| |
| |||||||
Log-Analyse und Auswertung: 7 infizierte RegistrierungseinträgeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.01.2011, 05:01
| #1 |
| |  7 infizierte Registrierungseinträge Hallo, ich habe vor ein paar Tagen von einem "Kollegen" ein Programm geschickt bekommen. Vor der Installation habe ich das Setup mit Malwarebytes' Anti-Malware gecheckt. Es schien alles clean zu sein und somit klickte ich das Setup doppelt an. Nichts geschah. Nur der "Ladekreis" drehte sich einmal. Langsam dämmerte mir, dass ich es wohl mit einem gecrypteten Trojaner zu tun hatte, welchen MB' Anti-Malware nicht direkt entdecken konnte. Dummerweise habe ich nicht viel Ahnung von Viren & Co. Der einzige Unterschied, welcher mir seit besagter Infektion auffiel, ist, dass immer wenn ich "^^" oder "´´" drücke, die Zeichen sofort doppelt erscheinen. HijackThis habe ich eben drüber laufen lassen und die Auswertung wies 3 Elemente auf, welche durchaus schädlich sein könnten. Diese habe ich rot hinterlegt. Anschließend habe ich mich auf die Suche nach der als schädlich eingestuften "local.exe" gemacht und diese mit MB' Anti-Malware gescannt. Das Ergebnis ist unten zu sehen. Löschen lies sich die Datei natürlich nicht. Auch mit MB' Anti-Malware die 7 infizierten Einträge in Quarantäne zu verschieben und nach einem Neustart zu löschen hat nichts bewirkt. Die .exe erscheint einfach sofort neu. Eine Neuinstallation wäre mit viel Arbeit verbunden, da ich als Systemplatte eine SSD verwende und für die optimale Performance, Windows 7 erst auf eine normale HDD installieren und anschließend auf die SSD klonen müsste. Es wäre also schön, wenn es einen anderen Weg gäbe. HijackThis: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 04:39:10, on 07.01.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe D:\Programme\Daemon Tools Lite\DTLite.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe D:\Programme\iTunes\iTunesHelper.exe C:\Program Files (x86)\Opera\opera.exe D:\Programme\iTunes\iTunes.exe D:\Programme\Last.FM\Last.fm\LastFM.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe D:\Users\***\Desktop\Programme\HiJackThis 2.0.4.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\Microsoft Office\Office14\GROOVEEX.DLL O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe Reader\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HKLM] javaw.exe -jar "C:\Users\***\AppData\Local\Temp\dmpF28.tmp" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "D:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [Microsoft] C:\Users\***\AppData\Roaming\local.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programme\Daemon Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe O4 - HKCU\..\Run: [HKLU] javaw.exe -jar "C:\Users\***\AppData\Local\Temp\dmpF28.tmp" O4 - HKCU\..\Run: [Microsoft] C:\Users\***\AppData\Roaming\local.exe O4 - HKLM\..\Policies\Explorer\Run: [Microsoft] C:\Users\***\AppData\Roaming\local.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ\ICQ7.2\ICQ.exe O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A8DFEEA2-1FBA-427A-8639-668BFC4F78B0}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{E686FBA4-2E2C-4855-9035-0C70B85184B6}: NameServer = 192.168.0.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe O23 - Service: Apache2.2 - Apache Software Foundation - D:\Programme\XAMPP\xampp\apache\bin\httpd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MySQL - MySQL AB - D:\Programme\XAMPP\xampp\mysql\bin\mysqld.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: maxdome Download Manager (Prosieben) - Entriq, Inc. - D:\Programme\Maxdome\DCBin\DCService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - D:\Programme\SiSoftware Sandra Professional Home 7.16\RpcAgentSrv.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14511 bytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5474
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
07.01.2011 04:42:41
mbam-log-2011-01-07 (04-42-38).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 1
Laufzeit: 1 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{BFDDF3AC-FA7B-A3DB-74FC-A8CCD377C84D} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BFDDF3AC-FA7B-A3DB-74FC-A8CCD377C84D} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{BFDDF3AC-FA7B-A3DB-74FC-A8CCD377C84D} (Trojan.Agent) -> No action taken.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft (Trojan.Agent) -> Value: Microsoft -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft (Trojan.Agent) -> Value: Microsoft -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft (Trojan.Agent) -> Value: Microsoft -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Hauke\AppData\Roaming\local.exe (Trojan.Agent) -> No action taken.
|
|
07.01.2011, 15:24
| #2 |
| /// Helfer-Team  |  7 infizierte Registrierungseinträge Hallo r00 und Willkommen am Trojaner Board!
