| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC langsam, Explorer hängt und Firefox auchWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.02.2011, 18:01
| #1 |
 |  PC langsam, Explorer hängt und Firefox auch Hi Trojaner Board! Seit einigen Tagen ist mein Pc irgendwie langsam, der Explorer hängt oft (z.B. verschwindet jedesmal nach dem Hochfahren die Taskleiste für einige Sekunden) und Firefox braucht extrem lange, um eine Seite zu laden. Ich hab mal hier im Forum gesucht, mir Malewarebytes gedownloadet und durchlaufen lassen, das Programm hat auch was gefunden und ich habs geöscht, aber die Probleme sind immer noch net weg. Nach dem Quick Scan hab ich noch einen vollständigen gemacht und noch eine infizierte Datei gefunden, die ich auch gelöscht hab, aber auch das hat nichts gebracht. Ein Antivir Suchlauf hat nichs ergeben, obwohl ich antivir vor Malewarebytes ausgeführt hab. Nachstehend der HijackThis-Log. Bitte helft mir  Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:56:48, on 18.02.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Windows\ehome\ehtray.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Windows\explorer.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\jonas\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Restree] C:\Users\***\AppData\Roaming\Txtole\dephelp.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: phase-6 Reminder.lnk = C:\Program Files\phase-6\phase-6\reminder\reminder.exe O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe -- End of file - 6970 bytes |
|
18.02.2011, 18:06
| #2 |
| /// Malware-holic   | PC langsam, Explorer hängt und Firefox auch poste die Malwarebytes logs, zu finden unter logdateien.
__________________bitte in zukunft keine HijackThis logs mehr! Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
18.02.2011, 19:38
| #3 |
| | PC langsam, Explorer hängt und Firefox auch Hi Markus, danke für die schnelle Antwort
__________________Ich werd in Zukunft keine HijackThis-Logs mehr posten. OTL läuft grad, hier schon mal die drei Malewarebytes-Logs. Ich hab nach jedem Log die gefundenen Sachen gelöscht. _________________________________________ Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5784 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 17.02.2011 17:21:37 mbam-log-2011-02-17 (17-21-34).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 160655 Laufzeit: 6 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 16 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 8 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{9233C3C0-1472-4091-A505-5580A23BB4AC} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\XML.XML.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\XML.XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PopRock (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{94D9469C-C177-B249-A077-9B3FEF9C1709} (Spyware.Passwords.XGen) -> Value: {94D9469C-C177-B249-A077-9B3FEF9C1709} -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Value: userinit -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\sdfjaidhuw.exe (Trojan.SpyEyes) -> Value: sdfjaidhuw.exe -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\sdfjaidhuw.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Users\***\AppData\Roaming\Ygom\mauha.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\igxpgd32.dat (Malware.Trace) -> Quarantined and deleted successfully. c:\Windows\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{5b57cf47-0bfa-43c6-acf9-3b3653dcadba}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Windows\Tasks\{66ba574b-1e11-49b8-909c-8cc9e0e8e015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{783af354-b514-42d6-970e-3e8bf0a5279c}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{bb65b0fb-5712-401b-b616-e69ac55e2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\sdfjaidhuw.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully. _________________________________________ Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5784 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 17.02.2011 20:50:50 mbam-log-2011-02-17 (20-50-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 435841 Laufzeit: 3 Stunde(n), 13 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 6 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{94D9469C-C177-B249-A077-9B3FEF9C1709} (Trojan.ZbotR.Gen) -> Value: {94D9469C-C177-B249-A077-9B3FEF9C1709} -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\Giant\lego star wars game\detectgpu.exe (Trojan.Packer.Gen) -> Not selected for removal. c:\program files\Ubisoft\blue byte\die siedler - das erbe der könige\bin\pztrain.exe (Trojan.Dropper) -> Not selected for removal. c:\Users\***\Desktop\setups\winziger shooter\pno0001.exe (Malware.Packer) -> Not selected for removal. c:\Users\***\downloads\jokeprogramme2\pcschock.exe (PUP.Joke.Schock) -> Not selected for removal. c:\Users\***\downloads\jokeprogramme2\stress reducers.exe (Joke.Stressreducer) -> Not selected for removal. c:\Users\***\downloads\jokeprogramme2\viagra.exe (Joke.VV) -> Not selected for removal. _________________________________________ Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5784 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 18.02.2011 17:38:17 mbam-log-2011-02-18 (17-38-16).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 160292 Laufzeit: 25 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Geändert von haffi36 (18.02.2011 um 19:43 Uhr) |
|
18.02.2011, 19:52
| #4 |
| /// Malware-holic | PC langsam, Explorer hängt und Firefox auch ok kein problem :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.02.2011, 20:26
| #5 |
