| |
| |||||||
Log-Analyse und Auswertung: trojaner eingefangen , malware auswertung :)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.04.2011, 10:00
| #1 |
 |  trojaner eingefangen , malware auswertung :) Heyy ich glaub hab mir wieder ein trojaner eingefangen, ist dass sicher ein trojaner oder was :S könnt ihr mir tipps zum bereinigen geben :S lg hier die malware auswertung Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6346 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 15.04.2011 10:58:08 mbam-log-2011-04-15 (10-57-38).txt Art des Suchlaufs: Vollständiger Suchlauf (D:\|) Durchsuchte Objekte: 224802 Laufzeit: 22 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: d:\programme\frilo\frilo.aktuell\deu\flgrfcolorext104_deu.scr (Trojan.Dropper) -> No action taken. und hier die HijackThis auswertung: logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:58:03, on 15.04.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16722) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE D:\Programme\TUNEUputilies\TuneUpUtilitiesApp32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe D:\Programme\Nero\Nero BackItUp\NBAgent.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe D:\Programme\hotspot shield\bin\openvpntray.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Opera\opera.exe C:\Users\Charlie\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [NBAgent] "D:\Programme\Nero\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - D:\Programme\hotspot shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - D:\Programme\hotspot shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - D:\Programme\hotspot shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - D:\Programme\hotspot shield\bin\hsswd.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: @D:\Programme\TUNEUputilies\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - D:\Programme\TUNEUputilies\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Programme\TUNEUputilies\TuneUpUtilitiesService32.exe -- End of file - 8340 bytes |
|
15.04.2011, 10:08
| #2 |
| /// Malware-holic   | trojaner eingefangen , malware auswertung :) das sieht nach fehlalarm aus, kennst du das programm?
__________________frilo
__________________ |
|
15.04.2011, 10:10
| #3 |
| | trojaner eingefangen , malware auswertung :) wieso denn nach fehlalarm,wie erkenns du das, ja kenne es schon... aber mein pc ist letztens auch etwas langsam...
__________________aber das problem kam nicht sofort nach der instalation, also das problem dass der pc langsam ist?? |
|
15.04.2011, 10:17
| #4 |
| /// Malware-holic | trojaner eingefangen , malware auswertung :) naja dies ist ein legitimes programm, wir können ja noch folgendes machen: VirusTotal - Free Online Virus, Malware and URL Scanner d:\programme\frilo\frilo.aktuell\deu\flgrfcolorext104_deu.scr prüfen, ergebnisslink posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.04.2011, 10:27
| #5 |
| | trojaner eingefangen , malware auswertung :) das kam dabei raus also nichts negatives, wenn ich das jetzt richtig gemacht habe Antivirus Version Last Update Result AhnLab-V3 2011.03.06.02 2011.03.06 - AntiVir 7.11.4.84 2011.03.06 - Antiy-AVL 2.0.3.7 2011.03.06 - Avast 4.8.1351.0 2011.02.23 - Avast5 5.0.677.0 2011.03.06 - AVG 10.0.0.1190 2011.03.06 - BitDefender 7.2 2011.03.06 - CAT-QuickHeal 11.00 2011.03.06 - ClamAV 0.96.4.0 2011.03.05 - Commtouch 5.2.11.5 2011.03.05 - Comodo 7894 2011.03.06 - DrWeb 5.0.2.03300 2011.03.06 - Emsisoft 5.1.0.2 2011.03.06 - eSafe 7.0.17.0 2011.03.06 - eTrust-Vet 36.1.8198 2011.03.04 - F-Prot 4.6.2.117 2011.03.05 - F-Secure 9.0.16440.0 2011.03.06 - Fortinet 4.2.254.0 2011.03.06 - GData 21 2011.03.06 - Ikarus T3.1.1.97.0 2011.03.06 - Jiangmin 13.0.900 2011.03.06 - K7AntiVirus 9.92.4032 2011.03.05 - Kaspersky 7.0.0.125 2011.03.06 - McAfee 5.400.0.1158 2011.03.06 - McAfee-GW-Edition 2010.1C 2011.03.06 - Microsoft 1.6603 2011.03.06 - NOD32 5931 2011.03.06 - Norman 6.07.03 2011.03.06 - nProtect 2011-02-10.01 2011.02.15 - Panda 10.0.3.5 2011.03.06 - PCTools 7.0.3.5 2011.03.06 - Prevx 3.0 2011.03.06 - Rising 23.47.06.03 2011.03.06 - Sophos 4.63.0 2011.03.06 - SUPERAntiSpyware 4.40.0.1006 2011.03.06 - Symantec 20101.3.0.103 2011.03.06 - TheHacker 6.7.0.1.145 2011.03.06 - TrendMicro 9.200.0.1012 2011.03.06 - TrendMicro-HouseCall 9.200.0.1012 2011.03.06 - VBA32 3.12.14.3 2011.03.04 - VIPRE 8619 2011.03.06 - ViRobot 2011.3.6.4343 2011.03.06 - VirusBuster 13.6.237.0 2011.03.06 - Additional information Show all MD5 : 4164dde60d6103cf210beb56fa3120d4 SHA1 : 85a09e8f09f18c25ccc7a93d229a0819d29596d1 SHA256: e9085934b9cc472e3442c931062b5221bedec444b3cce1019a067189f1af2edb |
|
15.04.2011, 10:40
| #6 |
| /// Malware-holic | trojaner eingefangen , malware auswertung :) was ist an dem pc genau langsam?
