![]() |
Log-Analyse und Auswertung: ISUSPM.exe-Ungültiges Bild - Trojaner?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 |
| ![]() ISUSPM.exe-Ungültiges Bild - Trojaner? Hi, ich musste leider Vista dank eines Trojaners neu aufspielen. Als ich grad dabei war, wieder ein paar Programme zu installieren, ist der PC leider abgeschmiert. Nach dem Neustart, kam dann folgende Fehlermeldung: ![]() Da ich gelesen habe, dass es schon wieder ein Trojaner sein könnte habe ich gehofft das ihr mir helfen könnt. Ich hoffe mal das "nur" etwas beschädigt wurde und es nicht wieder ein Schädling ist. Habe das mit HijackThis zu spät gelesen, andere Logfiles folgen! Sorry für den Doppelpost! Hier die Logfiles OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.04.2011 15:09:58 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Admin\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 270,66 Gb Total Space | 236,58 Gb Free Space | 87,41% Space Free | Partition Type: NTFS Drive S: | 27,30 Gb Total Space | 17,52 Gb Free Space | 64,19% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.01 15:01:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2011.03.31 21:39:35 | 003,318,784 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2011.03.31 21:39:33 | 002,557,440 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe PRC - [2011.03.18 19:56:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2008.07.11 19:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe ========== Modules (SafeList) ========== MOD - [2011.04.01 15:01:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010.05.04 21:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msshsq.dll MOD - [2008.01.21 04:51:11 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2010.11.11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2008.12.01 22:45:16 | 000,932,864 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2011.03.31 21:39:34 | 000,948,775 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.07.11 19:00:06 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.10.24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2010.07.07 11:26:46 | 000,050,696 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\stflt.sys -- (sp_rsdrv2) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.12.02 00:15:02 | 005,000,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2008.04.21 08:16:18 | 000,050,688 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) DRV:64bit: - [2008.04.21 08:16:18 | 000,050,688 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) DRV:64bit: - [2008.02.14 08:56:14 | 000,160,768 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008.01.19 00:10:30 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr) DRV:64bit: - [2007.12.11 04:49:54 | 000,026,624 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys -- (RtNdPt60) DRV:64bit: - [2007.12.03 04:20:54 | 000,024,064 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.0) DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) DRV - [2011.04.01 15:03:58 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2011.03.31 18:51:47 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.konsolengrill.de/forum/index.php" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\firefox\ [2011.03.31 21:44:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.31 19:26:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.31 17:40:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2011.03.31 22:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tsrge8x5.default\extensions [2011.03.31 22:51:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tsrge8x5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.03.31 20:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.03.31 20:16:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TSRGE8X5.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TSRGE8X5.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI [2011.03.31 16:32:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com) O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ISUSPM Startup] File not found O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18:64bit: - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{fa39534a-5b31-11e0-b13d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{fa39534a-5b31-11e0-b13d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpReg: EasyTuneVI - hkey= - key= - C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe () MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.04.01 15:08:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.01 15:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.01 15:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2011.04.01 15:00:54 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Admin\Desktop\Erunt-setup.exe [2011.04.01 15:00:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.04.01 15:00:54 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\TFC.exe [2011.04.01 00:37:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\.thumbnails [2011.04.01 00:36:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\gegl-0.0 [2011.04.01 00:36:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\.gimp-2.6 [2011.03.31 23:21:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.03.31 23:21:35 | 000,000,000 | ---D | C] -- C:\PS3ThemeCreator [2011.03.31 22:51:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Google [2011.03.31 22:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011.03.31 22:41:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia [2011.03.31 22:41:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2011.03.31 22:29:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\FUSSBALL MANAGER 11 [2011.03.31 22:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2011.03.31 21:50:47 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.03.31 21:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar [2011.03.31 21:44:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler [2011.03.31 21:39:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Spyware Terminator [2011.03.31 21:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator [2011.03.31 21:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2011.03.31 21:39:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2011.03.31 20:47:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\WinRAR [2011.03.31 20:47:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.03.31 20:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.03.31 20:47:47 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR [2011.03.31 20:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP [2011.03.31 20:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0 [2011.03.31 20:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView [2011.03.31 20:43:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\IrfanView [2011.03.31 20:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView [2011.03.31 20:29:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Sachen [2011.03.31 20:28:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2011.03.31 20:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.03.31 20:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2011.03.31 20:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011.03.31 20:19:18 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3 [2011.03.31 20:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2011.03.31 20:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.03.31 20:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.03.31 20:16:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2011.03.31 19:27:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer [2011.03.31 19:27:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple Computer [2011.03.31 19:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.03.31 19:27:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2011.03.31 19:27:03 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.03.31 19:27:02 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.03.31 19:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.03.31 19:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2011.03.31 19:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.03.31 19:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2011.03.31 19:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011.03.31 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple [2011.03.31 19:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011.03.31 19:24:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple [2011.03.31 19:24:08 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.03.31 19:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011.03.31 19:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011.03.31 19:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011.03.31 18:52:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\AdobeUM [2011.03.31 18:52:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Adobe [2011.03.31 18:52:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\My eBooks [2011.03.31 18:52:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe [2011.03.31 18:46:58 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices [2011.03.31 18:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices [2011.03.31 18:46:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2011.03.31 18:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.03.31 18:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2011.03.31 18:32:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Secunia PSI [2011.03.31 18:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2011.03.31 18:09:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2011.03.31 18:09:02 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client [2011.03.31 17:39:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla [2011.03.31 17:39:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mozilla [2011.03.31 17:39:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Symantec [2011.03.31 17:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2011.03.31 17:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2011.03.31 17:18:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN [2011.03.31 17:18:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES [2011.03.31 17:18:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES [2011.03.31 17:18:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES [2011.03.31 17:18:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES [2011.03.31 17:18:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN [2011.03.31 17:09:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2011.03.31 06:21:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Programme [2011.03.31 06:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2011.03.31 05:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011.03.31 05:26:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell [2011.03.31 05:26:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell [2011.03.31 04:15:06 | 000,069,120 | R--- | C] (AVM Berlin) -- C:\Windows\SysWow64\avmadd32.dll [2011.03.31 04:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box [2011.03.31 04:15:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FRITZ!Box [2011.03.31 04:10:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ATI [2011.03.31 04:10:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\ATI [2011.03.31 04:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.03.31 04:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.03.31 04:07:06 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies [2011.03.31 04:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2011.03.31 04:05:16 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies [2011.03.31 04:05:13 | 000,000,000 | ---D | C] -- C:\Programme\ATI [2011.03.31 04:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2011.03.31 04:01:50 | 000,050,688 | R--- | C] (Realtek Corporation) -- C:\Windows\SysNative\drivers\RtTeam60.sys [2011.03.31 04:01:27 | 000,024,064 | R--- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\RtVlan60.sys [2011.03.31 04:01:08 | 000,026,624 | R--- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\RtNdPt60.sys [2011.03.31 04:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek [2011.03.31 03:59:30 | 000,000,000 | ---D | C] -- C:\Windows\Cache [2011.03.31 03:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2011.03.31 03:57:35 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2011.03.31 03:57:19 | 000,000,000 | -HSD | C] -- C:\Boot [2011.03.31 03:46:21 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2011.03.31 03:46:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2011.03.31 03:46:15 | 000,000,000 | ---D | C] -- C:\Intel [2011.03.31 03:46:00 | 000,146,528 | ---- | C] (DeviceVM Inc.) -- C:\Windows\SysWow64\dvmurl.dll [2011.03.31 03:45:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browser Configuration Utility [2011.03.31 03:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE [2011.03.31 03:45:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE [2011.03.31 03:44:57 | 000,160,768 | ---- | C] (Realtek Corporation ) -- C:\Windows\SysNative\drivers\Rtlh64.sys [2011.03.31 03:44:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\InstallShield [2011.03.31 03:44:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2011.03.31 03:44:00 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2011.03.31 03:44:00 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2011.03.31 03:44:00 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2011.03.31 03:44:00 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2011.03.31 03:43:56 | 006,453,760 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RAVCpl64.exe [2011.03.31 03:43:56 | 000,245,248 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2011.03.31 03:43:56 | 000,160,768 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll [2011.03.31 03:43:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2011.03.31 03:43:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2011.03.31 03:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2011.03.31 03:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows OPK [2011.03.31 03:37:27 | 000,000,000 | ---D | C] -- C:\Programme\Windows Imaging [2011.03.31 03:36:14 | 000,000,000 | ---D | C] -- C:\Programme\Windows OPK [2011.03.31 03:35:44 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011.03.31 03:13:28 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.03.31 03:13:28 | 000,000,000 | R--D | C] -- C:\Users\Admin\Searches [2011.03.31 03:13:28 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.03.31 03:13:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Identities [2011.03.31 03:13:18 | 000,000,000 | R--D | C] -- C:\Users\Admin\Contacts [2011.03.31 03:13:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\VirtualStore [2011.03.31 03:13:14 | 000,000,000 | --SD | C] -- C:\Users\Admin\AppData\Roaming\Microsoft [2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Videos [2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Saved Games [2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Pictures [2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Music [2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Links [2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Favorites [2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Downloads [2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Documents [2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Desktop [2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Vorlagen [2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Verlauf [2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Temporary Internet Files [2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Startmenü [2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo [2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent [2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Netzwerkumgebung [2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Lokale Einstellungen [2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Videos [2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Musik [2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Eigene Dateien [2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Bilder [2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Druckumgebung [2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies [2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Anwendungsdaten [2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Anwendungsdaten [2011.03.31 03:13:14 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData [2011.03.31 03:13:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Temp [2011.03.31 03:13:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft [2011.03.31 03:13:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Center Programs [2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\Programme [2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2011.03.31 03:09:20 | 000,000,000 | ---D | C] -- C:\Windows\Debug [2011.03.31 03:03:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011.03.31 