| | PC langsam, Explorer hängt und Firefox auch so, hier die beiden OTL-Logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.02.2011 19:52:58 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 911,52 Gb Total Space | 646,72 Gb Free Space | 70,95% Space Free | Partition Type: NTFS Drive D: | 19,98 Gb Total Space | 9,90 Gb Free Space | 49,55% Space Free | Partition Type: FAT32 Computer Name: FRODO | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\System32\UAService7.exe (Sony DADC Austria AG.) PRC - C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () PRC - C:\Program Files\Jojo\Arschloch3D\Arschloch3D.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\RocketDock\RocketDock.exe () ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\vbscript.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbem\wmiutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbem\wbemsvc.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbem\wbemprox.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbem\fastprox.dll (Microsoft Corporation) MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbem\wbemdisp.dll (Microsoft Corporation) MOD - C:\Windows\System32\sxs.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbemcomn.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\Windows\System32\UAService7.exe (Sony DADC Austria AG.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (MotDev) -- C:\Windows\System32\drivers\motodrv.sys (Motorola Inc) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola) DRV - (LVUVC) Logitech QuickCam 3000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) DRV - (TIEHDUSB) -- C:\Windows\System32\drivers\tiehdusb.sys (Texas Instruments Incorporated) DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI IE - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://de.mg41.mail.yahoo.com/dc/launch?.gx=0&.rand=340p196mhik2i|hxxp://www.css-lernen.net/|hxxp://www.schuelervz.net/Default|hxxp://www.google.de/imgres?imgurl=hxxp://www.der-feine-tisch.de/images/1_32__24800_03.jpg&imgrefurl=hxxp://www.der-feine-tisch.de/seltmann-weiden-dorothea-china-blau-c-88_581.html&h=500&w=500&sz=47&tbnid=IdlcJlDxvJWQmM:&tbnh=130&tbnw=130&prev=/images%3Fq%3Dchinablau&zoom=1&q=chinablau&usg=__adLCYanE2KrO8PPTsS2Hp5A-QoA=&sa=X&ei=4XUPTeGbJYKPswbSrOX_DA&ved=0CD8Q9QEwAw|hxxp://www.google.de/imgres?imgurl=hxxp://www.porzellantreff.de/isroot/steinkamp/webimages/stimmungsbilder/SeltDorotheablau/2_gr.jpg&imgrefurl=hxxp://www.porzellantreff.de/Seltmann-Weiden-Dorothea-China-Blau-c5615.html&h=500&w=500&sz=39&tbnid=iojSyVO2lPKeBM:&tbnh=130&tbnw=130&prev=/images%3Fq%3Dchinablau&zoom=1&q=chinablau&usg=__10CCXA7b0MvGmOWjUTDMT9_Gbnk=&sa=X&ei=YnYPTca3N830sgb77vj4DA&ved=0CD8Q9QEwBQ|http://www.trojaner-board.de/51187-a...uerzt-ab.html" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: {047CDD12-6202-47E9-B831-8A867BCCA3E6}:1.9.1 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.02 17:04:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.14 18:46:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.14 18:46:14 | 000,000,000 | ---D | M] [2009.04.23 19:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2009.04.23 19:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011.02.18 16:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions [2010.08.19 14:48:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.10 16:49:51 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2011.02.08 23:15:13 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.12.24 00:14:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.08.19 14:48:23 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010.12.11 14:44:02 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2011.02.08 23:15:12 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions\firebug@software.joehewitt.com [2010.09.18 20:39:14 | 000,000,000 | ---D | M] (Personas) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions\personas@christopher.beard [2009.09.25 19:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010.12.14 18:46:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.10.13 11:33:43 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\***\APPDATA\LOCAL\{047CDD12-6202-47E9-B831-8A867BCCA3E6} [2010.12.14 18:46:12 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2010.12.14 18:46:12 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007.04.10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2010.12.14 18:46:13 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006.10.26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2010.03.12 21:18:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.12 21:18:31 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.03.12 21:18:31 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2010.03.12 21:18:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.12 21:18:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.12 21:18:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [WinampAgent] File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000..\Run: [Restree] C:\Users\***\AppData\Roaming\Txtole\dephelp.exe () O4 - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.18 19:23:11 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\jonas\Desktop\OTL.exe [2011.02.17 17:12:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.02.17 17:11:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.02.17 17:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.17 17:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.17 17:11:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.02.17 17:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.02.13 17:38:42 | 000,000,000 | -H-- | C] () -- C:\Users\***\ntuser.dat.LOG2 [2011.02.12 22:07:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Txtole [2011.02.10 20:08:38 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Arbeitstitel Biology_data [2011.02.09 20:49:02 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.09 20:48:59 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.09 20:48:58 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.09 20:48:48 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.02.09 20:48:48 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.02.09 20:48:48 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2011.02.09 20:48:47 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.02.09 20:48:47 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.02.09 20:48:47 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.02.09 20:48:47 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.02.09 20:48:47 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.02.09 20:48:47 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.02.09 20:48:46 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.02.09 20:48:46 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.02.09 20:48:46 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.02.09 20:48:45 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.02.09 20:48:45 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.02.09 20:48:45 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.02.09 20:48:45 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.02.09 20:48:45 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.02.09 20:48:45 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.02.09 20:48:44 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.02.09 20:48:44 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.02.09 20:48:43 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.02.09 