__________________Um was für ein Programm handelte es sich denn dabei? Vorweg ein paar Hinweise (Bitte beachten!):
Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung: 1.) Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
__________________ |
|
07.01.2011, 17:49
| #3 |
| | 7 infizierte Registrierungseinträge Das Setup hieß lediglich "Facebook" und war mit dem Facebook-Logo versehen. Er meinte, es wäre ein lokaler Foto-Uploader für Facebook.
__________________Ich werde die Anleitung für die Reinigung befolgen. _______ *Edit: _______ Hier sind die Scan-Ergebnisse mit OTL. OTL.txt Code:
ATTFilter OTL logfile created on: 07.01.2011 17:51:44 - Run 1 OTL by OldTimer - Version 3.2.20.1 Folder = D:\Users\Hauke\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 74,00% Memory free 12,00 Gb Paging File | 9,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): d:\pagefile.sys 4096 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,44 Gb Total Space | 42,88 Gb Free Space | 57,60% Space Free | Partition Type: NTFS Drive D: | 443,23 Gb Total Space | 248,35 Gb Free Space | 56,03% Space Free | Partition Type: NTFS Drive E: | 488,28 Gb Total Space | 415,09 Gb Free Space | 85,01% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 844,29 Gb Free Space | 90,64% Space Free | Partition Type: NTFS Drive G: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: HAUKE | User Name: Hauke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.07 17:49:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Hauke\Desktop\OTL.exe PRC - [2011.01.07 06:15:09 | 000,090,112 | ---- | M] () -- C:\Users\Hauke\AppData\Local\Temp\app1403800337123430295.exe PRC - [2010.12.15 16:55:46 | 000,944,496 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2010.12.13 17:16:14 | 009,777,448 | ---- | M] (Apple Inc.) -- D:\Programme\iTunes\iTunes.exe PRC - [2010.12.07 11:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.10.27 20:21:54 | 001,155,072 | ---- | M] (Last.fm) -- D:\Programme\Last.FM\Last.fm\LastFM.exe PRC - [2010.10.16 00:57:30 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.09.20 08:05:39 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.09.03 02:26:36 | 003,975,088 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2010.09.01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.08.21 10:55:32 | 000,391,296 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2010.08.21 10:54:46 | 005,493,736 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2010.08.20 16:00:22 | 002,570,688 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe PRC - [2010.08.09 23:00:42 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe PRC - [2010.05.07 18:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe PRC - [2010.05.07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- D:\Programme\Daemon Tools Lite\DTLite.exe PRC - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- D:\Programme\XAMPP\xampp\mysql\bin\mysqld.exe PRC - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- D:\Programme\XAMPP\xampp\apache\bin\httpd.exe PRC - [2009.10.21 12:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.07.20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- D:\Programme\Maxdome\DCBin\DCService.exe ========== Modules (SafeList) ========== MOD - [2011.01.07 17:49:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Hauke\Desktop\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.20 03:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\GameHook.dll MOD - [2009.07.20 03:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\lgscroll.dll MOD - [2009.06.10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA) SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\srvany.exe -- (KMService) SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.11.25 22:03:12 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2010.09.22 15:34:32 | 000,457,944 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS) SRV:64bit: - [2010.06.17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV:64bit: - [2010.05.07 18:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV:64bit: - [2010.03.25 22:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2010.12.07 11:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.11.22 01:53:12 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2010.11.06 04:19:42 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.09.20 08:05:39 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.09.03 02:26:36 | 003,975,088 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2010.08.21 10:55:58 | 001,079,512 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- D:\Programme\XAMPP\xampp\mysql\bin\mysqld.exe -- (MySQL) SRV - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- D:\Programme\XAMPP\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2009.08.10 12:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- D:\Programme\SiSoftware Sandra Professional Home 7.16\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.07.20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- D:\Programme\Maxdome\DCBin\DCService.exe -- (Prosieben) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.11.10 02:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 200(UVC) DRV:64bit: - [2010.11.10 02:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2010.09.22 15:34:40 | 001,501,912 