![]() |
Log-Analyse und Auswertung: Facebook Virus!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 | |
| ![]() Facebook Virus! Hallo Leute, Ich hab bei Facebook einen Link bekommen und den direkt angeklickt, da er von einem Freund kam. Ein Kumpel der dann von mir die gleiche Nachricht bekommen hat, hat gemeint ich hab mir einen Trojaner eingefangen. Er hat mir auch gleich den Link von dem Board hier geschickt. Hab den MFT ordner runter geladen. Hab die Anleitung befolgt und nun 3 .txt files bekommen. MBAM Log Zitat:
OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.03.2011 21:54:17 - Run 2 OTL by OldTimer - Version Folder = C:\Users\Matze\Desktop\MFTools 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 69,77 Gb Total Space | 16,31 Gb Free Space | 23,37% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 112,77 Gb Free Space | 75,66% Space Free | Partition Type: NTFS Drive E: | 69,52 Gb Total Space | 9,61 Gb Free Space | 13,82% Space Free | Partition Type: NTFS Drive F: | 625,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MATZE-PC | User Name: Matze | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.03.07 21:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matze\Desktop\MFTools\OTL.exe PRC - [2011.01.05 22:19:02 | 003,370,296 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2010.12.06 08:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2010.11.02 15:26:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.02 15:26:40 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.02 15:26:40 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.06.24 15:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2009.10.27 08:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2009.10.27 08:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009.10.27 08:14:22 | 000,128,000 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrv.exe PRC - [2009.09.05 16:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe ========== Modules (SafeList) ========== MOD - [2011.03.07 21:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matze\Desktop\MFTools\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.02.25 18:37:16 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2010.12.06 08:31:50 | 002,101,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.11.02 15:26:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.02 15:26:40 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.06.24 15:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.07 13:26:36 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.02.25 18:42:00 | 001,398,088 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.02.25 18:37:08 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2009.10.27 08:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- E:\Programme\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.01.04 16:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.11.28 23:47:09 | 000,508,472 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.11.02 15:26:41 | 000,081,584 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.05.01 07:51:14 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:64bit: - [2010.04.27 03:25:22 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm) DRV:64bit: - [2010.04.27 03:25:22 | 000,129,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) DRV:64bit: - [2010.04.27 03:25:22 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) DRV:64bit: - [2010.04.27 03:25:22 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl) DRV:64bit: - [2010.03.02 11:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.01.24 16:44:17 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.01.24 16:44:17 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009.10.06 10:53:56 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:64bit: - [2009.10.06 10:53:54 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009.09.23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.08.28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2006.11.18 13:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV - [2011.01.04 16:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.10.14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 09 37 0F 7C 6C CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http= ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.1.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.25 10:49:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.26 21:22:25 | 000,000,000 | ---D | M] [2010.05.29 15:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions [2010.05.29 15:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.03.06 22:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\ys8ja0id.default\extensions [2010.05.09 12:12:35 | 000,000,000 | ---D | M] (FaceMod Dislike Button) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\ys8ja0id.