20:48:43 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.02.09 20:48:41 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.02.09 20:48:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.02.09 20:48:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.02.09 20:48:05 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.09 20:48:05 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.09 20:48:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.09 20:48:05 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.02.09 20:48:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.09 20:48:05 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.02.09 20:48:02 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.09 20:48:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.08 15:56:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\3DFA [2011.02.08 15:56:58 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\3DFA [2011.02.08 15:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Flash Animator 4.9.8.7 [2011.02.08 15:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\3D Flash Animator 4.9.8.7 [2011.02.07 16:43:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\scream [2011.02.06 21:36:44 | 000,000,472 | ---- | C] () -- C:\Users\***\.lmmsrc.xml [2011.02.05 21:15:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\dino.to [2011.01.25 21:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LMMS 0.4.6 [2011.01.25 21:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\LMMS 0.4.6 [2010.10.13 11:33:45 | 000,000,120 | ---- | C] () -- C:\Users\***\AppData\Local\Oxorigatagacuti.dat [2010.10.13 11:33:45 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\Kseke.bin [2010.10.13 11:30:50 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\googleupdate.log [2010.07.21 15:43:54 | 000,019,456 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2010.03.02 16:52:15 | 000,000,551 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini [2009.05.10 11:57:46 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.03.26 18:32:16 | 002,416,742 | -H-- | C] () -- C:\Users\***\AppData\Local\IconCache.db [2009.03.26 17:03:58 | 000,184,320 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.26 16:20:38 | 000,109,968 | ---- | C] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2006.11.02 13:50:50 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini ========== Files - Modified Within 30 Days ========== [2011.02.18 19:54:59 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2011.02.18 19:23:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\jonas\Desktop\OTL.exe [2011.02.18 18:43:29 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.18 18:43:29 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.18 17:36:02 | 000,003,758 | ---- | M] () -- C:\Users\***\Desktop\Accounts.kdbx [2011.02.18 16:48:31 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.18 16:48:31 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.18 16:48:31 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.18 16:48:31 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.18 16:45:06 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2011.02.18 16:43:58 | 000,071,173 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.02.18 16:43:58 | 000,071,173 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.02.18 16:43:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.18 16:43:23 | 3485,671,424 | -HS- | M] () -- C:\hiberfil.sys [2011.02.17 16:35:31 | 000,095,232 | ---- | M] () -- C:\Users\***\Desktop\Overpopulation.doc [2011.02.14 20:23:39 | 000,011,009 | ---- | M] () -- C:\Users\***\Desktop\Rewe Bewerbung.docx [2011.02.14 18:19:56 | 000,184,320 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.11 16:37:06 | 000,383,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.10 20:08:39 | 000,001,501 | ---- | M] () -- C:\Users\***\Desktop\Arbeitstitel Biology.aup [2011.02.10 15:42:05 | 000,010,257 | ---- | M] () -- C:\Users\***\Desktop\Zeiten für Jugend.docx [2011.02.08 18:28:01 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2011.02.08 15:56:50 | 000,000,819 | ---- | M] () -- C:\Users\***\Desktop\3D Flash Animator 4.9.8.7.lnk [2011.02.07 20:14:17 | 000,011,213 | ---- | M] () -- C:\Users\***\Desktop\Bewerbung Ferienspiele.docx [2011.02.07 20:08:31 | 000,011,556 | ---- | M] () -- C:\Users\***\Desktop\Lebenslauf.docx [2011.02.07 17:32:56 | 000,012,518 | ---- | M] () -- C:\Users\***\Desktop\Ein gutes Gesangsmikrofon ist vorzugsweise ein Kondensator Mikrofon.docx [2011.02.06 21:36:44 | 000,000,472 | ---- | M] () -- C:\Users\***\.lmmsrc.xml [2011.02.04 22:10:26 | 000,010,640 | -HS- | M] () -- C:\Users\***\Desktop\Folder.jpg [2011.02.04 22:10:26 | 000,002,625 | -HS- | M] () -- C:\Users\***\Desktop\AlbumArtSmall.jpg [2011.01.25 22:26:26 | 000,002,205 | ---- | M] () -- C:\Users\***\Desktop\versuch.mmpz [2011.01.25 21:58:24 | 000,000,818 | ---- | M] () -- C:\Users\***\Desktop\Linux MultiMedia Studio.lnk [2011.01.20 17:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.01.20 17:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.01.20 17:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.01.20 17:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.01.20 17:08:06 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.01.20 17:07:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.01.20 17:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.01.20 17:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.01.20 17:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.01.20 17:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.01.20 15:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.01.20 15:27:50 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.01.20 15:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.01.20 15:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.01.20 15:24:32 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.01.20 15:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.01.20 15:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.01.20 15:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.01.20 15:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.01.20 15:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.01.20 15:12:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.01.20 15:11:34 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.01.20 14:47:51 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.01.20 14:44:05 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.01.20 14:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll ========== Files Created - No Company Name ========== [2011.02.17 16:35:29 | 000,095,232 | ---- | C] () -- C:\Users\***\Desktop\Overpopulation.doc [2011.02.14 20:23:31 | 000,011,009 | ---- | C] () -- C:\Users\***\Desktop\Rewe Bewerbung.docx [2011.02.10 20:08:39 | 000,001,501 | ---- | C] () -- C:\Users\***\Desktop\Arbeitstitel Biology.aup [2011.02.08 15:56:50 | 000,000,819 | ---- | C] () -- C:\Users\***\Desktop\3D Flash Animator 4.9.8.7.lnk [2011.02.07 17:32:55 | 000,012,518 | ---- | C] () -- C:\Users\***\Desktop\Ein gutes Gesangsmikrofon ist vorzugsweise ein Kondensator Mikrofon.docx [2011.02.04 19:40:07 | 000,010,257 | ---- | C] () -- C:\Users\***\Desktop\Zeiten für Jugend.docx [2011.02.01 16:40:32 | 000,011,556 | ---- | C] () -- C:\Users\***\Desktop\Lebenslauf.docx [2011.02.01 16:20:18 | 000,011,213 | ---- | C] () -- C:\Users\***\Desktop\Bewerbung Ferienspiele.docx [2011.01.25 22:17:06 | 000,002,205 | ---- | C] () -- C:\Users\***\Desktop\versuch.mmpz [2011.01.25 21:58:24 | 000,000,818 | ---- | C] () -- C:\Users\***\Desktop\Linux MultiMedia Studio.lnk [2010.01.13 20:07:01 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.12.05 18:07:37 | 000,068,960 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009.09.24 13:54:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.04.09 18:22:10 | 000,003,764 | ---- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009.04.09 18:22:10 | 000,000,008 | ---- | C] () -- C:\Windows\System32\F2D1332BB9.sys [2009.01.23 15:37:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.05.20 11:57:16 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll ========== LOP Check ========== [2009.03.27 17:07:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BullGuard [2009.07.13 17:29:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Internet-Radio Player [2011.02.08 15:56:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\3DFA [2010.10.11 22:22:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahnenblatt [2010.05.20 18:05:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2010.12.18 17:24:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2010.12.19 23:18:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2010.12.19 23:10:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.15 23:54:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Enrawa [2011.02.08 16:13:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.11.11 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape [2010.05.17 19:38:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Internet-Radio Player [2009.04.23 20:38:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Internetradio Player [2011.02.18 17:36:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass [2010.12.04 18:17:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2010.05.12 21:12:11 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec [2010.10.01 18:18:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Marine Aquarium 3 [2010.02.19 21:05:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Petroglyph [2009.05.19 18:07:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar-Player [2010.03.22 19:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SongBeamer [2009.12.07 15:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2010.12.17 15:02:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2011.02.12 22:07:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Txtole [2010.11.25 17:38:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode [2011.02.17 17:21:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ygom [2011.02.17 23:32:21 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.02.18 19:54:59 | 000,000,408 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.02.08 15:56:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\3DFA [2010.01.13 20:43:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2010.10.11 22:22:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahnenblatt [2010.05.20 18:05:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2010.11.05 21:01:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira [2010.12.18 17:24:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2009.06.12 17:24:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Corel [2010.04.19 14:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX [2011.01.28 12:48:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss [2010.12.19 23:18:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2010.12.19 23:10:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.15 23:54:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Enrawa [2011.02.08 16:13:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2009.03.26 16:20:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2010.11.11 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape [2010.05.17 19:38:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Internet-Radio Player [2009.04.23 20:38:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Internetradio Player [2011.02.18 17:36:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass [2010.12.04 18:17:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2010.05.12 21:12:11 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec [2009.03.27 16:31:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2011.02.17 17:12:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.10.01 18:18:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Marine Aquarium 3 [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2010.12.03 20:53:06 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2010.10.23 11:34:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2009.03.26 16:58:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero [2010.02.19 21:05:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Petroglyph [2009.05.19 18:07:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar-Player [2010.01.17 22:41:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Reallusion [2009.08.25 15:44:24 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM [2011.02.18 19:51:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2011.02.18 16:44:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM [2010.03.22 19:54:58 | 000,000,000 | ---D | M] -- C:\Users\***AppData\Roaming\SongBeamer [2009.12.07 15:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2010.12.17 15:02:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2011.02.12 22:07:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Txtole [2011.02.17 22:28:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc [2010.08.23 