-8411-46C400B3099D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E551F3F9-A4DC-41B0-828B-6D70C6A11C36}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E5E5C5C3-902C-4965-8409-EA622E1C7D0D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | "{EE248A2B-F18F-4B5A-B0DC-09A65EF52FDE}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{EFFD6E7B-D9BD-4910-8993-403CEDDA22B7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{F13D8FE1-C0FD-4CE5-ADEE-C146A2D27B8B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{F1A4970C-00D8-43CB-9C57-BDFCBCFE81C1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F309D6DF-AF39-4006-AE86-133017108195}" = dir=in | app=e:\setup\hpznui01.exe | "{F6B9D004-2E29-4D78-885B-D2FF402333C7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{FA2E8337-CE04-4E89-B8D2-8D2EB0840ACB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FABC1D44-2C1E-48B6-952B-DDB9FA5E556A}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe | "{FFB57E8C-36A2-46E6-9E54-ED1578365E38}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "TCP Query User{3F43F74C-670A-4057-A135-38EEC91932D4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{51DF3F73-D32E-493E-83C1-FFEDF198B1A8}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{5BBEDDA2-C636-4CFF-A5EE-7FE57F6B57EE}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{739924FA-B40B-49E3-8EC0-774ACD88DF74}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{886FDB6A-AC1A-4430-8F73-8F9A87C84E74}C:\users\***\downloads\3544761d.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\3544761d.exe | "TCP Query User{898C5E92-33E9-4423-A7F8-977BB6A221D2}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{8E8626AF-500B-4E03-861E-28A2045C3579}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{ABE59578-EA8C-46FE-ACE0-19667D028273}C:\users\***\downloads\sims_2.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\sims_2.exe | "TCP Query User{AE81AFE0-1C29-4C55-B3CD-999F794C5B6B}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{B8616D59-53DC-4608-B533-E9B6CE950DAB}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "TCP Query User{B89F5072-FDDD-453F-BFA3-459BB2E28024}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{B96F6B51-B6D4-4B60-B145-36A0A76ED0C6}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "TCP Query User{C350137D-5EC6-43B6-AF01-D30289E108D2}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "TCP Query User{D1CD320A-1F8D-4070-97A0-AAA7CCF3C468}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "TCP Query User{F4CEDB0C-3FF8-44E0-A362-9868B3E052FE}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "TCP Query User{FC3CBF6B-70F8-42B8-BD4A-9D2CD8531B0F}C:\program files\zattoo\zattoo2.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo2.exe | "UDP Query User{00A99CCE-5D59-49F9-BBED-325E3575A749}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{02422498-AA01-4808-8031-6C1EA6910CB2}C:\program files\zattoo\zattoo2.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo2.exe | "UDP Query User{0C4CB6D0-439A-4B67-931E-EDFC53D36222}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "UDP Query User{1191B3C2-A1D0-4625-ADD6-C141113C95C9}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{1D9D65CF-2A22-48EA-B3C9-12C0AB35D5CB}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "UDP Query User{1E67CDBE-F944-44A8-898E-679111218564}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "UDP Query User{438291F4-35A6-49E6-B42A-94B2B5D489B5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{46D13BF2-2A1A-49E5-939E-6AF27112A223}C:\users\***\downloads\sims_2.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\sims_2.exe | "UDP Query User{565B22D1-76A1-4EB5-9795-BF42C98E3FF0}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{80EDF75C-964C-4924-A894-D0C7237F55AD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{9FF6BBAE-0744-4469-9C8F-2B76F3071497}C:\users\***\downloads\3544761d.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\3544761d.exe | "UDP Query User{A748BFEB-1183-454A-9C93-138C3A746175}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "UDP Query User{BB0EFABC-EE96-4C69-9CDB-4A867423146B}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{F1AC1A19-B553-447E-B9C6-320ED1CDD039}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{F737274D-BFF7-4C9B-80EA-CF2CF376065D}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{FC07FAAF-7677-4D0D-BC6D-06EED2389B8E}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0812B697-3B0A-4392-B975-E415FC16C71E}" = HP Photosmart C5300 All-In-One Driver Software 12.0 Rel .4 "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help "{0DD2DCC6-21AE-4678-8629-1084B17BE077}" = Microsoft SQL Server Compact 3.5 SP1-Abfragetools (Deutsch) "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{143B33B7-458A-452A-8939-8B165B4B5067}" = Microsoft SQL Server 2008 Management Studio "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help "{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 22 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears "{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English) "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16 "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3AA1CB3C-F146-4340-AF8C-E97845A22629}" = C5300 "{3AF2BD17-EBB9-4A24-BA08-F5F1B82853F6}" = Microsoft SQL Server 2008 Client Tools "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4D28EFCF-5999-44D2-8D4E-AC643E76C33F}" = Microsoft SQL Server 2008 Client Tools "{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision "{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{6294CE03-1A16-4610-891E-FDAF9A585A54}" = SA52xx Device Manager "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{695E67B6-8B95-4160-9650-92974980CDC1}" = Microsoft SQL Server 2008-Richtlinien "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{8064cfd2-becb-40a3-8d5e-a47e6348ae7b}" = Nero 9 "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{83C4CC25-EEFA-4E9F-A428-E1764266442E}" = PS_AIO_04_C5300_Software_Min "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{8D8B167A-ED0F-43F1-AC10-3F4379F7CBBB}" = MediaConverter 2.5 for Philips "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime "{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BBE9CD0-670A-4F15-AE17-5B1494D12A9E}" = CLR-Typen des SQL Server-Systems "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap "{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch "{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax "{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite "{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime "{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate "{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch) "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Karte "Die Sims" = Die Sims "DivX Setup.divx.com" = DivX-Setup "Google Desktop" = Google Desktop "Google Updater" = Google Updater "MAGIX Music Maker Hip Hop Edition 3 D" = MAGIX Music Maker Hip Hop Edition 3 5.0.0.0 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11) "NVIDIA Drivers" = NVIDIA Drivers "PROR" = Microsoft Office Professional 2007 "rdfpa" = Favorit "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only) "Zattoo4" = Zattoo4 4.0.5 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 22.04.2010 17:03:21 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung spoolsv.exe, Version 6.0.6002.18005, Zeitstempel 0x49e02592, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821, Ausnahmecode 0xc0000374, Fehleroffset 0x000afaf8, Prozess-ID 0x764, Anwendungsstartzeit 01cae25ed3c90319. Error - 22.04.2010 17:05:09 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung spoolsv.exe, Version 6.0.6002.18005, Zeitstempel 0x49e02592, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821, Ausnahmecode 0xc0000374, Fehleroffset 0x000afaf8, Prozess-ID 0xb5c, Anwendungsstartzeit 01cae25f68eae629. Error - 25.04.2010 06:57:22 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 25.04.2010 08:47:09 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 25.04.2010 10:25:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 25.04.2010 16:55:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 25.04.2010 16:55:47 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013 Description = Error - 25.04.2010 16:55:48 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013 Description = Error - 25.04.2010 17:00:25 | Computer Name = ***-PC | Source = EventSystem | ID = 4621 Description = Error - 26.04.2010 08:43:57 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = [ Broadcom Wireless LAN Events ] Error - 01.06.2010 01:47:20 | Computer Name = ***-PC | Source = WLAN-Tray | ID = 0 Description = 07:47:19, Tue, Jun 01, 10 Error - Unable to gain access to user store Error - 12.06.2010 06:05:08 | Computer Name = ***-PC | Source = WLAN-Tray | ID = 0 Description = 12:05:07, Sat, Jun 12, 10 Error - Unable to gain access to user store Error - 22.06.2010 02:10:52 | Computer Name = ***-PC | Source = WLAN-Tray | ID = 0 Description = 08:10:51, Tue, Jun 22, 10 Error - Unable to gain access to user store Error - 24.06.2010 10:30:31 | Computer Name = ***-PC | Source = WLAN-Tray | ID = 0 Description = 16:30:31, Thu, Jun 24, 10 Error - Unable to gain access to user store Error - 24.06.2010 10:36:28 | Computer Name = ***-PC | Source = WLAN-Tray | ID = 0 Description = 16:36:28, Thu, Jun 24, 10 Error - Unable to gain access to user store [ OSession Events ] Error - 