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7} [2011.02.01 17:54:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\ys8ja0id.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.06.08 10:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\conduit.xml [2011.03.06 10:51:16 | 000,000,950 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\icqplugin-1.xml [2010.06.26 13:25:46 | 000,000,950 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\icqplugin-2.xml [2010.06.30 22:36:55 | 000,000,950 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\icqplugin-3.xml [2010.07.22 17:15:08 | 000,000,950 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\icqplugin-4.xml [2010.07.25 08:51:06 | 000,000,950 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\icqplugin-5.xml [2010.09.15 20:33:38 | 000,000,950 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\icqplugin-6.xml [2010.09.28 20:32:59 | 000,000,950 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\icqplugin-7.xml [2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\icqplugin.xml [2011.03.06 22:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.01.26 21:22:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.26 21:22:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll [2006.09.26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.06.26 13:25:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.26 13:25:34 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.26 13:25:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.26 13:25:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.26 13:25:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [TrayServer] E:\Programme\Magix\Trayserver.exe (MAGIX AG) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - File not found O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003.08.28 15:53:21 | 000,000,067 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{541addcc-d86c-11de-a499-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{541addcc-d86c-11de-a499-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Starter.exe -- [2003.08.28 16:23:46 | 000,237,568 | R--- | M] (Spellbound Entertainment AG) O33 - MountPoints2\{a93bc078-e5cc-11de-8815-001b38583493}\Shell - "" = AutoRun O33 - MountPoints2\{a93bc078-e5cc-11de-8815-001b38583493}\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.03.07 21:37:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.03.07 21:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\ERUNT [2011.03.07 21:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2011.03.07 21:19:35 | 000,000,000 | ---D | C] -- C:\Users\Matze\Desktop\MFTools [2011.03.07 19:51:11 | 000,000,000 | ---D | C] -- C:\Users\Matze\Citrix [2011.03.03 23:22:19 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\.minecraft [2011.03.01 17:23:53 | 000,000,000 | ---D | C] -- C:\Temp [2011.03.01 17:16:30 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Samsung [2011.03.01 16:27:40 | 000,025,960 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\FsExService64.exe [2011.03.01 16:27:32 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll [2011.03.01 16:27:25 | 000,820,560 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2011.02.08 18:08:05 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript ========== Files - Modified Within 30 Days ========== [2011.03.07 21:38:27 | 000,019,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.07 21:38:27 | 000,019,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.07 21:36:46 | 000,001,068 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.03.07 21:36:39 | 000,000,888 | ---- | M] () -- C:\Users\Matze\Desktop\NTREGOPT.lnk [2011.03.07 21:36:39 | 000,000,869 | ---- | M] () -- C:\Users\Matze\Desktop\ERUNT.lnk [2011.03.07 21:34:35 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.03.07 21:30:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.07 21:30:50 | 3220,377,600 | -HS- | M] () -- C:\hiberfil.sys [2011.03.07 21:08:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.03.07 18:27:53 | 000,046,830 | ---- | M] () -- C:\Users\Matze\Desktop\frühlingsfest2011_beck.pdf [2011.03.05 22:35:56 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.03.05 22:35:56 | 000,698,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.03.05 22:35:56 | 000,652,284 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.03.05 22:35:56 | 000,148,366 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.03.05 22:35:56 | 000,121,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.03.03 23:22:45 | 000,001,290 | ---- | M] () -- C:\Users\Matze\Desktop\MinecraftSP.jar - Verknüpfung.lnk [2011.03.02 21:45:00 | 007,981,419 | ---- | M] () -- C:\Users\Matze\Desktop\frühlingsfest2011.rar [2011.03.01 23:25:51 | 000,001,941 | ---- | M] () -- C:\Users\Matze\Desktop\Samsung Kies.lnk [2011.02.22 20:11:08 | 000,269,421 | ---- | M] () -- C:\Users\Matze\Desktop\Minecraft.exe [2011.02.17 21:43:30 | 000,162,407 | ---- | M] () -- C:\Users\Matze\Desktop\Unbenannt.jpg [2011.02.12 16:27:00 | 000,988,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.02.08 17:59:17 | 059,225,167 | ---- | M] () -- C:\Users\Matze\Documents\MCGame_2011-02-08_17-59-04_Backup.mcgame ========== Files Created - No Company Name ========== [2011.03.07 21:36:46 | 000,001,068 | ---- | C] () -- C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.03.07 21:36:39 | 000,000,888 | ---- | C] () -- C:\Users\Matze\Desktop\NTREGOPT.lnk [2011.03.07 21:36:39 | 000,000,869 | ---- | C] () -- C:\Users\Matze\Desktop\ERUNT.lnk [2011.03.06 22:46:25 | 000,046,830 | ---- | C] () -- C:\Users\Matze\Desktop\frühlingsfest2011_beck.pdf [2011.03.03 23:22:45 | 000,001,290 | ---- | C] () -- C:\Users\Matze\Desktop\MinecraftSP.jar - Verknüpfung.lnk [2011.03.02 21:44:54 | 007,981,419 | ---- | C] () -- C:\Users\Matze\Desktop\frühlingsfest2011.rar [2011.03.01 23:25:51 | 000,001,941 | ---- | C] () -- C:\Users\Matze\Desktop\Samsung Kies.lnk [2011.02.22 20:11:11 | 000,269,421 | ---- | C] () -- C:\Users\Matze\Desktop\Minecraft.exe [2011.02.17 21:43:30 | 000,162,407 | ---- | C] () -- C:\Users\Matze\Desktop\Unbenannt.jpg [2011.02.08 17:59:06 | 059,225,167 | ---- | C] () -- C:\Users\Matze\Documents\MCGame_2011-02-08_17-59-04_Backup.mcgame [2011.01.04 16:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.01.04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.01.04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.01.04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.12.26 16:37:12 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2010.12.26 16:14:55 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2010.11.29 22:45:56 | 001,592,846 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.17 22:21:09 | 000,659,968 | ---- | C] () -- C:\Users\Matze\AppData\Local\syssvc.exe [2010.10.21 17:23:45 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.08.14 10:08:15 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll [2010.08.08 09:50:45 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.04.12 21:36:52 | 000,041,123 | ---- | C] () -- C:\Windows\SysWow64\uninstall.exe [2010.02.26 12:46:37 | 000,000,089 | ---- | C] () -- C:\Windows\PLX4017.DAT [2010.01.31 22:16:05 | 000,000,070 | ---- | C] () -- C:\Windows\cryavitowmv.ini [2010.01.31 22:15:01 | 000,000,005 | ---- | C] () -- C:\Windows\SysWow64\SySavitowmv.dat [2010.01.31 22:04:23 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.01.12 21:18:20 | 001,409,890 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll [2010.01.12 21:18:18 | 000,882,688 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.01.12 21:18:18 | 000,556,491 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll [2010.01.12 21:18:16 | 004,507,983 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll [2010.01.12 21:18:10 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll [2010.01.12 21:18:10 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll [2010.01.12 21:18:10 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll [2010.01.12 21:18:10 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll [2010.01.12 21:18:10 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll [2010.01.12 21:18:10 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll [2010.01.12 21:18:08 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll [2010.01.12 21:18:08 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll [2010.01.12 21:18:08 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll [2010.01.12 21:18:08 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll [2010.01.12 21:12:36 | 000,006,144 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.01.08 20:34:16 | 000,005,052 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik [2010.01.02 19:44:40 | 019,858,592 | ---- | C] () -- C:\Windows\Monopoly Deluxe 2009.exe [2010.01.01 01:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll [2010.01.01 01:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll [2009.12.10 21:54:22 | 000,003,385 | ---- | C] () -- C:\Windows\wininit.ini [2009.12.10 21:52:42 | 000,000,366 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.12.07 20:10:43 | 000,007,605 | ---- | C] () -- C:\Users\Matze\AppData\Local\Resmon.ResmonCfg [2009.11.28 21:04:59 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2009.11.24 21:16:58 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.11.14 19:37:08 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\ts.dll [2009.11.14 19:33:40 | 000,357,888 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe [2009.11.14 19:33:38 | 000,160,768 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll [2009.11.14 19:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll [2009.11.14 19:11:42 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll [2009.11.14 19:11:42 | 000,066,048 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll [2009.11.14 19:11:40 