18:00:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR [2010.11.25 17:38:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode [2011.02.17 17:21:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ygom < %APPDATA%\*.exe /s > [2010.10.11 10:05:33 | 000,699,974 | ---- | M] () -- C:\Users\***\AppData\Roaming\Ahnenblatt\unins000.exe [2009.05.19 18:07:42 | 000,045,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Internet-Radio Player\update.exe [2009.05.19 18:07:47 | 001,369,656 | ---- | M] ( ) -- C:\Users\***\AppData\Roaming\Internet-Radio Player\update2.exe [2008.07.09 10:49:52 | 000,094,208 | ---- | M] () -- C:\Users\***\AppData\Roaming\Internetradio Player\skins\ps_starter.exe [2010.12.04 22:01:48 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{0085029F-9640-4D93-800D-D0F53188758A}\_1E9320E28517EADEA18698.exe [2010.12.04 22:01:48 | 000,004,286 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{0085029F-9640-4D93-800D-D0F53188758A}\_6FEFF9B68218417F98F549.exe [2010.12.04 22:01:49 | 000,004,286 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{0085029F-9640-4D93-800D-D0F53188758A}\_A368E345A811C53748493B.exe [2010.12.04 22:01:49 | 000,004,286 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{0085029F-9640-4D93-800D-D0F53188758A}\_FE6B7DD73314696E604C2E.exe [2010.11.12 18:23:58 | 000,029,926 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe [2011.02.17 16:19:49 | 000,366,080 | ---- | M] () -- C:\Users\***\AppData\Roaming\Txtole\dephelp.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.10.09 00:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.10.09 00:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\drivers\iaStor.sys [2007.10.09 00:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1bb129e3\iaStor.sys [2007.10.09 00:19:02 | 000,383,000 | ---- | M] (Intel Corporation) MD5=968BCEAD432CD478D0659FC95ED52170 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:60466E88 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.02.2011 19:52:58 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,52 Gb Total Space | 646,72 Gb Free Space | 70,95% Space Free | Partition Type: NTFS
Drive D: | 19,98 Gb Total Space | 9,90 Gb Free Space | 49,55% Space Free | Partition Type: FAT32
Computer Name: FRODO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001BEE00-47B8-4A3C-8796-1C38B49B9D0E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{043065E2-8613-4C5B-B7C4-8E555002DBFD}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{1DDFEBD6-F9F2-40CC-AF97-14F20C0CF538}" = lport=3389 | protocol=6 | dir=in | name=thomas |
"{26DBE7A6-F687-4D20-ACA3-D6DD173001BC}" = rport=138 | protocol=17 | dir=out | app=system |
"{32F7C802-C437-4902-898B-4A00A8D17A18}" = lport=3389 | protocol=17 | dir=in | name=thomas2 |
"{3B3CB026-1C49-4829-8E07-EC6A7BACF2BA}" = rport=445 | protocol=6 | dir=out | app=system |
"{3B6BD8A1-7CD7-447B-B69B-F1AFB1DD3D67}" = rport=139 | protocol=6 | dir=out | app=system |
"{812A6E2C-B2BF-4EE0-BCD3-FC41C6335C6E}" = rport=137 | protocol=17 | dir=out | app=system |
"{ACE70779-71B8-4B4A-9D4B-358D61383CCE}" = lport=138 | protocol=17 | dir=in | app=system |
"{C1DC7E67-4561-4E8E-A891-E003E765D03E}" = lport=445 | protocol=6 | dir=in | app=system |
"{CF845E6F-9C7E-49BC-8E1D-6BFE24933D73}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D1A55229-84C5-4EC7-A972-9C317C763901}" = lport=139 | protocol=6 | dir=in | app=system |
"{E882AAA3-D43C-49CC-A0D5-00E6E2700FE0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EADF2C35-5BC7-419F-921B-E6701F7A9452}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{F31F9062-636B-474D-B938-245B108B917F}" = lport=137 | protocol=17 | dir=in | app=system |
"{F76DF8B6-BEBF-460C-A068-FAC5FAA6545A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D02C4C-30B8-487A-9396-1AEB431B5046}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{07CB7960-5A6A-427B-AF53-4D92FD40EBCB}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{0B86901A-C278-4D49-B7FB-9DE783811987}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0D7E1BBB-84B6-47FB-9B43-0F4A6F8D97CB}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1164C742-4982-4BA2-99C4-629F9BA91239}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{13395891-D38B-4062-BA3D-9CF277FB3C81}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"{20975BC0-5C59-4EEF-85C7-B786DB042A4C}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"{2A555EC6-B67E-4A5C-808D-E987500C1196}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"{2C5A7C41-5A04-4805-AB7B-DC4BF33B0CBC}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
"{2F612F03-95A8-4F7F-A862-D9DF6FE3331B}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"{34DDCD21-1B5C-49FC-BF57-C2339E6E0035}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{35605402-AD2A-44EE-9DF2-F3C0A703777A}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{42602D7A-CB7B-4205-B8D8-B5A4A8AB0957}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{54042B2E-C7DC-45C7-A58E-D5E403043354}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54C2DD91-F853-476A-8E8C-5FB2CA2990A3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{642E9DE6-B0A7-47A0-9630-9FF4B5F36607}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{67D92EB5-A5C8-427C-BB09-2F85491C099A}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{6AC3C1D2-25AD-4030-BA39-5DA5F37ED9BE}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{77AE2656-6475-4852-824D-8C7087E94749}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{77DB84DD-85FE-40FE-B124-1E389262D89C}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{86B73D3B-12DE-4B42-AF1A-C41F21ECF83C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{899B45B2-9D4F-4A2D-9FC4-A7D53A36BAC2}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{8F3F8FFF-E184-43B2-8197-D61334A791D5}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{906DFEC9-8B75-4BD1-949B-6E4F4A21D346}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
"{931A3C42-EA72-4151-A3A8-68CA661F2D2E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{963BF079-C5F9-454F-8384-C8936A2A871E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A4FA4ED4-690C-4661-BF5C-300314C6D8E6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AB58F9DB-B056-436B-A8B9-336975B4CB15}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{ACE181DF-B20F-471B-9D11-F9A1CF4F2355}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{B0F41ADA-0687-40E8-8AC8-F47E120D1EA5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B12FF43D-7018-4DBA-8C11-76E7115F5F59}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B7F24C27-A59C-4137-8247-F4BF87CB3C8C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C5CE6E27-66BC-430D-ABD0-2C07AFBEDC06}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{CCC6554B-8AA2-4F32-B4AC-A7CECD22428C}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{D1282F75-29D5-4ACC-89CB-42346952EDC0}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{D47DBABC-9F79-4893-B65C-73418420AAF7}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{E8BE5309-F5D3-4DC8-A66B-04E893DF5F11}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
