|
Log-Analyse und Auswertung: TR/Crypt.XPACK.Gen und JAVA/Small.Y fundWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.01.2011, 16:46 | #1 |
| TR/Crypt.XPACK.Gen und JAVA/Small.Y fund Hallo Leute, gestern hat der Antivirus zwei mal folgendes Gefunden: In der Datei 'C:\ProgramData\Adobe\Reader\9.2\ARM\BITB3B7.tmp' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. In der Datei 'C:\ProgramData\Adobe\Reader\9.2\ARM\BITB3B7.tmp' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Den hat der auch schon mal vor ner Woche oder so auch schon mal gehabt. Heut habe ich dann mal einen kompletten scan gemacht und hat dann auch noch das gefunden: Die Datei 'C:\Users\xxxxAppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\3055a4bc-3345425f' enthielt einen Virus oder unerwünschtes Programm 'JAVA/Small.Y' [virus]. Beide habe ich zwar behoben aber ob die weg sind bin ich mir net sicher? Zur info hab ich hier noch einen HJT-Log von heut nach dem scan.HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:30:19, on 30.01.2011 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Windows\starter4g.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\xxxxDownloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O1 - Hosts: 74.208.10.249 gs.apple.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [starter4g] C:\Windows\starter4g.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [{5B8839F1-0233-B249-4C10-C91239564524}] C:\Users\xxxx\AppData\Roaming\Supive\udles.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe O13 - Gopher Prefix: O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\Common Files\NMSAccessU.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: WTGService - Unknown owner - C:\Program Files (x86)\XSManager\WTGService.exe O23 - Service: XS Stick Service - 4G Systems GmbH & Co. KG - C:\Windows\service4g.exe -- End of file - 10901 bytes Code:
ATTFilter OTL logfile created on: 30.01.2011 17:14:22 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\xxx\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,79 Gb Total Space | 188,95 Gb Free Space | 63,45% Space Free | Partition Type: NTFS Computer Name: xxxx | User Name: xxxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxxxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\XSManager\WTGService.exe () PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\NMSAccessU.exe () ========== Modules (SafeList) ========== MOD - C:\Users\xxxxx\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (NMSAccessU) -- C:\Program Files (x86)\Common Files\NMSAccessU.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\drivers\cmnsusbser.sys (Mobile Connector) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard) DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0 FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.01.01 22:08:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.06 15:42:28 | 000,000,000 | ---D | M] [2010.03.13 11:23:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions [2011.01.29 19:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\4gpssz0b.default\extensions [2010.12.12 13:42:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\4gpssz0b.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.09.21 19:14:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\4gpssz0b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.11.19 16:49:57 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\4gpssz0b.default\extensions\2020Player@2020Technologies.com [2011.01.29 00:33:15 | 000,000,000 | ---D | M] (Flash Video Resources Downloader) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\4gpssz0b.default\extensions\max@subfighter.com [2011.01.29 16:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.05.07 14:06:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.16 13:27:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.29 16:00:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2010.11.05 17:24:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.11.05 17:24:32 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2010.11.05 17:24:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.11.05 17:24:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.11.05 17:24:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.12.23 14:11:12 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 74.208.10.249 gs.apple.com O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Easybits Recovery] File not found O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [{5B8839F1-0233-B249-4C10-C91239564524}] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.237.148.102 217.237.151.115 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{322e3a28-db6e-11df-8273-00269ea162f2}\Shell - "" = AutoRun O33 - MountPoints2\{322e3a28-db6e-11df-8273-00269ea162f2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O33 - MountPoints2\{79dcf3e7-b1fa-11df-83d1-00269ea162f2}\Shell - "" = AutoRun O33 - MountPoints2\{79dcf3e7-b1fa-11df-83d1-00269ea162f2}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{e167e733-2ed9-11df-850f-00269ea162f2}\Shell - "" = AutoRun O33 - MountPoints2\{e167e733-2ed9-11df-850f-00269ea162f2}\Shell\AutoRun\command - "" = G:\Setup.exe O33 - MountPoints2\{e3ec7104-df85-11df-aabd-00269ea162f2}\Shell - "" = AutoRun O33 - MountPoints2\{e3ec7104-df85-11df-aabd-00269ea162f2}\Shell\AutoRun\command - "" = D:\autorun.exe O33 - MountPoints2\{e708867b-173a-11e0-a42b-00269ea162f2}\Shell - "" = AutoRun O33 - MountPoints2\{e708867b-173a-11e0-a42b-00269ea162f2}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.30 17:13:21 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxx\Desktop\OTL.exe [2011.01.29 16:00:35 