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6) DRV:64bit: - [2010.09.04 22:46:28 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.09.03 02:26:38 | 000,279,136 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2010.09.03 02:26:33 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) DRV:64bit: - [2010.09.03 02:26:31 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2010.09.03 02:26:27 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2010.07.27 08:11:38 | 000,271,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64) DRV:64bit: - [2010.06.23 16:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.10.26 23:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.10.26 23:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2010.11.06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\PeerBlock\pbfilter.sys -- (pbfilter) DRV - [2010.09.02 23:29:35 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- D:\Programme\SiSoftware Sandra Professional Home 7.16\WNt500x64\sandra.sys -- (SANDRA) DRV - [2007.02.07 19:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 2B 83 8D 2A 4A CB 01 [binary data] IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.12.16 13:24:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.12.21 09:31:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2010.12.17 08:54:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2010.12.12 18:12:09 | 000,000,000 | ---D | M] [2010.11.03 13:31:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauke\AppData\Roaming\mozilla\Extensions [2010.09.04 02:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauke\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.01.03 01:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ux2mtr8q.default\extensions [2011.01.03 01:28:47 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ux2mtr8q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.12.17 08:52:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ux2mtr8q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.21 09:32:00 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} O1 HOSTS File: ([2010.12.02 02:44:40 | 000,001,510 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 ar.atwola.com O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programme\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HKLM] C:\Windows\SysWow64\javaw.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Microsoft] C:\Users\Hauke\AppData\Roaming\local.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programme\Daemon Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [HKLU] C:\Windows\SysWow64\javaw.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Microsoft] C:\Users\Hauke\AppData\Roaming\local.exe () O4 - HKCU..\Run: [PeerBlock] C:\Programme\PeerBlock\peerblock.exe (PeerBlock, LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Microsoft = C:\Users\Hauke\AppData\Roaming\local.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Hauke\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hauke\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Hauke\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hauke\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - G:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.11 18:03:48 | 000,000,054 | R--- | M] () - G:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{01dc4c58-b86e-11df-8997-6cf049ed800f}\Shell - "" = AutoRun O33 - MountPoints2\{01dc4c58-b86e-11df-8997-6cf049ed800f}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found O33 - MountPoints2\{dcf7fcca-b615-11df-ac17-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{dcf7fcca-b615-11df-ac17-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2008.11.15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.07 17:49:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\Hauke\Desktop\OTL.exe [2011.01.07 06:16:48 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{EE9F954C-3D47-4913-954C-838021F96AAC} [2011.01.06 18:58:12 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.01.06 18:58:06 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Roaming\Dropbox [2011.01.06 18:05:28 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{4C331516-2D1E-4F41-A1E2-4A8EB7514166} [2011.01.06 06:05:06 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{5229E999-70FC-4E9C-A6CA-2C00165BCC98} [2011.01.05 03:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon [2011.01.04 18:03:49 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{0E9FDF74-4C4A-460D-82E8-20FFEE67E242} [2011.01.04 06:03:27 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{8315F7CA-98E8-4C65-B205-A13D0D3D2989} [2011.01.03 18:02:53 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{9B14397C-EC23-42FF-98BA-030B1CC68207} [2011.01.03 06:02:31 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{FA866CB9-FBE6-4E39-B6A5-A2D991CCE995} [2011.01.03 01:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2011.01.03 01:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoftTB [2011.01.02 18:02:10 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{A0C45564-0054-4C66-A8EB-192F587EB42D} [2011.01.02 06:01:48 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{B11A3DCC-2E51-4F02-9C1D-D3447ABD323B} [2011.01.01 18:01:37 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{3CF8EC35-7D91-4B48-A21B-701819E1580B} [2010.12.31 