"{EED8403F-47BA-44B7-AC74-6C2A4489170E}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
"{FD314947-30F9-4AB8-9984-F8F302E653B2}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"TCP Query User{119A5951-D334-4F79-875B-A7DDB3658A86}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{2A928FF5-597E-4559-9A43-8CB99B375702}C:\program files\pinnacle\studio 14\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"TCP Query User{3DF44DEB-E090-439D-805B-C0B97982593A}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{43CC3061-FA62-4BC9-81E6-4C0B7560C156}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"TCP Query User{441B0801-6399-4E5D-A9C1-2FD717B56830}C:\program files\tremulous\tremulous.exe" = protocol=6 | dir=in | app=c:\program files\tremulous\tremulous.exe |
"TCP Query User{46D82747-FE0A-468E-942E-D247BD3848AF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{481494B8-8D18-4998-B3EE-7AEDBE3041BC}C:\program files\bloodfrontier\bin\bfclient.exe" = protocol=6 | dir=in | app=c:\program files\bloodfrontier\bin\bfclient.exe |
"TCP Query User{5681DC7A-743A-44BF-A35A-1B221825FABC}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{67C14D7C-FBDC-423B-AA20-378F2D4D5E50}C:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe |
"TCP Query User{775F3A51-7D87-41FE-9094-981EC6065AC7}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{78AE288A-FE59-43C3-B925-5FD08F845F19}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{7E67FCE0-FA40-4317-816E-082100D2C4D1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{8EEA8516-6A69-4CBF-B54F-97DC4613768C}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{A46189A9-B39C-4C3A-8429-652850850D46}C:\program files\jahshaka\jahshaka.exe" = protocol=6 | dir=in | app=c:\program files\jahshaka\jahshaka.exe |
"TCP Query User{B67D20C1-917B-40A6-B187-443AECDD87CE}C:\users\***\saved games\reitakademie.exe" = protocol=6 | dir=in | app=c:\users\***\saved games\reitakademie.exe |
"TCP Query User{CD03C593-D76F-40E9-B59E-61746CE51E46}C:\program files\scratch\scratch.exe" = protocol=6 | dir=in | app=c:\program files\scratch\scratch.exe |
"TCP Query User{D09801E7-D179-4B1A-A713-C49CFCC33CB1}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{D386493E-49E5-4574-8913-25E9BFE96A2B}C:\program files\bloodfrontier\bin\bfclient.exe" = protocol=6 | dir=in | app=c:\program files\bloodfrontier\bin\bfclient.exe |
"TCP Query User{D3C5C29C-4B7F-4C4F-A749-69EF33AB496C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F495EA7D-3C3C-4D7E-9783-7DE94945671B}C:\program files\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"TCP Query User{FEB9522E-F57E-4E6E-AE1A-60A17E713B56}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{073D26D3-118B-4006-B47E-301572B8ED08}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{08DB0EAE-5826-4B93-8585-43721F4E0175}C:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe |
"UDP Query User{21C338A9-9BB8-4E2C-B6A2-6A84A23514B5}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{25C2593A-2C5F-4615-8C12-E33015E42AB4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{34E23377-806C-45B3-8445-986E55D290BB}C:\program files\jahshaka\jahshaka.exe" = protocol=17 | dir=in | app=c:\program files\jahshaka\jahshaka.exe |
"UDP Query User{3CC34213-C09B-4286-9DEC-9EECE9C754D5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{65B5DBC5-605D-480B-937D-03B20D83844D}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{6EDAA2D2-4D15-4DD0-BB41-9206A2938EF0}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{77E38DD5-DFCA-44F8-853A-E9198468FD40}C:\program files\bloodfrontier\bin\bfclient.exe" = protocol=17 | dir=in | app=c:\program files\bloodfrontier\bin\bfclient.exe |
"UDP Query User{7A426C28-4952-4801-BF5A-DA15B04A96A7}C:\program files\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"UDP Query User{90D919A9-A1A1-4674-A489-17C6B313BDA5}C:\users\***\saved games\reitakademie.exe" = protocol=17 | dir=in | app=c:\users\***\saved games\reitakademie.exe |
"UDP Query User{A0C63C06-B1C7-4476-9686-68A68AB06901}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{BF32C7B5-7F79-43BB-9997-DF6C42213C2A}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{C2FEEC54-2C5E-411B-A9DA-97F50131962A}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{CA46EFB2-8186-4BED-911F-61AF10510BB9}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{CD6BE145-B952-4347-AB46-DF0B3168C4C1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D4938371-4BD2-4B1C-B93E-7156A63970B2}C:\program files\bloodfrontier\bin\bfclient.exe" = protocol=17 | dir=in | app=c:\program files\bloodfrontier\bin\bfclient.exe |
"UDP Query User{E146C9B4-D0F4-463A-B3AF-A5DD2430038D}C:\program files\scratch\scratch.exe" = protocol=17 | dir=in | app=c:\program files\scratch\scratch.exe |
"UDP Query User{E34D52DB-B62C-4416-A218-A49664479C5A}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{EEDFEC95-D150-45F4-87C8-911BB8B71FE9}C:\program files\pinnacle\studio 14\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"UDP Query User{FDFB38C8-3FAB-426D-9B4B-C74F4C0F48EE}C:\program files\tremulous\tremulous.exe" = protocol=17 | dir=in | app=c:\program files\tremulous\tremulous.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{0085029F-9640-4D93-800D-D0F53188758A}" = Arschloch3D
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{227B798F-4300-4727-A3F1-2B8F2727BE06}" = Moorhuhn Total 4
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41C354B6-F2D5-422F-9DCF-001D8C30D09C}" = Moorhuhn X - XXL
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8775DE7C-A742-494C-92C5-448315ECFE1A}" = Moorhuhn-Total 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C769CF-6562-43ED-BD1F-7E19DF32EE0B}" = N
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A69626F0-D359-47F4-847B-F881A8A7D134}" = Logitech QuickCam for Enterprise
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{ED1390DC-6910-4C77-97E2-579CAFE82F5B}" = Moorhuhn 4 Teile
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3D Flash Animator 4.9.8.7" = 3D Flash Animator 4.9.8.7
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Ahnenblatt_is1" = Ahnenblatt 2.62