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.01.29 16:00:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.01.29 16:00:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.01.12 19:19:13 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2011.01.12 19:19:13 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2011.01.12 19:19:13 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011.01.12 19:19:13 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll [2011.01.12 19:19:13 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2011.01.12 19:19:13 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll [2011.01.12 19:19:12 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2011.01.12 19:19:11 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2011.01.12 19:19:11 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2011.01.12 19:19:11 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.01.12 19:19:11 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.01.12 19:19:11 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.01.12 19:19:10 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll [2011.01.12 19:19:10 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2011.01.12 19:19:10 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2011.01.12 19:19:10 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.01.12 19:19:10 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll [2011.01.12 19:19:09 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll [2011.01.12 19:19:09 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.01.12 19:19:09 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2011.01.12 19:19:09 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2011.01.12 19:19:09 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2011.01.12 19:19:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2011.01.12 19:19:09 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2011.01.12 19:19:09 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll [2011.01.12 19:19:09 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.01.12 19:19:09 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2011.01.12 17:36:07 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2011.01.12 17:36:07 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011.01.11 12:40:32 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II [2011.01.03 19:50:44 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\DivX [2011.01.03 19:41:28 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Geckofx [2011.01.03 19:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.30 17:13:25 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe [2011.01.30 14:38:55 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.30 14:38:55 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.30 14:31:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.30 14:31:25 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys [2011.01.11 17:15:06 | 000,001,854 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\GhostObjGAFix.xml [2011.01.11 14:54:51 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.01.11 14:54:51 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.01.11 14:54:51 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.01.11 14:54:51 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.01.11 14:54:51 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.01.03 19:29:56 | 000,003,584 | ---- | M] () -- C:\Users\xxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.11 17:15:06 | 000,001,854 | ---- | C] () -- C:\Users\xxxxx\AppData\Roaming\GhostObjGAFix.xml [2011.01.03 19:29:56 | 000,003,584 | ---- | C] () -- C:\Users\xxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.11 10:59:44 | 000,000,052 | ---- | C] () -- C:\Windows\Relax.ini [2010.03.16 18:03:31 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.03.13 11:32:09 | 000,000,000 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\wklnhst.dat [2010.03.13 11:00:27 | 000,000,187 | ---- | C] () -- C:\ProgramData\HPWALog.txt [2010.03.13 11:00:27 | 000,000,000 | ---- | C] () -- C:\Users\xxxx\AppData\Local\QSwitch.txt [2010.03.13 11:00:27 | 000,000,000 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DSwitch.txt [2010.03.13 11:00:27 | 000,000,000 | ---- | C] () -- C:\Users\xxxx\AppData\Local\AtStart.txt [2009.11.25 00:55:03 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log [2009.11.25 00:54:54 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log [2009.11.25 00:54:36 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log [2009.11.25 00:54:13 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log [2009.11.25 00:53:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log [2009.10.01 19:46:48 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2009.10.01 19:43:09 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log [2009.10.01 19:41:40 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2009.10.01 19:41:01 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2009.07.15 16:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2007.01.25 02:52:26 | 000,065,536 | ---- | C] () -- C:\Program Files (x86)\Common Files\NMSAccessU.