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll [2009.11.14 19:11:40 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\avi.dll [2009.11.14 19:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll [2009.11.14 19:11:36 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe [2009.11.14 19:11:36 | 000,083,456 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe [2009.11.14 19:11:32 | 000,045,568 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll [2009.11.14 19:11:32 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll [2009.08.11 21:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.01.10 23:15:44 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll [2008.12.03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2007.10.13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI ========== LOP Check ========== [2011.03.06 14:21:01 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\.minecraft [2010.12.26 16:43:22 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Atari [2010.04.28 20:14:36 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\CadSoft [2009.12.26 12:40:49 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DAEMON Tools [2010.12.17 17:52:35 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DAEMON Tools Lite [2009.12.10 21:49:27 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DAEMON Tools Pro [2010.08.11 06:56:43 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\FreeMoviesToDVD [2011.03.06 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\ICQ [2010.07.23 17:59:06 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\LucasArts [2010.08.08 10:14:38 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\MAGIX [2010.08.05 17:18:58 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Mp3tag [2010.12.11 11:47:54 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Nokia [2010.04.04 10:25:06 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\PC Suite [2010.08.26 18:42:01 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\PMS [2009.11.29 16:23:56 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Red Alert 3 [2010.12.22 13:02:14 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\RedDotGames [2010.12.30 18:52:01 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Samsung [2010.05.29 15:00:35 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TomTom [2009.11.27 18:57:34 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TuneUp Software [2010.09.28 19:30:29 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\UDC Profiles [2009.11.28 21:05:00 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Win7codecs [2010.09.28 19:19:42 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\WordToPDF [2011.02.06 19:06:19 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\XnView [2010.01.02 18:22:01 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Zylom [2009.07.14 06:08:49 | 000,026,082 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.02.01 19:25:58 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.04.11 20:53:55 | 000,000,000 | ---D | M] -- C:\AllDupBackup [2011.01.25 23:23:32 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.11.23 21:26:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.11.17 23:08:21 | 000,000,000 | ---D | M] -- C:\ICQ6.5 [2010.01.08 20:35:58 | 000,000,000 | ---D | M] -- C:\Need4Video files [2010.02.09 20:33:40 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2010.05.03 19:09:28 | 000,000,000 | R--D | M] -- C:\Programme [2011.03.07 21:36:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2011.01.26 21:22:58 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.11.23 21:26:30 | 000,000,000 | -HSD | M] -- C:\Programme [2009.11.23 21:26:31 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.03.07 21:55:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.03.01 17:23:53 | 000,000,000 | ---D | M] -- C:\Temp [2009.11.23 21:26:42 | 000,000,000 | R--D | M] -- C:\Users [2010.01.31 21:57:38 | 000,000,000 | ---D | M] -- C:\VideoOutput [2011.03.07 21:37:13 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > [2010.11.17 22:21:09 | 000,659,968 | ---- | M] () -- C:\Users\Matze\AppData\Local\syssvc.exe < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.03.2011 21:38:42 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Matze\Desktop\MFTools 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 69,77 Gb Total Space | 15,90 Gb Free Space | 22,79% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 112,77 Gb Free Space | 75,66% Space Free | Partition Type: NTFS Drive E: | 69,52 Gb Total Space | 9,61 Gb Free Space | 13,82% Space Free | Partition Type: NTFS Drive F: | 625,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MATZE-PC | User Name: Matze | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2) "8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Win7x64 Components_is1" = Win7x64 Components