__________________ --> trojaner eingefangen , malware auswertung :) |
|
15.04.2011, 10:41
| #7 |
| | trojaner eingefangen , malware auswertung :) eigenltich das internet, kann natürlich auch an der verbindung liegen, aber vor einer woche oder so gings noch wunderbar.. danke für die mühe  |
|
15.04.2011, 11:24
| #8 |
| /// Malware-holic | trojaner eingefangen , malware auswertung :) schaun wir ma Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.04.2011, 11:52
| #9 |
| | trojaner eingefangen , malware auswertung :) olt.txt:OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 15.04.2011 12:33:58 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Charlie\Documents An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 185,76 Gb Free Space | 79,77% Space Free | Partition Type: NTFS Drive D: | 221,16 Gb Total Space | 194,94 Gb Free Space | 88,14% Space Free | Partition Type: NTFS Drive E: | 296,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: CHAS-PC | User Name: Charlie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Charlie\Documents\OTL.exe (OldTimer Tools) PRC - D:\Programme\hotspot shield\bin\openvpntray.exe () PRC - D:\Programme\hotspot shield\bin\openvpnas.exe () PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - D:\Programme\hotspot shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - D:\Programme\hotspot shield\bin\hsswd.exe () PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - D:\Programme\TUNEUputilies\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - D:\Programme\TUNEUputilies\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - D:\Programme\Nero\Nero BackItUp\NBAgent.exe (Nero AG) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Programme\ASUS\ATK Media\DMedia.exe (ASUS) PRC - C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) PRC - C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Programme\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS) PRC - C:\Programme\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Programme\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Programme\Wireless Console 2\wcourier.exe () PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Modules (SafeList) ========== MOD - C:\Users\Charlie\Documents\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll () SRV - (HssTrayService) -- D:\Programme\hotspot shield\bin\HssTrayService.exe () SRV - (hshld) -- D:\Programme\hotspot shield\bin\openvpnas.exe () SRV - (HssSrv) -- D:\Programme\hotspot shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (TuneUp.Defrag) -- D:\Programme\TUNEUputilies\TuneUpDefragService.exe (TuneUp Software) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (HssWd) -- D:\Programme\hotspot shield\bin\hsswd.exe () SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (TuneUp.UtilitiesSvc) -- D:\Programme\TUNEUputilies\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS) SRV - (ADSMService) -- C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (ASUSTek Computer Inc) DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (TuneUpUtilitiesDrv) -- D:\Programme\TUNEUputilies\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (GemCCID) -- C:\Windows\System32\drivers\GemCCID.sys (Gemalto) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ASUS) DRV - (ASMMAP) -- C:\Programme\ATKGFNEX\ASMMAP.sys () DRV - (ZSMC302) -- C:\Windows\System32\drivers\usbvm302.sys (VM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2947023524-3392541412-3078226838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-2947023524-3392541412-3078226838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2947023524-3392541412-3078226838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2947023524-3392541412-3078226838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 FC 9C 39 D4 9B CB 01 [binary data] IE - HKU\S-1-5-21-2947023524-3392541412-3078226838-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2947023524-3392541412-3078226838-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://vshare.toolbarhome.com/?hp=df" FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0 FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.31 20:40:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.31 20:40:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.11 22:00:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.11 22:00:14 | 000,000,000 | ---D | M] [2010.12.16 20:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlie\AppData\Roaming\mozilla\Extensions [2011.04.15 