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:735F901AAE0B6D69 < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.01.2011 17:14:22 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\xxxx\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,79 Gb Total Space | 188,95 Gb Free Space | 63,45% Space Free | Partition Type: NTFS Computer Name: xxxx-PC | User Name: xxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard "{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support "{AF81FB63-8419-35A3-D9B1-BAFB441C81DE}" = ccc-utility64 "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F8597D20-ACC7-FD03-56FA-23894108BA06}" = ATI Catalyst Install Manager "FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 23 "{2822F016-69E9-A368-B612-685CCF4A9B83}" = CCC Help English "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover "{44B4C2E3-D570-16B4-8CED-3D83AAF5D6F7}" = Catalyst Control Center Localization All "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update "{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant "{4ECC1D06-672F-2935-E570-CA2D210AE0CE}" = Catalyst Control Center InstallProxy "{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight "{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D7CCD59-BEBB-57D4-23EC-B9A9DB173EAA}" = Catalyst Control Center Graphics Previews Vista "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials "{94056AE8-EF0F-45E4-A1B4-D754115F8A28}" = Numedia CD-DVD writing as non-admin user "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI "{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154 "{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CB829D09-6426-F17D-C95D-303A6613A190}" = ccc-core-static "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DivX Setup.divx.com" = DivX-Setup "ImgBurn" = ImgBurn "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "PunkBusterSvc" = PunkBuster Services "StarCraft II" = StarCraft II "Steam App 10" = Counter-Strike "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "VLC media player" = VLC media player 1.0.5 "WinLiveSuite_Wave3" = Windows Live Essentials "World of Warcraft" = World of Warcraft "XSManager" = XSManager ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CopyTrans Suite" = CopyTrans Suite Remove Only ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.01.2011 14:43:53 | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12.01.2011 14:43:53 | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2995 Error - 12.01.2011 14:43:53 | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2995 Error - 12.01.2011 14:43:54 | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12.01.2011 14:43:54 | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4024 Error - 12.01.2011 14:43:54 | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4024 Error - 12.01.2011 14:43:55 | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12.01.2011 14:43:55 | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5023 Error - 12.01.2011 14:43:55 | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5023 Error - 12.01.2011 14:43:56 | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second [ Hewlett-Packard Events ] Error - 06.06.2010 06:55:21 | Computer Name = xxxx-PC | Source = Hewlett-Packard | ID = 0 Description = de-DE Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. mscorlib bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HPAssistant.Pages.MaintainHistory.removeFailedRows() bei HPAssistant.Pages.MaintainHistory.loadActions() bei HPAssistant.Pages.MaintainHistory.Page_Loaded(Object sender, RoutedEventArgs e) bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs routedEventArgs) bei System.Windows.EventRoute.InvokeHandlersImpl(Object source, RoutedEventArgs args, Boolean reRaised) bei System.Windows.UIElement.RaiseEventImpl(DependencyObject sender, RoutedEventArgs args) bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs e) bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root, RoutedEvent routedEvent) bei System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(Object root) bei MS.Internal.LoadedOrUnloadedOperation.DoWork() bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks() bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object resizedCompositionTarget) bei System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object resizedCompositionTarget) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler) Error - 02.08.2010 12:50:25 | Computer Name = xxxx-PC | Source = Hewlett-Packard | ID = 0 Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a() Error - 08.09.2010 06:22:48 | Computer Name = xxxx-PC | Source = Hewlett-Packard | ID = 0 Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. Configurator bei Configurator.ConfiguratorClass.loadXML() bei Configurator.ConfiguratorClass..ctor(Boolean loadxml) bei HPSFConfigReader.ConfigHelper..ctor() bei HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad) Error - 20.09.2010 12:54:45 | Computer Name = xxxx-PC | Source = Hewlett-Packard | ID = 0 Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a() Error - 22.11.2010 13:09:18 | Computer Name = xxxx-PC | Source = Hewlett-Packard | ID = 0 Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a() [ Media Center Events ] Error - 07.06.2010 14:38:08 | Computer Name = xxxx-PC | Source = MCUpdate | ID = 0 Description = 20:38:06 - Fehler beim Herstellen der Internetverbindung. 20:38:06 - Serververbindung konnte nicht hergestellt werden.. Error - 09.06.2010 14:29:57 | Computer Name = xxxx-PC | Source = MCUpdate | ID = 0 Description = 20:29:57 - Fehler beim Herstellen der Internetverbindung. 20:29:57 - Serververbindung konnte nicht hergestellt werden.. Error - 09.06.2010 14:30:07 | Computer Name = xxxx-PC | Source = MCUpdate | ID = 0 Description = 20:30:03 - Fehler beim Herstellen der Internetverbindung. 20:30:03 - Serververbindung konnte nicht hergestellt werden.. Error - 09.06.2010 15:30:11 | Computer Name = xxxx-PC | Source = MCUpdate | ID = 0 Description = 21:30:11 - Fehler beim Herstellen der Internetverbindung. 21:30:11 - Serververbindung konnte nicht hergestellt werden.. Error - 09.06.2010 15:30:17 | Computer Name = xxxx-PC | Source = MCUpdate | ID = 0 Description = 21:30:16 - Fehler beim Herstellen der Internetverbindung. 