02:58:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011.03.31 02:58:28 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2011.04.01 15:09:41 | 001,451,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.01 15:09:41 | 000,630,604 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.01 15:09:41 | 000,597,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.01 15:09:41 | 000,127,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.01 15:09:41 | 000,104,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.01 15:07:36 | 000,000,763 | ---- | M] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk [2011.04.01 15:07:35 | 000,000,744 | ---- | M] () -- C:\Users\Admin\Desktop\ERUNT.lnk [2011.04.01 15:03:50 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.01 15:03:50 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.01 15:03:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.01 15:01:05 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Admin\Desktop\Erunt-setup.exe [2011.04.01 15:01:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.04.01 15:01:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\TFC.exe [2011.04.01 00:37:47 | 000,031,352 | ---- | M] () -- C:\Users\Admin\Desktop\Unbenannt.jpg [2011.04.01 00:37:47 | 000,000,838 | ---- | M] () -- C:\Users\Admin\.recently-used.xbel [2011.03.31 23:47:19 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml [2011.03.31 23:47:19 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml [2011.03.31 21:53:02 | 000,255,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.03.31 19:30:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.03.31 18:51:47 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys [2011.03.31 18:10:23 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif [2011.03.31 18:10:02 | 001,474,912 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.31 17:39:52 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2011.03.31 17:26:52 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini [2011.03.31 06:21:39 | 000,000,104 | ---- | M] () -- C:\Users\Admin\Desktop\Computer.lnk [2011.03.31 05:33:28 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.03.31 04:08:58 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2011.03.31 03:57:20 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2011.03.31 03:53:35 | 000,000,732 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps64.dat [2011.03.31 03:04:47 | 000,060,826 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2011.03.30 13:06:09 | 093,901,005 | ---- | M] () -- C:\Users\Admin\Desktop\quicksave 09.ea [2011.03.30 04:28:41 | 094,047,076 | ---- | M] () -- C:\Users\Admin\Desktop\kevin-sascha.ea [2011.03.13 13:40:23 | 000,005,701 | ---- | M] () -- C:\Users\Admin\Desktop\Anleitung.html ========== Files Created - No Company Name ========== [2011.04.01 15:07:36 | 000,000,763 | ---- | C] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk [2011.04.01 15:07:35 | 000,000,744 | ---- | C] () -- C:\Users\Admin\Desktop\ERUNT.lnk [2011.04.01 00:37:47 | 000,000,838 | ---- | C] () -- C:\Users\Admin\.recently-used.xbel [2011.04.01 00:36:01 | 000,031,352 | ---- | C] () -- C:\Users\Admin\Desktop\Unbenannt.jpg [2011.03.31 23:46:57 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml [2011.03.31 23:46:57 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml [2011.03.31 20:25:59 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.03.31 19:30:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.03.31 19:25:48 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011.03.31 18:10:23 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif [2011.03.31 18:10:02 | 001,474,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.31 18:09:29 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011.03.31 17:39:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.03.31 17:08:27 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll [2011.03.31 17:08:27 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2011.03.31 17:08:21 | 000,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2011.03.31 17:08:10 | 000,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf [2011.03.31 17:08:09 | 000,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf [2011.03.31 17:08:08 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2011.03.31 17:08:08 | 000,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin [2011.03.31 17:08:06 | 000,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf [2011.03.31 17:07:56 | 000,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF [2011.03.31 17:07:55 | 000,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs [2011.03.31 17:07:55 | 000,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs [2011.03.31 17:07:53 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2011.03.31 17:07:45 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man [2011.03.31 17:07:45 | 000,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man [2011.03.31 17:07:41 | 000,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml [2011.03.31 17:07:41 | 000,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml [2011.03.31 17:07:39 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\RacUREx.xml [2011.03.31 17:07:39 | 000,000,153 | ---- | C] () -- C:\Windows\SysNative\RacUREx.xml [2011.03.31 06:21:39 | 000,000,104 | ---- | C] () -- C:\Users\Admin\Desktop\Computer.lnk [2011.03.31 05:55:26 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2011.03.31 05:55:26 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin [2011.03.31 05:55:25 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex [2011.03.31 05:55:25 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex [2011.03.31 05:44:08 | 000,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011.03.31 