20.10.2009 14:22:00 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16474 seconds with 6480 seconds of active time. This session ended with a crash. Error - 30.06.2010 16:58:22 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 11.10.2010 15:22:58 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2782 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 21.08.2008 07:51:03 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 21.08.2008 07:51:24 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21.08.2008 07:51:24 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21.08.2008 07:51:24 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21.08.2008 07:51:24 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21.08.2008 07:51:24 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21.08.2008 07:51:24 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21.08.2008 07:51:24 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21.08.2008 13:35:52 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 21.08.2008 13:36:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > Hoffe, ich hab jetzt nix vergessen Vielen Dank schon mal für die nette Hilfe |
07.11.2010, 23:10 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit Trojaner tr crypt.epack.gen2 Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL DRV - (BCM42RLY) -- C:\Windows\System32\drivers\BCM42RLY.sys File not found DRV - (99093622) -- C:\Windows\System32\DRIVERS\99093622.sys File not found DRV - (98597511) -- C:\Windows\System32\DRIVERS\98597511.sys File not found DRV - (uti5ndy0) -- C:\Windows\System32\drivers\uti5ndy0.sys () DRV - (98597512) -- C:\Windows\system32\DRIVERS\98597512.sys (Kaspersky Lab) DRV - (77506082) -- C:\Windows\system32\DRIVERS\77506082.sys (Kaspersky Lab) DRV - (71022332) -- C:\Windows\system32\DRIVERS\71022332.sys (Kaspersky Lab) DRV - (07598482) -- C:\Windows\system32\DRIVERS\07598482.sys (Kaspersky Lab) DRV - (setup_9.0.0.722_05.11.2010_22-12drv) -- C:\Windows\System32\drivers\7750608.sys (Kaspersky Lab) DRV - (99093621) -- C:\Windows\System32\drivers\99093621.sys (Kaspersky Lab) DRV - (77506081) -- C:\Windows\System32\drivers\77506081.sys (Kaspersky Lab) DRV - (71022331) -- C:\Windows\System32\drivers\71022331.sys (Kaspersky Lab) DRV - (07598481) -- C:\Windows\System32\drivers\07598481.sys (Kaspersky Lab) O33 - MountPoints2\{0858ccca-d557-11df-9e5d-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{0858ccca-d557-11df-9e5d-001c2357f659}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{3856cf60-2063-11df-96fb-00ade1ac1c1a}\Shell - "" = AutoRun O33 - MountPoints2\{3856cf60-2063-11df-96fb-00ade1ac1c1a}\Shell\AutoRun\command - "" = H:\Start.exe -- File not found O33 - MountPoints2\{3856cf63-2063-11df-96fb-001e101f7f74}\Shell - "" = AutoRun O33 - MountPoints2\{3856cf63-2063-11df-96fb-001e101f7f74}\Shell\AutoRun\command - "" = H:\Start.exe -- File not found O33 - MountPoints2\{6c357368-c8ae-11de-9a43-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{6c357368-c8ae-11de-9a43-001c2357f659}\Shell\AutoRun\command - "" = F:\LEFT-DOWN-AUTORUN-2.EXE -- File not found O33 - MountPoints2\{6da92a9d-2060-11df-8670-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6da92a9d-2060-11df-8670-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Start.exe -- File not found O33 - MountPoints2\{6da92b0d-2060-11df-8670-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{6da92b0d-2060-11df-8670-001c2357f659}\Shell\AutoRun\command - "" = H:\Start.exe -- File not found O33 - MountPoints2\{85257fc9-d532-11df-b35f-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{85257fc9-d532-11df-b35f-001c2357f659}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{85257fd7-d532-11df-b35f-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{85257fd7-d532-11df-b35f-001c2357f659}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{85257fd8-d532-11df-b35f-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{85257fd8-d532-11df-b35f-001c2357f659}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{a2f41d9c-d9f2-11df-afff-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{a2f41d9c-d9f2-11df-afff-001c2357f659}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{aad71efc-2b2e-11de-83a6-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{aad71efc-2b2e-11de-83a6-001c2357f659}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found O33 - MountPoints2\{c28654b5-d2a1-11de-b0a9-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{c28654b5-d2a1-11de-b0a9-001c2357f659}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O33 - MountPoints2\{d02c1c5e-d638-11df-8ed8-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{d02c1c5e-d638-11df-8ed8-001c2357f659}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{d02c1c60-d638-11df-8ed8-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{d02c1c60-d638-11df-8ed8-001c2357f659}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{d725d863-205e-11df-ad76-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{d725d863-205e-11df-ad76-001c2357f659}\Shell\AutoRun\command - "" = H:\Start.exe -- File not found O33 - MountPoints2\{e2373949-d5f7-11df-b2b3-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{e2373949-d5f7-11df-b2b3-001c2357f659}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{e237394a-d5f7-11df-b2b3-001c2357f659}\Shell - "" = AutoRun O33 - MountPoints2\{e237394a-d5f7-11df-b2b3-001c2357f659}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Start.exe -- File not found [2010.11.06 22:45:01 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\7750608.sys [2010.11.06 22:45:01 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\77506081.sys [2010.11.06 22:45:01 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\77506082.sys [2010.11.06 22:13:17 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\9859751.sys [2010.11.06 22:13:17 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\98597512.sys [2010.11.06 22:04:51 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\7102233.sys [2010.11.06 22:04:51 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\71022331.sys [2010.11.06 22:04:51 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\71022332.sys [2010.11.06 00:52:08 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\9909362.sys [2010.11.06 00:52:08 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\99093621.sys [2010.11.05 21:47:58 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\0759848.sys [2010.11.05 21:47:58 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\07598481.sys [2010.11.05 21:47:58 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\07598482.sys [2010.11.03 10:07:13 | 000,000,000 | ---D | C] -- C:\sj646 [2010.11.06 22:49:45 | 000,007,168 | ---- | M] () -- C:\Windows\System32\drivers\uti5ndy0.sys @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:EA031481 :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
08.11.2010, 17:39 | #5 |
| Problem mit Trojaner tr crypt.epack.gen2 Hallo! Hoffe, das hier ist das richtige Log, denn nach dem Neustart musste ich ein wenig suchen... Code:
ATTFilter All processes killed ========== OTL ========== Service BCM42RLY stopped successfully! Service BCM42RLY deleted successfully! File C:\Windows\System32\drivers\BCM42RLY.sys File not found not found. Service 99093622 stopped successfully! Service 99093622 deleted successfully! File C:\Windows\System32\DRIVERS\99093622.sys File not found not found. Service 98597511 stopped successfully! Service 98597511 deleted successfully! File C:\Windows\System32\DRIVERS\98597511.sys File not found not found. Service uti5ndy0 stopped successfully! Service uti5ndy0 deleted successfully! C:\Windows\System32\drivers\uti5ndy0.sys moved successfully. Error: Unable to stop service 98597512! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\98597512 deleted successfully. C:\Windows\System32\drivers\98597512.sys moved successfully. Error: Unable to stop service 77506082! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\77506082 deleted successfully. C:\Windows\System32\drivers\77506082.sys moved successfully. Error: Unable to stop service 71022332! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\71022332 deleted successfully. C:\Windows\System32\drivers\71022332.sys moved successfully. Error: Unable to stop service 07598482! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\07598482 deleted successfully. C:\Windows\System32\drivers\07598482.sys moved successfully. Error: Unable to stop service setup_9.0.0.722_05.11.2010_22-12drv! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\setup_9.0.0.722_05.11.2010_22-12drv deleted successfully. C:\Windows\System32\drivers\7750608.sys moved successfully. Error: Unable to stop service 99093621! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\99093621 deleted successfully. C:\Windows\System32\drivers\99093621.sys moved successfully. Error: Unable to stop service 77506081! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\77506081 deleted successfully. C:\Windows\System32\drivers\77506081.sys moved successfully. Error: Unable to stop service 71022331! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\71022331 deleted successfully. C:\Windows\System32\drivers\71022331.sys moved successfully. Error: Unable to stop service 07598481! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\07598481 deleted successfully. C:\Windows\System32\drivers\07598481.sys moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0858ccca-d557-11df-9e5d-001c2357f659}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0858ccca-d557-11df-9e5d-001c2357f659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0858ccca-d557-11df-9e5d-001c2357f659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0858ccca-d557-11df-9e5d-001c2357f659}\ not found. File H:\setup_vmc_lite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3856cf60-2063-11df-96fb-00ade1ac1c1a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3856cf60-2063-11df-96fb-00ade1ac1c1a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3856cf60-2063-11df-96fb-00ade1ac1c1a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3856cf60-2063-11df-96fb-00ade1ac1c1a}\ not found. File H:\Start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3856cf63-2063-11df-96fb-001e101f7f74}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3856cf63-2063-11df-96fb-001e101f7f74}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3856cf63-2063-11df-96fb-001e101f7f74}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3856cf63-2063-11df-96fb-001e101f7f74}\ not found. File H:\Start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c357368-c8ae-11de-9a43-001c2357f659}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c357368-c8ae-11de-9a43-001c2357f659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c357368-c8ae-11de-9a43-001c2357f659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c357368-c8ae-11de-9a43-001c2357f659}\ not found. File F:\LEFT-DOWN-AUTORUN-2.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6da92a9d-2060-11df-8670-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6da92a9d-2060-11df-8670-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6da92a9d-2060-11df-8670-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6da92a9d-2060-11df-8670-806e6f6e6963}\ not found. File H:\Start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6da92b0d-2060-11df-8670-001c2357f659}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6da92b0d-2060-11df-8670-001c2357f659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6da92b0d-2060-11df-8670-001c2357f659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6da92b0d-2060-11df-8670-001c2357f659}\ not found. File H:\Start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85257fc9-d532-11df-b35f-001c2357f659}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85257fc9-d532-11df-b35f-001c2357f659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85257fc9-d532-11df-b35f-001c2357f659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85257fc9-d532-11df-b35f-001c2357f659}\ not found. File H:\setup_vmc_lite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85257fd7-d532-11df-b35f-001c2357f659}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85257fd7-d532-11df-b35f-001c2357f659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85257fd7-d532-11df-b35f-001c2357f659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85257fd7-d532-11df-b35f-001c2357f659}\ not found. File H:\setup_vmc_lite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85257fd8-d532-11df-b35f-001c2357f659}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85257fd8-d532-11df-b35f-001c2357f659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85257fd8-d532-11df-b35f-001c2357f659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85257fd8-d532-11df-b35f-001c2357f659}\ not found. File H:\setup_vmc_lite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2f41d9c-d9f2-11df-afff-001c2357f659}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2f41d9c-d9f2-11df-afff-001c2357f659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2f41d9c-d9f2-11df-afff-001c2357f659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2f41d9c-d9f2-11df-afff-001c2357f659}\ not found. File I:\setup_vmc_lite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aad71efc-2b2e-11de-83a6-001c2357f659}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aad71efc-2b2e-11de-83a6-001c2357f659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aad71efc-2b2e-11de-83a6-001c2357f659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aad71efc-2b2e-11de-83a6-001c2357f659}\ not found. File F:\Setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c28654b5-d2a1-11de-b0a9-001c2357f659}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c28654b5-d2a1-11de-b0a9-001c2357f659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c28654b5-d2a1-11de-b0a9-001c2357f659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c28654b5-d2a1-11de-b0a9-001c2357f659}\ not found. File G:\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d02c1c5e-d638-11df-8ed8-001c2357f659}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d02c1c5e-d638-11df-8ed8-001c2357f659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d02c1c5e-d638-11df-8ed8-001c2357f659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d02c1c5e-d638-11df-8ed8-001c2357f659}\ not found. File I:\setup_vmc_lite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d02c1c60-d638-11df-8ed8-001c2357f659}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d02c1c60-d638-11df-8ed8-001c2357f659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d02c1c60-d638-11df-8ed8-001c2357f659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d02c1c60-d638-11df-8ed8-001c2357f659}\ not found. File H:\setup_vmc_lite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d725d863-205e-11df-ad76-001c2357f659}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d725d863-205e-11df-ad76-001c2357f659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d725d863-205e-11df-ad76-001c2357f659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d725d863-205e-11df-ad76-001c2357f659}\ not found. File H:\Start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2373949-d5f7-11df-b2b3-001c2357f659}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2373949-d5f7-11df-b2b3-001c2357f659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2373949-d5f7-11df-b2b3-001c2357f659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2373949-d5f7-11df-b2b3-001c2357f659}\ not found. File H:\setup_vmc_lite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e237394a-d5f7-11df-b2b3-001c2357f659}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e237394a-d5f7-11df-b2b3-001c2357f659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e237394a-d5f7-11df-b2b3-001c2357f659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e237394a-d5f7-11df-b2b3-001c2357f659}\ not found. File I:\setup_vmc_lite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\Start.exe not found. File C:\Windows\System32\drivers\7750608.sys not found. File C:\Windows\System32\drivers\77506081.sys not found. File C:\Windows\System32\drivers\77506082.sys not found. C:\Windows\System32\drivers\9859751.sys moved successfully. File C:\Windows\System32\drivers\98597512.sys not found. C:\Windows\System32\drivers\7102233.sys moved successfully. File C:\Windows\System32\drivers\71022331.sys not found. File C:\Windows\System32\drivers\71022332.sys not found. C:\Windows\System32\drivers\9909362.sys moved successfully. File C:\Windows\System32\drivers\99093621.sys not found. C:\Windows\System32\drivers\0759848.sys moved successfully. File C:\Windows\System32\drivers\07598481.sys not found. File C:\Windows\System32\drivers\07598482.sys not found. C:\sj646\Media\Xtras folder moved successfully. C:\sj646\Media folder moved successfully. C:\sj646\German folder moved successfully. C:\sj646 folder moved successfully. File C:\Windows\System32\drivers\uti5ndy0.sys not found. ADS C:\ProgramData\TEMP:EA031481 deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes User: Jenny ->Temp folder emptied: 2002 bytes ->Java cache emptied: 52447134 bytes ->FireFox cache emptied: 44530716 bytes ->Flash cache emptied: 355421 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1572085792 bytes RecycleBin emptied: 660442 bytes Total Files Cleaned = 1.593,00 mb OTL by OldTimer - Version 3.2.17.2 log created on 11082010_170854 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Lieben Gruß |
09.11.2010, 01:26 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit Trojaner tr crypt.epack.gen2 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Problem mit Trojaner tr crypt.epack.gen2 |
14.11.2010, 18:03 | #7 |
| Problem mit Trojaner tr crypt.epack.gen2 Hallo! Habe versucht, combifix zu installieren, aber es will partout nicht klappen... Bekomme ständig die Meldung, ich hätte keine ausreichende die Berechtigung... Vielleicht hat jemand einen Tipp? Dankeschön! |
14.11.2010, 19:12 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit Trojaner tr crypt.epack.gen2 Rechtsklick auf cofi => als Admin ausführen
__________________ Logfiles bitte immer in CODE-Tags posten |
14.11.2010, 19:31 | #9 |
| Problem mit Trojaner tr crypt.epack.gen2 Hab ich versucht, geht aber leider nich... Habe die Fehlermeldung mal hochgeladen. Bin langsam am verzweifeln, vielleicht sollte ich doch einfach das System neu machen... |
14.11.2010, 20:46 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit Trojaner tr crypt.epack.gen2 Wir probieren CF später nochmal. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Problem mit Trojaner tr crypt.epack.gen2 |
32-bit, angemeldet, anti-malware, avira, bestimmte, dateien, explorer, fehlermeldung, handle, löschen, malwarebytes, meldung, microsoft, problem, quarantäne, report, rogue.residue, service, software, system, system32, trojan.fakealert, trojaner, version, vista, zugriff |