21:30:16 - Serververbindung konnte nicht hergestellt werden.. Error - 11.06.2010 08:24:16 | Computer Name = xxxx-PC | Source = MCUpdate | ID = 0 Description = 14:24:16 - Fehler beim Herstellen der Internetverbindung. 14:24:16 - Serververbindung konnte nicht hergestellt werden.. Error - 11.06.2010 08:24:50 | Computer Name = xxxx-PC | Source = MCUpdate | ID = 0 Description = 14:24:45 - Fehler beim Herstellen der Internetverbindung. 14:24:45 - Serververbindung konnte nicht hergestellt werden.. Error - 18.06.2010 08:20:30 | Computer Name = xxxx-PC | Source = MCUpdate | ID = 0 Description = 14:20:30 - Fehler beim Herstellen der Internetverbindung. 14:20:30 - Serververbindung konnte nicht hergestellt werden.. Error - 18.06.2010 08:21:07 | Computer Name = xxxx-PC | Source = MCUpdate | ID = 0 Description = 14:21:00 - Fehler beim Herstellen der Internetverbindung. 14:21:00 - Serververbindung konnte nicht hergestellt werden.. Error - 16.07.2010 05:57:58 | Computer Name = xxxx-PC | Source = MCUpdate | ID = 0 Description = 11:57:54 - Fehler beim Herstellen der Internetverbindung. 11:57:54 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 16.10.2010 06:44:38 | Computer Name = xxxx-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB979687) Error - 16.10.2010 06:44:38 | Computer Name = xxxx-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB982132) Error - 20.10.2010 05:55:24 | Computer Name = xxxx-PC | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error - 22.10.2010 03:41:25 | Computer Name = xxxx-PC | Source = WMPNetworkSvc | ID = 866300 Description = Error - 24.10.2010 06:55:07 | Computer Name = xxxx-PC | Source = Tcpip | ID = 4199 Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.11 mit dem Computer mit der Netzwerkhardwareadresse 00-C0-A8-FF-9E-EA ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. Error - 24.10.2010 11:47:33 | Computer Name = xxxx-PC | Source = WMPNetworkSvc | ID = 866300 Description = Error - 27.10.2010 20:08:48 | Computer Name = xxxx-PC | Source = DCOM | ID = 10010 Description = Error - 27.10.2010 20:09:39 | Computer Name = xxxx-PC | Source = DCOM | ID = 10010 Description = Error - 27.10.2010 20:09:39 | Computer Name = xxxx-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80080005 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB2388210) Error - 29.10.2010 12:11:36 | Computer Name = xxxx-PC | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. < End of report > Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5640 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 30.01.2011 17:39:34 mbam-log-2011-01-30 (17-39-34).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 156205 Laufzeit: 2 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{5B8839F1-0233-B249-4C10-C91239564524} (Trojan.ZbotR.Gen) -> Value: {5B8839F1-0233-B249-4C10-C91239564524} -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Geändert von Artjom (30.01.2011 um 17:40 Uhr) |
30.01.2011, 20:59 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen und JAVA/Small.Y fund Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________
__________________ |
30.01.2011, 21:29 | #3 |
| TR/Crypt.XPACK.Gen und JAVA/Small.Y fund nein der einzige ist das
__________________ |
30.01.2011, 21:36 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen und JAVA/Small.Y fundZitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
01.02.2011, 21:32 | #5 |
| TR/Crypt.XPACK.Gen und JAVA/Small.Y fund hi.. sorry für die verspätet Antwort. Hier der Log von heute, beim Vollscan hat der noch nen Trojaner gefunden :-( Zwei fragen hab ich noch: 1. Kann ich bei Malwarebytes im Register Quarantäne die zwei Trojaner die das Programm gefunden hat löschen? 2. Wenn ich die beiden gelöscht hab, wie kann ich sicher sein das die auch entgültig weg sind? Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5655 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 01.02.2011 21:25:25 mbam-log-2011-02-01 (21-25-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 294136 Laufzeit: 36 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\xxxx\Desktop\xxxx\Games\call of duty 4 - modern warfare\Keygen\rzr-cod4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. |
01.02.2011, 21:36 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen und JAVA/Small.Y fundZitat:
Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ --> TR/Crypt.XPACK.Gen und JAVA/Small.Y fund |
01.02.2011, 21:40 | #7 |
| TR/Crypt.XPACK.Gen und JAVA/Small.Y fund Toll da zieht man sich vom kumpel das game auf der lan und schon ist ein Virus mit oben ... |
01.02.2011, 21:42 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen und JAVA/Small.Y fund So ist es, aber mal ehrlich - dass Cracks/Keygen fast immer mit "Beilagen" versehen ist, sollte sich auch mittlerweile auch im allerletzten verwinkelten Winkeldorf rumgesprochen haben, oder ist das ein Geheimnis, dass sowas im Wesentlichen dazu dient Malware in den Umlauf zu bringen?
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu TR/Crypt.XPACK.Gen und JAVA/Small.Y fund |
64-bit, adblock, adobe, alternate, antivir guard, antivirus, avg, avgntflt.sys, avira, bho, bonjour, c:\windows\system32\rundll32.exe, desktop, explorer, firefox, hijack, hijackthis, home premium, ieframe.dll, install.exe, internet, internet explorer, ip-adresse, launch, location, media center, mozilla, neu, nicht gefunden, oldtimer, otl.exe, plug-in, programdata, programm, saver, scan, searchplugins, shell32.dll, software, sptd.sys, start menu, stick, syswow64, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', trojan, trojan.zbotr.gen, usbaapl64, vlc media player, wallpapers, webcheck, windows, wmp |