"Any Video Converter_is1" = Any Video Converter 3.0.5
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"BloodFrontier" = BloodFrontier
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"Free 3D Photo Maker_is1" = Free 3D Photo Maker version 2.0
"Free Studio_is1" = Free Studio version 4.8
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"Internet-Radio Player_is1" = Internet-Radio Player Version 2.01.4
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.13
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"LMMS 0.4.6" = Linux MultiMedia Studio (LMMS)
"lvdrivers_11.72" = Logitech QuickCam for Enterprise-Treiberpaket
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenLibraries" = OpenLibraries
"phase-6" = phase-6 2.1.1
"phase-6 Feeding Tool" = phase-6 Feeding Tool 1.1.4
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"RocketDock_is1" = RocketDock 1.3.5
"Sauerbraten" = Sauerbraten
"Scratch" = Scratch
"scratch2exe" = ChirpCompiler
"SereneScreen Marine Aquarium 3_is1" = SereneScreen Marine Aquarium 3
"SongBeamer_Setup_is1" = SongBeamer 4.03b
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 1.0.3
"VobSub" = VobSub v2.23 (Remove Only)
"War of the Ring" = WAR OF THE RING™ DER RINGKRIEG™
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra WebStart" = GeoGebra WebStart
"Inkscape" = Inkscape 0.48.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.09.2010 15:03:49 | Computer Name = frodo | Source = WinMgmt | ID = 10
Description =
Error - 23.09.2010 06:41:39 | Computer Name = frodo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.09.2010 06:41:39 | Computer Name = frodo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.09.2010 06:41:46 | Computer Name = frodo | Source = WinMgmt | ID = 10
Description =
Error - 24.09.2010 10:25:13 | Computer Name = frodo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.09.2010 10:25:13 | Computer Name = frodo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.09.2010 10:25:28 | Computer Name = frodo | Source = WinMgmt | ID = 10
Description =
Error - 25.09.2010 06:35:39 | Computer Name = frodo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 06:35:39 | Computer Name = frodo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 06:35:47 | Computer Name = frodo | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 11.12.2009 17:50:03 | Computer Name = frodo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.04.2010 13:33:52 | Computer Name = frodo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 28.12.2010 17:09:42 | Computer Name = frodo | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 28.12.2010 17:09:42 | Computer Name = frodo | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 28.12.2010 17:09:43 | Computer Name = frodo | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 28.12.2010 17:10:45 | Computer Name = frodo | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 28.12.2010 17:12:06 | Computer Name = frodo | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error - 08.01.2011 06:19:13 | Computer Name = frodo | Source = Service Control Manager | ID = 7011
Description =
Error - 15.01.2011 16:20:13 | Computer Name = frodo | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0022436B6BCA zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 24.01.2011 15:49:29 | Computer Name = frodo | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 04.02.2011 17:26:47 | Computer Name = frodo | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 04.02.2011 17:29:17 | Computer Name = frodo | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
Geändert von haffi36 (18.02.2011 um 20:55 Uhr) |
|
19.02.2011, 11:25
| #6 |
| /// Malware-holic | PC langsam, Explorer hängt und Firefox auch bitte ersetze in meinem script *** durch nutzernamen, sonst wirds nichts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O4 - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000..\Run: [Restree] C:\Users\***\AppData\Roaming\Txtole\dephelp.exe () :Files C:\Users\***\AppData\Roaming\Txtole :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ --> PC langsam, Explorer hängt und Firefox auch |
|
19.02.2011, 15:12
| #7 |
| | PC langsam, Explorer hängt und Firefox auch Hi Das Archiv hab ich hochgeladen und hier ist die Textdatei: All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-1603881390-1326804135-3925035368-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Restree deleted successfully. C:\Users\***\AppData\Roaming\Txtole\dephelp.exe moved successfully. ========== FILES ========== C:\Users\***\AppData\Roaming\Txtole folder moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Gast User: *** ->Flash cache emptied: 1139 bytes User: *** ->Flash cache emptied: 7384 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temporary Internet Files folder emptied: 73 bytes User: Default User ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 49660 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: *** ->Temp folder emptied: 3900434 bytes ->Temporary Internet Files folder emptied: 1306523 bytes ->Java cache emptied: 118671 bytes ->FireFox cache emptied: 12150947 bytes ->Flash cache emptied: 0 bytes User: *** ->Temp folder emptied: 6907171 bytes ->Temporary Internet Files folder emptied: 209214 bytes ->Java cache emptied: 13507207 bytes ->FireFox cache emptied: 56457387 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 69002 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 90,00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02192011_145530 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
19.02.2011, 15:24
| #8 |
| | PC langsam, Explorer hängt und Firefox auch Cool, als ich gerade neugestartet hab, ist die taskleiste nicht mehr verschwunden |
|
19.02.2011, 15:55
| #9 |
| /// Malware-holic | PC langsam, Explorer hängt und Firefox auch danke. machst du onlinebanking /einkäufe, oder sonst was wichtiges mit dem pc?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.02.2011, 15:57
| #10 |
| | PC langsam, Explorer hängt und Firefox auch Nein. Ist mein Pc jetzt sauber? |
|
19.02.2011, 16:02
| #11 |
| /// Malware-holic | PC langsam, Explorer hängt und Firefox auch nein :-) bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.02.2011, 17:01
| #12 |
| | PC langsam, Explorer hängt und Firefox auch schade hier, bitte: Combofix Logfile: Code:
ATTFilter ComboFix 11-02-18.05 - *** 19.02.2011 16:17:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.1859 [GMT 1:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2011-01-19 bis 2011-02-19 ))))))))))))))))))))))))))))))
.