12:28:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlie\AppData\Roaming\mozilla\Firefox\Profiles\t4uto6ah.default\extensions [2011.02.20 16:25:15 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Charlie\AppData\Roaming\mozilla\Firefox\Profiles\t4uto6ah.default\extensions\firefox@tvunetworks.com [2010.12.16 20:19:26 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Charlie\AppData\Roaming\mozilla\Firefox\Profiles\t4uto6ah.default\extensions\vshare@toolbar [2010.12.16 20:19:34 | 000,001,583 | ---- | M] () -- C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\t4uto6ah.default\searchplugins\web-search.xml [2011.03.30 23:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.17 00:27:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.30 23:42:11 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2011.01.31 20:40:58 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.01.31 20:40:58 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2010.12.17 00:27:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.30 23:42:11 | 000,000,000 | ---D | M] (afurladvisor) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM [2010.12.17 00:27:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.11 22:00:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.11 22:00:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.11 22:00:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.11 22:00:11 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.11 22:00:11 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ADSMTray] C:\Programme\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [NBAgent] D:\Programme\Nero\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.250 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.04.18 19:37:34 | 000,000,029 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{627af2c5-07be-11e0-8694-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{627af2c5-07be-11e0-8694-806e6f6e6963}\Shell\AutoRun\command - "" = E:\EPSetup.exe -- [2008.06.04 07:00:00 | 000,059,296 | R--- | M] (SEIKO EPSON CORPORATION) O33 - MountPoints2\{f6230640-0ba3-11e0-b2f5-90e6ba12d5b9}\Shell - "" = AutoRun O33 - MountPoints2\{f6230640-0ba3-11e0-b2f5-90e6ba12d5b9}\Shell\AutoRun\command - "" = G:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Programme\daemon tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: EPSON SX510W Series - hkey= - key= - File not found MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1274217F-5DF9-103D-D363-7C08956E4CF0} - Themes Setup ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2B1B49BF-4C80-8A0C-82D9-02BB69BC1F00} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {3DD1651F-A172-2F8E-37FD-0334B439081B} - Microsoft Windows Media Player ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6405F2E8-D2B9-E80C-9087-230333B691E8} - DirectX ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) ========== Files/Folders - Created Within 30 Days ========== [2011.04.15 12:32:32 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Charlie\Documents\OTL.exe [2011.04.12 23:20:05 | 000,000,000 | ---D | C] -- C:\Users\Charlie\Desktop\Chipmunk - Transition [2011.04.10 12:29:25 | 000,337,304 | ---- | C] (VideoSoft) -- C:\Windows\System32\VSPRINT7.OCX [2011.04.10 12:29:24 | 001,248,768 | ---- | C] (Visual Components, Inc.) -- C:\Windows\System32\VCFI32.OCX [2011.04.10 12:29:24 | 000,221,184 | ---- | C] (ComponenetOne) -- C:\Windows\System32\SIZERONE.OCX [2011.04.10 12:29:24 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\THREED32.OCX [2011.04.10 12:29:24 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL [2011.04.10 12:29:24 | 000,099,866 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DE.DLL [2011.04.10 12:29:24 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL [2011.04.10 12:29:22 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVBVM50.DLL [2011.04.10 12:29:22 | 001,064,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJET35.DLL [2011.04.10 12:29:22 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl35.dll [2011.04.10 12:29:22 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x35.dll [2011.04.10 12:29:22 | 000,166,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msmask32.ocx [2011.04.10 12:29:22 | 000,148,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJINT35.DLL [2011.04.10 12:29:22 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJTER35.DLL [2011.04.10 12:29:22 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msmskde.dll [2011.04.10 12:29:21 