05:44:08 | 000,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011.03.31 05:33:28 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.03.31 05:33:28 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.03.31 05:01:36 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2011.03.31 05:01:36 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs [2011.03.31 05:01:36 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2011.03.31 05:01:36 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml [2011.03.31 05:01:36 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl [2011.03.31 05:01:36 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl [2011.03.31 04:38:50 | 002,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf [2011.03.31 04:10:25 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2011.03.31 04:08:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.31 04:06:37 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat [2011.03.31 04:06:37 | 003,107,788 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.dat [2011.03.31 04:06:37 | 000,655,825 | ---- | C] () -- C:\Windows\SysNative\drivers\ativcaxx.cpa [2011.03.31 04:06:37 | 000,019,392 | ---- | C] () -- C:\Windows\SysNative\drivers\ativvpxx.vp [2011.03.31 04:06:37 | 000,015,079 | ---- | C] () -- C:\Windows\atiogl.xml [2011.03.31 04:06:37 | 000,002,096 | ---- | C] () -- C:\Windows\SysNative\drivers\ativpkxx.vp [2011.03.31 04:06:37 | 000,002,096 | ---- | C] () -- C:\Windows\SysNative\drivers\ativokxx.vp [2011.03.31 04:06:37 | 000,002,096 | ---- | C] () -- C:\Windows\SysNative\drivers\ativdkxx.vp [2011.03.31 04:06:37 | 000,000,929 | ---- | C] () -- C:\Windows\SysNative\drivers\ativcaxx.vp [2011.03.31 03:57:20 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK [2011.03.31 03:57:19 | 000,333,257 | RHS- | C] () -- C:\bootmgr [2011.03.31 03:44:36 | 000,000,553 | R--- | C] () -- C:\Windows\USetup.iss [2011.03.31 03:43:59 | 000,666,112 | ---- | C] () -- C:\Windows\SysNative\RTCOM64.dll [2011.03.31 03:42:59 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.03.31 03:13:33 | 000,000,949 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011.03.31 03:13:30 | 000,000,979 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.03.31 03:13:28 | 000,000,974 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2011.03.31 03:13:18 | 000,000,915 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2011.03.31 03:13:15 | 000,000,732 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps64.dat [2011.03.31 03:04:27 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk [2011.03.30 13:06:09 | 093,901,005 | ---- | C] () -- C:\Users\Admin\Desktop\quicksave 09.ea [2011.03.30 04:28:41 | 094,047,076 | ---- | C] () -- C:\Users\Admin\Desktop\kevin-sascha.ea [2011.03.13 13:41:14 | 000,005,701 | ---- | C] () -- C:\Users\Admin\Desktop\Anleitung.html [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2011.03.31 20:43:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView [2011.03.31 20:28:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2011.03.31 21:40:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Spyware Terminator [2011.04.01 15:02:13 | 000,011,170 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.03.31 21:55:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.03.31 17:23:46 | 000,000,000 | -HSD | M] -- C:\Boot [2011.03.31 23:21:41 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.03.31 03:09:53 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.03.31 03:46:15 | 000,000,000 | ---D | M] -- C:\Intel [2008.01.21 05:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.03.31 20:47:47 | 000,000,000 | R--D | M] -- C:\Programme [2011.04.01 15:07:34 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.03.31 22:51:37 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.03.31 03:09:53 | 000,000,000 | -HSD | M] -- C:\Programme [2011.03.31 23:21:39 | 000,000,000 | ---D | M] -- C:\PS3ThemeCreator [2011.04.01 15:10:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.03.31 21:53:42 | 000,000,000 | R--D | M] -- C:\Users [2011.04.01 15:08:44 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008.01.21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.04.2011 15:09:58 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Admin\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 270,66 Gb Total Space | 236,58 Gb Free Space | 87,41% Space Free | Partition Type: NTFS Drive S: | 27,30 Gb Total Space | 17,52 Gb Free Space | 64,19% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 55 63 68 A6 B7 EF CB 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1EBFA7B4-B4DD-4460-86FE-CADC9F0DBBAA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{687F38B7-D01E-489D-93EC-F557B7C28443}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{74A2C3CA-BA5B-4A11-A971-81CDF45C13BB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{07086891-F1CB-49BF-BF0D-211ECD39DC32}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{E2EFF8CD-D2C2-47DC-8105-A49770A72798}C:\users\alle\appdata\roaming\icq\application\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\users\alle\appdata\roaming\icq\application\icq7.4\icq.exe | "TCP Query User{F992588D-EBA9-408D-AF59-5B6627B1F2F1}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | "UDP Query User{236F4216-74DF-4D4A-A524-263D135D99B2}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | "UDP Query User{2DC9B57F-08DA-4EB8-8393-52FB83F10C8F}C:\users\alle\appdata\roaming\icq\application\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\users\alle\appdata\roaming\icq\application\icq7.4\icq.exe | "UDP Query User{4FEE5F8B-DB43-4CC8-AB7B-BE1F97A2BED6}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{266CCC48-9AA1-404E-A1CB-558E8CC46F69}" = Windows OEM