2011-02-19 15:11 . 2011-02-19 15:13 -------- d-----w- C:\32788R22FWJFW
2011-02-19 13:55 . 2011-02-19 14:07 -------- d-----w- C:\_OTL
2011-02-17 16:12 . 2011-02-17 16:12 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-02-17 16:11 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-17 16:11 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-17 16:11 . 2011-02-17 16:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-09 19:49 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-08 14:56 . 2011-02-08 14:56 -------- d-----w- c:\users\***\AppData\Roaming\3DFA
2011-02-08 14:55 . 2011-02-08 15:18 -------- d-----w- c:\program files\3D Flash Animator 4.9.8.7
2011-01-25 20:50 . 2011-01-25 20:50 -------- d-----w- c:\program files\LMMS 0.4.6
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 15:55 . 2011-01-11 20:37 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-21 17:41 . 2009-04-23 18:50 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-14 14:49 . 2011-01-11 20:37 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-11-23 19:12 . 2009-04-23 18:50 61960 ------w- c:\windows\system32\drivers\avgntflt.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-03 1833504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-08 281768]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-06-03 564496]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2010-09-05 1655296]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
phase-6 Reminder.lnk - c:\program files\phase-6\phase-6\reminder\reminder.exe [2009-1-7 1028096]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Feeds]
2009-02-11 15:56 496 ----a-w- c:\windows\feeds.bat.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 jbridgep;jbridgep;c:\users\***\AppData\Local\Temp\jbridgep.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 19712]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 42752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-08 135336]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2011-02-19 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com/
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\yuzw6ylg.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.mg41.mail.yahoo.com/dc/launch?.gx=0&.rand=340p196mhik2i|hxxp://www.css-lernen.net/|hxxp://www.schuelervz.net/Default|hxxp://www.google.de/imgres?imgurl=hxxp://www.der-feine-tisch.de/images/1_32__24800_03.jpg&imgrefurl=hxxp://www.der-feine-tisch.de/seltmann-weiden-dorothea-china-blau-c-88_581.html&h=500&w=500&sz=47&tbnid=IdlcJlDxvJWQmM:&tbnh=130&tbnw=130&prev=/images%3Fq%3Dchinablau&zoom=1&q=chinablau&usg=__adLCYanE2KrO8PPTsS2Hp5A-QoA=&sa=X&ei=4XUPTeGbJYKPswbSrOX_DA&ved=0CD8Q9QEwAw|hxxp://www.google.de/imgres?imgurl=hxxp://www.porzellantreff.de/isroot/steinkamp/webimages/stimmungsbilder/SeltDorotheablau/2_gr.jpg&imgrefurl=hxxp://www.porzellantreff.de/Seltmann-Weiden-Dorothea-China-Blau-c5615.html&h=500&w=500&sz=39&tbnid=iojSyVO2lPKeBM:&tbnh=130&tbnw=130&prev=/images%3Fq%3Dchinablau&zoom=1&q=chinablau&usg=__10CCXA7b0MvGmOWjUTDMT9_Gbnk=&sa=X&ei=YnYPTca3N830sgb77vj4DA&ved=0CD8Q9QEwBQ|http://www.trojaner-board.de/51187-a...tuerzt-ab.html
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: XULRunner: {047CDD12-6202-47E9-B831-8A867BCCA3E6} - c:\users\***\AppData\Local\{047CDD12-6202-47E9-B831-8A867BCCA3E6}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-Bpirasokupugebu - c:\users\***\AppData\Local\uxatoqeziwakec.dll
MSConfigStartUp-Canaveral - c:\users\***\AppData\Local\Temp\sshnas21.dll
MSConfigStartUp-Cognac - c:\users\***\AppData\Local\Temp\8893.exe
MSConfigStartUp-Epeze - c:\users\***\AppData\Local\orvpnrt.dll
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-mediacodec - c:\users\***\AppData\Local\Temp\mediacodec.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-TOY5KNQ8OC - c:\users\***\AppData\Local\Temp\Wn1.exe
AddRemove-War of the Ring - c:\programme\Liquid Entertainment\DER RINGKRIEG™\Setup.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-19 16:25
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1603881390-1326804135-3925035368-1000\Software\SecuROM\License information*]
"datasecu"=hex:f3,b6,5f,b7,ac,0a,24,13,31,17,d8,5a,d6,1f,2e,71,83,36,33,af,6f,
55,ef,6a,04,98,62,d0,30,c4,12,87,48,79,ee,ac,e2,00,66,6a,e5,e5,38,ea,d4,04,\
"rkeysecu"=hex:2f,20,05,df,a2,92,8b,f3,ae,d7,c1,81,bf,ba,1a,b8
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-02-19 16:43:43
ComboFix-quarantined-files.txt 2011-02-19 15:43
Vor Suchlauf: 12 Verzeichnis(se), 694.997.192.704 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 694.033.539.072 Bytes frei
- - End Of File - - D4DDC4A1E88B18FFA47EEF111E602B97
|
|
19.02.2011, 17:09
| #13 |
| /// Malware-holic | PC langsam, Explorer hängt und Firefox auch update malwarebytes, komplett scan, log posten. |
|
19.02.2011, 20:45
| #14 |
| | PC langsam, Explorer hängt und Firefox auch Hier ist der Malewarebytes-Log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5810 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 19.02.2011 18:58:59 mbam-log-2011-02-19 (18-58-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|) Durchsuchte Objekte: 432436 Laufzeit: 1 Stunde(n), 39 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 6 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\Ubisoft\blue byte\die siedler - das erbe der könige\bin\pztrain.exe (Trojan.Dropper) -> No action taken. c:\Users\***\Desktop\setups\winziger shooter\pno0001.exe (Malware.Packer) -> No action taken. c:\Users\***\downloads\jokeprogramme2\pcschock.exe (PUP.Joke.Schock) -> No action taken. c:\Users\***\downloads\jokeprogramme2\stress reducers.exe (Joke.Stressreducer) -> No action taken. c:\Users\***\downloads\jokeprogramme2\viagra.exe (Joke.VV) -> No action taken. c:\_OTL\movedfiles\02192011_145530\C_Users\***\AppData\Roaming\Txtole\dephelp.exe (Spyware.Passwords.XGen) -> No action taken. Die Dateien sind alle erwünscht, bis auf das letzte, aber das befindet sich ja in movedfiles von OTL. Deswegen habe ich keine Aktion ausgeführt. |
|
20.02.2011, 10:40
| #15 |
| /// Malware-holic | PC langsam, Explorer hängt und Firefox auch recht so. wie läuft der rechner
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu PC langsam, Explorer hängt und Firefox auch |
| antivir, antivir guard, avira, bho, converter, desktop, explorer hängt, firefox, hijack, hängt, infizierte datei, internet, internet explorer, langsam, mozilla, mp3, pc langsam, plug-in, programm, realtek, scan, sekunden, senden, software, system, trojaner, trojaner board, virus, vista, windows |
Linear-Darstellung