v1.2.3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0536BCDF-7EF6-48F6-8765-A3C065A065A5}" = Microsoft Expression Blend SDK for .NET 4 "{109D28DA-E555-4896-BF22-E312F764562C}_is1" = Lowrider Simulator "{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23 "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3 "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav "{555FCEF2-0541-418D-BB9A-2DA9C72FACBD}" = Microsoft Expression Encoder 4 Pro "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1) "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3 "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8FD0F94D-4594-48A0-BE99-5265367603D8}" = Microsoft Expression Design 4 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 "{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{a958c2b3-ee3b-4770-b619-34d7769397cd}" = Nero 9 "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch "{B006B9E9-41DD-4479-9177-3743A53B7735}" = Microsoft Expression Blend 3 SDK "{B0682940-6FFB-4850-80BA-B2FEF0D64BA8}" = Microsoft Expression Blend SDK for Silverlight 4 "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B4F08198-5C84-4CDE-AE58-65506600C130}" = WinFunktion Mathematik plus 18 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C270BC04-1540-4673-960F-A546B2C860CD}" = Commandos 3 - Destination Berlin "{C3F6EF04-8292-482D-9A2B-47CF5758C8FC}" = Microsoft Expression Studio 4 "{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth "{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA "{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE "{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F21D2032-60FE-4729-9C87-46F1615FB965}" = Microsoft Expression Encoder 4 Screen Capture Codec "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F7800FC1-6948-4D64-A9BC-3EEDDA408D25}" = Microsoft Expression Blend 4 "{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Airline Tycoon - Deluxe" = Airline Tycoon - Deluxe "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "Blend_4.0.20621.0" = Microsoft Expression Blend 4 "Caesar 3" = Caesar 3 "Cheat Engine 5.4_is1" = Cheat Engine 5.4 "Design_7.0.20516.0" = Microsoft Expression Design 4 "Dr. House" = Dr. House "eMule" = eMule "Encoder_4.0.1651.0" = Microsoft Expression Encoder 4 Pro "ERUNT_is1" = ERUNT 1.1j "ExpressionStudio_4.0.20705.0" = Microsoft Expression Studio 4 "FFdshow_is1" = FFdshow [2006-08-21 | rev 2546] "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition (D) "FreePDF_XP" = FreePDF (Remove only) "GPL Ghostscript 9.00" = GPL Ghostscript 9.00 "HaaliMkx" = Haali Media Splitter "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "JDownloader" = JDownloader "Liberty Praxis" = Liberty Praxis "LogMeIn Hamachi" = LogMeIn Hamachi "MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 (D) "MAGIX Goya burnR D" = MAGIX Goya burnR (D) "MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service (D) "MAGIX Video deluxe 2007 2008 D" = MAGIX Video deluxe 2007 2008 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Media Player - Codec Pack" = Media Player Codec Pack 3.9.2 "Microsoft DirectX SDK (August 2009)" = Microsoft DirectX SDK (August 2009) "MKV Player_is1" = MKV Player 1.0 "Monopoly Star Wars" = Monopoly Star Wars "Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9) "Mp3tag" = Mp3tag v2.46a "MyFreeCodec" = MyFreeCodec "Nokia PC Suite" = Nokia PC Suite "OilTycoon2" = Oil Tycoon 2 "ProfiLab-Expert_40_is1" = ProfiLab-Expert 4.0 "Sierra-Dienstprogramme" = Sierra-Dienstprogramme "SystemRequirementsLab" = System Requirements Lab "The KMPlayer" = The KMPlayer (remove only) "TomTom HOME" = TomTom HOME "TuneUp Utilities" = TuneUp Utilities "Web_4.0.1166.0" = Microsoft Expression Web 4 "Winamp" = Winamp "XnView_is1" = XnView 1.97.4 "Youda Camper" = Youda Camper ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "MyFreeCodec" = MyFreeCodec "Winamp Detect" = Winamp Anwendungserkennung ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Ist der bzw die Trojaner weg? Ich hoffe Ihr könnt mir helfen. |
![]() | #2 |
/// Selecta Jahrusso ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Facebook Virus! C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Anno1404_Crack.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
__________________http://www.trojaner-board.de/95393-c...-software.html Dateien, die crack.exe, keygen.exe oder patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zum Neu aufsetzten
__________________ |
![]() |
Themen zu Facebook Virus! |
0x00000001, adblock, antivir, autorun, avg, avgntflt.sys, avira, c:\windows\system32\rundll32.exe, desktop, error, firefox, flash player, format, google, home, intranet, jdownloader, langs, location, logfile, mozilla, mp3, object, oldtimer, plug-in, programdata, realtek, registry, rundll, saver, scan, searchplugins, security, shell32.dll, shortcut, software, sptd.sys, start menu, studio, syswow64, trojaner, usb, virus, visual studio, webcheck, windows xp |