13:07:44 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{CC51E5E3-65EE-4F58-A129-EB65660597E6} [2010.12.31 01:07:22 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{F4D2EEDD-5FC0-480A-9006-D5259F85B481} [2010.12.30 13:06:48 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{16D63E6E-DF1A-4090-A352-C668B5D23367} [2010.12.30 01:06:26 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{B7B2A0A9-60FB-4F61-9152-3C06C80C1C1A} [2010.12.29 13:05:51 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{B1759B37-A6E6-4532-86CB-C61A2FEA23EE} [2010.12.29 01:05:29 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{F1BFC8A0-2D21-40DD-ABA0-34F187D5A7CE} [2010.12.28 13:05:07 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{D82ACD67-0263-45B7-9B3F-133ACABB6B31} [2010.12.28 01:04:46 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{1C893C13-88FF-4143-9B01-B64F099B8205} [2010.12.27 13:04:11 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{9E0035D3-C08B-4520-850B-C893916E0415} [2010.12.27 01:03:37 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{6968ECD2-4587-4190-A823-6D881DBFDC94} [2010.12.26 13:03:03 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{2A049325-628E-44D5-816A-616033408E99} [2010.12.26 01:02:41 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{8A1C7D0A-62A0-4A55-A4AD-37F4E2686B3F} [2010.12.25 13:02:04 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{C80BC278-8BD0-4932-A06D-84B74908410A} [2010.12.25 01:01:53 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{A922462E-915F-42E6-8668-D903FF5C9DF3} [2010.12.24 12:12:21 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{D5D8809A-D0D8-48B8-8D32-B83ED9C635FB} [2010.12.24 00:11:59 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{80ED9C31-02F7-4E5C-8775-9378EEBC4B4E} [2010.12.23 12:11:25 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{CA74CA60-BEC7-4CF2-AC87-BAF85ADB13A5} [2010.12.23 00:11:14 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{8CAD84F0-7BF7-478B-99F9-17F1E41DDA42} [2010.12.22 10:21:59 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{7561CFAD-9741-4CD4-B983-0FAF8A2AD08C} [2010.12.21 22:21:37 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{61F0E57D-A581-47D5-A08E-CF5BE97EF332} [2010.12.21 10:21:15 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{91F66E9F-ECC7-4C99-9935-D0823925BF9B} [2010.12.21 08:55:43 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\119614890735183092 [2010.12.21 08:55:38 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\119611678099645684 [2010.12.20 22:20:52 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{9BBE779A-7BF5-4D9B-8E0C-4301701367E5} [2010.12.20 15:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server [2010.12.20 10:00:48 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XAMPP for Windows [2010.12.20 09:33:04 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{B7DCCEA4-E9F0-4C6E-BE3C-3ACF5A01B06F} [2010.12.19 21:32:30 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{CAF83CC1-A989-4C36-B12E-410227BCB684} [2010.12.19 09:32:08 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{C1E1AA58-4499-4BE6-9436-5E2E88FC67D8} [2010.12.18 21:31:46 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{38C36B08-6BB6-4A9C-88D5-52A0E1857168} [2010.12.18 09:31:12 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{2A705BA4-AA5C-42B3-B25F-36EC823B5CC0} [2010.12.17 21:30:50 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{B805AA51-2D19-4318-BF12-B97B0C016957} [2010.12.17 18:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artisteer 2 [2010.12.17 18:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Artisteer 2 [2010.12.17 17:41:26 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Roaming\Artisteer [2010.12.17 10:07:25 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\AMD [2010.12.17 10:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010.12.17 10:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI-Assistent für Problemberichte [2010.12.17 10:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2010.12.17 10:05:41 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys [2010.12.17 10:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2010.12.17 10:04:01 | 000,000,000 | ---D | C] -- C:\AMD [2010.12.17 09:30:16 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{B86C4444-4DF7-4A92-B94D-C5BA58D12F19} [2010.12.17 09:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2010.12.17 09:06:00 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.12.17 09:06:00 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.12.17 09:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator [2010.12.17 09:02:50 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX [2010.12.17 09:02:50 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX [2010.12.17 09:02:50 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2010.12.17 09:02:49 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2010.12.17 09:02:49 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL [2010.12.17 09:02:49 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2010.12.17 09:02:49 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2010.12.17 09:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2010.12.17 08:52:11 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Roaming\DVDVideoSoft [2010.12.16 21:30:05 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{F6FF84B6-70EE-49A3-B32A-210C92D410B0} [2010.12.16 08:55:08 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{36940277-9C5D-4676-8900-237EAC2F1C01} [2010.12.15 20:54:46 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{B510750D-319C-4AB9-9565-84336686D263} [2010.12.15 08:54:24 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{19E014E3-FE95-4B6E-A34E-6921E47D32E1} [2010.12.15 06:28:07 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2010.12.15 06:28:07 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2010.12.15 06:28:07 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2010.12.15 06:28:07 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2010.12.15 06:28:07 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2010.12.15 06:28:07 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2010.12.15 06:28:07 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2010.12.15 06:28:07 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2010.12.15 06:27:59 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.12.15 06:27:59 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.12.15 06:27:59 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.12.15 06:27:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.12.15 06:27:54 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2010.12.15 06:27:54 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2010.12.15 06:27:54 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2010.12.15 06:27:50 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.12.15 06:27:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.12.15 06:27:50 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.12.15 06:27:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.12.15 06:27:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.12.15 06:27:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.12.15 06:27:50 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.12.15 06:27:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.12.15 06:27:50 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.12.15 06:27:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.12.15 06:27:49 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.12.15 06:27:49 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.12.15 06:27:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.12.15 06:27:49 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.12.15 05:33:53 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\Vitalwerks [2010.12.15 05:33:25 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC [2010.12.15 05:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP [2010.12.14 20:54:00 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{1E1DF779-1A2F-4915-9365-415190DECAED} [2010.12.14 07:58:00 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{681F3B75-4EA9-49E1-9BB5-0392562D1975} [2010.12.13 19:57:38 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{F449038E-AD2F-442A-93D9-52335016818E} [2010.12.13 07:57:16 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{7B49223F-7928-45C5-87A8-8BAE6463FA7D} [2010.12.12 19:56:54 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{84E0350A-97B8-4505-A2C0-AE7C9EFF64C0} [2010.12.12 18:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2010.12.12 07:56:33 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{F5294ECB-2112-49B6-84C3-1C4ADE915F05} [2010.12.12 07:55:23 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{B02FC2E1-2FB0-4922-9B6F-079A88A5A01E} [2010.12.11 19:56:11 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{597C6387-E033-4AC6-8E96-9C93395345FE} [2010.12.11 07:55:49 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{D62D132A-7084-41EE-94E9-C5B0585564BD} [2010.12.11 03:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 5.6.1 [2010.12.11 03:17:33 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\SysWow64\D3DX81ab.dll [2010.12.10 19:55:26 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{FD284FFC-BA58-404F-B044-54E39AC24D30} [2010.12.10 07:54:52 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{B701BCBC-D5F4-4785-B595-3E83D3EC9E88} [2010.12.09 19:54:42 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{57B8A1C6-8E88-4530-8975-6C283B8E59BB} [2010.12.09 06:22:22 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Local\{736870BF-06F7-4576-9C25-7D337DEE833B} [8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.07 17:52:59 | 000,000,968 | ---- | M] () -- C:\Users\Hauke\AppData\Roaming\data.dat [2011.01.07 17:49:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Hauke\Desktop\OTL.exe [2011.01.07 17:24:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.07 06:24:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.07 06:22:18 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.07 06:22:18 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.07 06:19:28 | 001,640,572 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.01.07 06:19:28 | 000,706,914 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.01.07 06:19:28 | 000,660,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.01.07 06:19:28 | 000,152,506 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.01.07 06:19:28 | 000,124,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.01.07 06:15:09 | 000,090,112 | ---- | M] () -- C:\Users\Hauke\AppData\Roaming\local.exe [2011.01.07 06:15:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2011.01.07 06:14:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.06 01:08:30 | 661,624,765 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.15 07:44:55 | 004,969,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.12.10 18:28:28 | 000,234,536 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.12.10 18:28:28 | 000,234,536 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.07 06:39:09 | 000,000,860 | ---- | C] () -- C:\Users\Hauke\AppData\Roaming\data.dat [2011.01.07 06:15:09 | 000,090,112 | ---- | C] () -- C:\Users\Hauke\AppData\Roaming\local.exe [2010.12.17 09:02:50 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll [2010.12.11 03:17:33 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll [2010.11.24 06:49:21 | 000,144,384 | ---- | C] () -- C:\Windows\SysWow64\miccyhook.dll [2010.11.19 21:04:14 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.11.10 02:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2010.11.10 02:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2010.11.08 14:10:16 | 000,000,093 | ---- | C] () -- C:\Users\Hauke\AppData\Local\fusioncache.dat [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.10.08 06:09:26 | 001,666,254 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.14 02:45:50 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb [2010.09.14 02:22:45 | 012,890,112 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.07.09 20:00:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010.10.18 05:50:14 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\Acoustica [2010.09.03 02:29:16 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\Acronis [2010.12.17 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\Artisteer [2010.12.17 08:58:38 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\Audacity [2010.09.05 00:02:56 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\DAEMON Tools Lite [2011.01.06 21:20:41 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\Dropbox [2010.12.17 08:53:30 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\DVDVideoSoft [2010.12.17 08:52:40 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\DVDVideoSoftIEHelpers [2010.12.20 18:08:32 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\FileZilla [2010.12.31 02:24:08 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\ICQ [2010.09.02 02:51:35 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\Leadertech [2010.09.22 21:42:45 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\Need for Speed World [2010.11.16 22:29:39 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\Opera [2010.09.15 11:13:24 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\Publish Providers [2010.09.15 11:13:23 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\Sony [2010.10.18 05:54:25 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\SynthMaker [2010.10.06 23:58:48 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\TeamViewer [2010.09.13 22:56:01 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\Thinstall [2010.09.04 02:30:51 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\Thunderbird [2010.10.17 04:52:11 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\TS3Client [2011.01.07 06:15:00 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.01.2011 17:51:44 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = D:\Users\Hauke\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 74,00% Memory free
12,00 Gb Paging File | 9,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): d:\pagefile.sys 4096 8192 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,44 Gb Total Space | 42,88 Gb Free Space | 57,60% Space Free | Partition Type: NTFS
Drive D: | 443,23 Gb Total Space | 248,35 Gb Free Space | 56,03% Space Free | Partition Type: NTFS
Drive E: | 488,28 Gb Total Space | 415,09 Gb Free Space | 85,01% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 844,29 Gb Free Space | 90,64% Space Free | Partition Type: NTFS
Drive G: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: HAUKE | User Name: Hauke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Hauke\AppData\Roaming\local.exe" = C:\Users\Hauke\AppData\Roaming\local.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\Hauke\AppData\Local\Temp\app7881916780612718165.exe" = C:\Users\Hauke\AppData\Local\Temp\app7881916780612718165.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\Hauke\AppData\Local\Temp\app4577953011121582631.exe" = C:\Users\Hauke\AppData\Local\Temp\app4577953011121582631.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\Hauke\AppData\Local\Temp\app4529263923147121980.exe" = C:\Users\Hauke\AppData\Local\Temp\app4529263923147121980.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\Hauke\AppData\Local\Temp\app1403800337123430295.exe" = C:\Users\Hauke\AppData\Local\Temp\app1403800337123430295.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\Hauke\AppData\Roaming\local.exe" = C:\Users\Hauke\AppData\Roaming\local.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\Hauke\AppData\Local\Temp\app7881916780612718165.exe" = C:\Users\Hauke\AppData\Local\Temp\app7881916780612718165.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\Hauke\AppData\Local\Temp\app4577953011121582631.exe" = C:\Users\Hauke\AppData\Local\Temp\app4577953011121582631.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\Hauke\AppData\Local\Temp\app4529263923147121980.exe" = C:\Users\Hauke\AppData\Local\Temp\app4529263923147121980.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\Hauke\AppData\Local\Temp\app1403800337123430295.exe" = C:\Users\Hauke\AppData\Local\Temp\app1403800337123430295.exe:*:Enabled:Windows Messanger -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1ABEF5E2-4F31-9543-EF17-AFC61AD96DB5}" = ATI Catalyst Install Manager