Preinstallation Kit "{2805B86E-A87B-3C28-F177-83F797AEA53F}" = ccc-utility64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support "{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour "{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client "{ECB23A16-9586-D6AD-64B2-6CDCC275D8D5}" = ATI Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "WinRAR archiver" = WinRAR 4.00 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1102B81E-73F2-339C-E299-C48D7CA32441}" = Catalyst Control Center Graphics Full Existing "{14CF71FD-281E-91AD-941C-BFAA649C1E12}" = CCC Help German "{15422767-809D-8D9C-140D-99B39C9683DA}" = Catalyst Control Center Graphics Full New "{186DB7E2-1C55-0715-12E1-7FC473D30A4C}" = Catalyst Control Center Graphics Previews Common "{1DE0F8B5-763F-395F-56F3-98F8D9E0492D}" = HydraVision "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{3A1BBC38-2602-B555-24D3-942F01D8DC39}" = CCC Help English "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.0708.2 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.0515.1 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{6419FBF5-2DB7-FF43-EE67-5448F868D080}" = Catalyst Control Center Core Implementation "{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0711.1 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9FA7B446-0DE0-C883-9DB4-AC9A35D60735}" = Catalyst Control Center HydraVision Full "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch "{ACB91656-A3D1-4E5F-82F0-D3E5200F1D06}" = Skins "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.01 "{C3F7C6EB-B6AD-CE5E-46BD-E6DE8EBB6E5A}" = Catalyst Control Center Graphics Previews Vista "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C8E9FBF9-6CBE-AE9B-C8AB-2C8F5E32140C}" = ccc-core-static "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{DDACB061-0C85-8A15-45C9-28415476762B}" = Catalyst Control Center Graphics Light "{E182BF0C-B1C9-655A-0F65-1E511E8687AD}" = Catalyst Control Center Localization German "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FC5A7E9B-2CAC-6261-7F34-817C6547ABF3}" = Catalyst Control Center InstallProxy "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AVMFBox" = AVM FRITZ!Box Dokumentation "CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard "ERUNT_is1" = ERUNT 1.1j "FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11 "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.0708.2 "InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.0515.1 "IrfanView" = IrfanView (remove only) "Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de) "Spyware Terminator_is1" = Spyware Terminator "WinGimp-2.0_is1" = GIMP 2.6.11 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 31.03.2011 16:30:09 | Computer Name = Home-PC | Source = System Restore | ID = 8193 Description = Error - 31.03.2011 16:32:14 | Computer Name = Home-PC | Source = EventSystem | ID = 4621 Description = Error - 31.03.2011 16:50:01 | Computer Name = Home-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung GSvr.exe, Version, Zeitstempel 0x48773c29, fehlerhaftes Modul GSvr.exe, Version, Zeitstempel 0x48773c29, Ausnahmecode 0xc0000005, Fehleroffset 0x000025e5, Prozess-ID 0x4f4, Anwendungsstartzeit 01cbefdd5323d3f0. Error - 31.03.2011 17:32:46 | Computer Name = Home-PC | Source = WinMgmt | ID = 10 Description = Error - 31.03.2011 17:43:28 | Computer Name = Home-PC | Source = WinMgmt | ID = 10 Description = Error - 31.03.2011 17:47:21 | Computer Name = Home-PC | Source = EventSystem | ID = 4621 Description = Error - 31.03.2011 18:13:45 | Computer Name = Home-PC | Source = WinMgmt | ID = 10 Description = Error - 01.04.2011 08:55:08 | Computer Name = Home-PC | Source = WinMgmt | ID = 10 Description = Error - 01.04.2011 09:02:09 | Computer Name = Home-PC | Source = EventSystem | ID = 4621 Description = Error - 01.04.2011 09:04:57 | Computer Name = Home-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 30.03.2011 23:17:01 | Computer Name = Home-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 30.03.2011 23:22:32 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7034 Description = Error - 30.03.2011 23:29:02 | Computer Name = Home-PC | Source = HTTP | ID = 15016 Description = Error - 31.03.2011 00:01:39 | Computer Name = Home-PC | Source = HTTP | ID = 15016 Description = Error - 31.03.2011 00:19:43 | Computer Name = Home-PC | Source = HTTP | ID = 15016 Description = Error - 31.03.2011 10:13:49 | Computer Name = Home-PC | Source = HTTP | ID = 15016 Description = Error - 31.03.2011 10:18:19 | Computer Name = Home-PC | Source = DCOM | ID = 10010 Description = Error - 31.03.2011 10:45:51 | Computer Name = Home-PC | Source = HTTP | ID = 15016 Description = Error - 31.03.2011 12:10:30 | Computer Name = Home-PC | Source = Microsoft Antimalware | ID = 2001 Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion: Vorherige Signaturversion: Aktualisierungsquelle: %%859 Aktualisierungsstufe: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: Fehlercode: 0x8024001e Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". < End of report > |
![]() | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() ISUSPM.exe-Ungültiges Bild - Trojaner? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ |
![]() |
Themen zu ISUSPM.exe-Ungültiges Bild - Trojaner? |
64-bit, adobe, bho, c:\windows\system32\rundll32.exe, explorer, fehlermeldung, firefox, hijack, hijackthis, install.exe, internet, internet explorer, intranet, location, lsass.exe, media center, micro, microsoft, microsoft security, mozilla, neu, neustart, oldtimer, plug-in, problembehandlung, programme, rundll, schädling, searchplugins, shell32.dll, shortcut, software, spyware, spyware terminator, start menu, syswow64, trojaner, trojaner?, vista, windows, wlan., wmp |