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{708DC396-5B5C-55FC-7019-BE7BB6787FB6}" = AMD Fuel
"{7A47656D-0369-4C67-D98C-DA369EC504C2}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{A2422B02-0D41-43F5-B62E-C7A5E55FCBA8}" = Vegas Pro 9.0 (64-bit)
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Profi Home 2010.SP2
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DE1B48FB-0EA4-6E6F-5335-9095994CB7EB}" = WMV9/VC-1 Video Playback
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"cFosSpeed" = cFosSpeed v6.02
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Essentials" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03533053-A0DD-0A8F-F18B-388CF251929B}" = CCC Help Finnish
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{04D38795-0B33-C6FC-47C9-D85DBAF82216}" = CCC Help Norwegian
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A225245-3D91-7DD2-630D-4366FA9D7BCF}" = CCC Help Thai
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3143 Banner Remover 1.0
"{0AB51E62-5AA1-5ECC-F836-F9485DD487C3}" = Catalyst Control Center Localization All
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B94CF00-3A9C-AEBF-265D-EABF6EC11CEA}" = Catalyst Control Center InstallProxy
"{0C0F9C71-1185-7A98-DBE3-BC26CD85352E}" = CCC Help Korean
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205534F9-935B-4F67-6CA1-0356441E78F9}" = CCC Help Dutch
"{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2C15735B-1EBA-5719-4ADD-F457205F1BA6}" = Catalyst Control Center Graphics Previews Common
"{2CA51DE4-4B69-EF24-841E-32363DE7D374}" = CCC Help Japanese
"{2E7A3D47-285C-AA71-5F43-7AD3C45A24C1}" = CCC Help English
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{2FE0023B-3858-3D60-DC15-E325E7BBBCE0}" = CCC Help Greek
"{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C12C57B-8BD0-25E0-57C6-63DBB96AF447}" = CCC Help German
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5CD0CFB1-3FE9-600A-36E4-03E1523C4989}" = CCC Help Swedish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6E209506-FD15-E2CC-AF7E-D1B9C5C83DC3}" = CCC Help Chinese Standard
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7E5B60E2-32F4-1052-8471-708EF7965167}" = Catalyst Control Center Profiles Desktop
"{81D34549-684B-86FC-B25F-AA948D831194}" = CCC Help Russian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9400B65A-43D5-9A1F-9A94-28126CB7F684}" = CCC Help Italian
"{97EA42A5-3FAB-4948-B74D-F3C44B13F5CE}" = Crysis WARHEAD(R) Patch
"{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FF1B47E-957E-DE11-6610-799DD98BAD42}" = CCC Help Czech
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAB64AAE-81AF-4D35-9164-188AB2EC335B}" = Intel® Solid-State Drive Toolbox
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AE1A891D-68BF-0BE5-A51D-7EF7187230D4}" = CCC Help French
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B5A79A5F-7E2B-49F6-9C01-A0BBBF807395}" = Dummy File Creator
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66B45D6-0A09-0F9A-39EC-06AE4B2C1DB5}" = CCC Help Portuguese
"{C82EB045-FD47-F4F9-2527-F0195DEE1637}" = CCC Help Danish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{CE0EF487-4B1D-7800-2BCE-CC931A6DEE3E}" = CCC Help Spanish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D85DCD8F-2FED-306F-0BF4-9508722A1D92}" = CCC Help Chinese Traditional
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE6E4530-4AB0-482E-91DE-7FE6309C6EF1}" = Camtasia Studio 7
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{EB0B4C36-0171-73BF-B119-11FE8E641F6E}" = ccc-core-static
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F39B1FAE-1E05-E275-2594-C22F91D585F0}" = CCC Help Hungarian
"{F67958D5-BF91-56EF-3792-363A555155B3}" = CCC Help Polish
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"AC3Filter_is1" = AC3Filter 1.63b
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Artisteer 2" = Artisteer 2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AutoHotkey" = AutoHotkey 1.0.48.05
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crysis WARHEAD(R) Patch" = Crysis WARHEAD(R) Patch
"DivX Setup.divx.com" = DivX-Setup
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"FileZilla Client" = FileZilla Client 3.3.5.1
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.0.2
"Icy Tower v1.4_is1" = Icy Tower v1.4
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Mster" = Crysis Modification - Mster Config v3.01
"NoIPDUC" = No-IP DUC
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"SpeedFan" = SpeedFan (remove only)
"Steam App 10" = Counter-Strike
"Steam App 12840" = DiRT 2
"Steam App 13140" = America's Army 3
"Steam App 30" = Day of Defeat
"Steam App 630" = Alien Swarm
"Steam App 80" = Counter-Strike: Condition Zero
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"XiphQT" = Xiph QuickTime Components
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Dropbox" = Dropbox
"Google Translator" = Google Translator
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06.01.2011 23:29:15 | Computer Name = Hauke | Source = Bonjour Service | ID = 100
Description = 504: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 06.01.2011 23:29:15 | Computer Name = Hauke | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 06.01.2011 23:29:15 | Computer Name = Hauke | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 07.01.2011 01:05:49 | Computer Name = Hauke | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 07.01.2011 01:05:49 | Computer Name = Hauke | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 07.01.2011 01:05:49 | Computer Name = Hauke | Source = Bonjour Service | ID = 100
Description = 364: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 07.01.2011 07:53:20 | Computer Name = Hauke | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 07.01.2011 07:55:16 | Computer Name = Hauke | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 07.01.2011 12:45:59 | Computer Name = Hauke | Source = Application Hang | ID = 1002
Description = Programm vlc.exe, Version 1.1.5.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8c8 Startzeit:
01cbae32150f613c Endzeit: 10 Anwendungspfad: D:\Programme\VLC Media Player\VLC\vlc.exe
Berichts-ID:
98d2b697-1a7d-11e0-aa31-6cf049ed800f
Error - 07.01.2011 12:46:08 | Computer Name = Hauke | Source = Application Hang | ID = 1002
Description = Programm vlc.exe, Version 1.1.5.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f88 Startzeit:
01cbae8a5d69f1ce Endzeit: 5 Anwendungspfad: D:\Programme\VLC Media Player\VLC\vlc.exe
Berichts-ID:
9eb110b3-1a7d-11e0-aa31-6cf049ed800f
[ System Events ]
Error - 07.01.2011 01:11:19 | Computer Name = Hauke | Source = DCOM | ID = 10005
Description =
Error - 07.01.2011 01:11:20 | Computer Name = Hauke | Source = DCOM | ID = 10005
Description =
Error - 07.01.2011 01:11:19 | Computer Name = Hauke | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.01.2011 01:11:19 | Computer Name = Hauke | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.01.2011 01:11:20 | Computer Name = Hauke | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.01.2011 01:11:20 | Computer Name = Hauke | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.01.2011 01:11:20 | Computer Name = Hauke | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.01.2011 01:11:20 | Computer Name = Hauke | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.01.2011 01:11:20 | Computer Name = Hauke | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.01.2011 01:11:20 | Computer Name = Hauke | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Geändert von r00 (07.01.2011 um 17:57 Uhr) |
|
07.01.2011, 19:15
| #4 |
| | 7 infizierte Registrierungseinträge Ich habe noch eine Datei gefunden. Sie befindet sich ebenfalls im "Roaming" Ordner und nennt sich "data". Ich habe diese Datei mit dem Editor geöffnet und siehe da - Es wird alles aufgezeichnet, was ich eingebe. Ganz klar ein Keylogger. |
|
07.01.2011, 20:08
| #5 |
| /// Helfer-Team | 7 infizierte Registrierungseinträge Klar, da läuft grade so einiges bei dir. Aber warum die ganzen Adobe-Einträge in deiner Hostsdatei? O1 - Hosts: 127.0.0.1 activate.adobe.com
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte!  |
|
07.01.2011, 20:18
| #6 |
| | 7 infizierte Registrierungseinträge Keine Ahnung, was die da zu suchen haben. Ist das relevant für den Trojaner? |
|
07.01.2011, 20:28
| #7 |
| /// Helfer-Team | 7 infizierte Registrierungseinträge Nee, aber für die Bereinigung. Das weist auf Shareware hin (also Software, die Geld kostet), die man sich aber ohne Bezahlung nutzbar gemacht hat, wzb Adobes Photoshop. Und bei sowas gibts hier nur die Anleitung zum Neuaufsetzen.
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
07.01.2011, 20:37
| #8 |
| | 7 infizierte Registrierungseinträge Wie ich bei meinem System das OS neu installiere und klone, weiß ich auch selber. Mir ging es um eine Bereinigung, da ich mich mit Viren & Trojanern nicht so gut auskenne. Der Rest bereitet mir keine Probleme. Wenn es das jetzt an dieser Stelle gewesen sein soll, nur weil da irgendwelche komischen Einträge in der "host", dann muss es wohl so sein. |
|
07.01.2011, 20:56
| #9 |
| /// Helfer-Team | 7 infizierte Registrierungseinträge Eine gute Begründung scheinst du ja nicht zu haben. Nur von alleine fliegen diese Einträge auch nicht in deine Hosts. Da du keine Anleitung nötig hast, bleibt mir nur noch dich auf folgenden Link für die Zukunft aufmerksam zu machen: Sicherheit im Internet
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
07.01.2011, 21:02
| #10 |
| | 7 infizierte Registrierungseinträge Das ist der erste Trojaner seit Jahren, den ich mir eingefangen habe. Ich bin mit den grundlegenden Maßnahmen durchaus vertraut. Naja, trotzdem danke für die Anteilnahme, auch wenn mir nicht geholfen wurde. |
|
| Themen zu 7 infizierte Registrierungseinträge |
| adobe, backdoor, bho, bonjour, browser, converter, crypted, desktop, excel, explorer, google, infizierte, installation, internet, internet explorer, langsam, local.exe, logfile, mp3, object, performance, plug-in, programm, senden, software, syswow64, trojan, trojaner, usb, usb 3.0, viren, windows |
Linear-Darstellung