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC42LOC.DLL [2011.04.10 12:29:21 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC40LOC.DLL [2011.04.10 12:29:21 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Flxgdde.dll [2011.04.10 12:29:20 | 000,084,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Gapi32.dll [2011.04.10 12:29:19 | 000,684,032 | ---- | C] (combit GmbH) -- C:\Windows\System32\Cm32l5.dll [2011.04.10 12:29:19 | 000,255,488 | ---- | C] (combit GmbH) -- C:\Windows\System32\Cm32ct5.dll [2011.04.10 12:29:19 | 000,185,856 | ---- | C] (combit GmbH) -- C:\Windows\System32\Cm32dw3.dll [2011.04.10 12:29:19 | 000,168,448 | ---- | C] (combit GmbH) -- C:\Windows\System32\Cm32l500.lng [2011.04.10 12:29:19 | 000,100,864 | ---- | C] (combit GmbH) -- C:\Windows\System32\Cm32ut4.dll [2011.04.10 12:29:19 | 000,064,512 | ---- | C] (combit GmbH) -- C:\Windows\System32\Cm32cr2.dll [2011.04.10 12:29:19 | 000,052,736 | ---- | C] (combit GmbH) -- C:\Windows\System32\Cm32l5o.ocx [2011.04.08 15:33:58 | 000,000,000 | ---D | C] -- C:\Users\Charlie\Desktop\Rio Music From The Motion Picture [2011.04.08 12:52:33 | 000,000,000 | ---D | C] -- C:\Users\Charlie\Desktop\Kool Savas - John Bello Story 3 (2010) [2011.04.02 22:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.04.02 22:31:46 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2011.04.02 22:31:40 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2011.03.31 23:49:27 | 000,000,000 | ---D | C] -- C:\Users\Charlie\AppData\Roaming\frilo [2011.03.31 17:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frilo [2011.03.31 17:29:24 | 000,000,000 | ---D | C] -- C:\Users\Charlie\AppData\Local\Frilo [2011.03.31 17:26:37 | 000,000,000 | ---D | C] -- C:\Programme\Frilo [2011.03.31 17:25:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Crystal Decisions [2011.03.31 00:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff [2011.03.30 23:47:47 | 000,000,000 | ---D | C] -- C:\Programme\Hotspot Shield [2011.03.30 23:42:12 | 000,000,000 | ---D | C] -- C:\Hotspot Shield [2011.03.30 23:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield [2011.03.25 10:18:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.03.23 15:14:34 | 000,000,000 | ---D | C] -- C:\Users\Charlie\Documents\Verlauf [2011.03.23 00:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4 [2011.03.23 00:29:22 | 000,000,000 | ---D | C] -- C:\Users\Charlie\AppData\Roaming\ICQ [2011.03.18 16:34:21 | 000,000,000 | ---D | C] -- C:\Programme\Fingerprint Sensor [2011.03.18 16:33:30 | 000,000,000 | ---D | C] -- C:\Medion [2011.03.18 16:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueSuite [2011.03.18 16:27:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\wocaffe [2011.03.18 16:27:26 | 000,000,000 | ---D | C] -- C:\Programme\TrueSuite [2011.03.18 16:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueSuite [2011.03.18 16:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2011.03.17 14:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2010.12.14 22:34:21 | 000,196,608 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2010.12.14 22:26:12 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2011.04.15 12:32:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Charlie\Documents\OTL.exe [2011.04.15 10:29:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.14 21:48:29 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.14 21:48:29 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.14 21:47:14 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe [2011.04.14 21:41:18 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll [2011.04.14 21:40:59 | 2415,394,816 | -HS- | M] () -- C:\hiberfil.sys [2011.04.13 13:45:37 | 417,674,085 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.12 18:39:29 | 000,691,532 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.12 18:39:29 | 000,647,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.12 18:39:29 | 000,145,098 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.12 18:39:29 | 000,118,636 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.10 12:29:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011.04.10 12:29:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011.04.06 16:55:22 | 000,095,083 | ---- | M] () -- C:\Users\Charlie\Desktop\SAP_FS_Zahnmedizin_Bild_7.jpg [2011.04.06 00:05:52 | 000,038,729 | ---- | M] () -- C:\Users\Charlie\Desktop\cafemadrid_04042011_61.JPG [2011.03.31 18:03:03 | 040,762,692 | ---- | M] () -- C:\Users\Charlie\Desktop\HB_F_L.rar [2011.03.31 17:30:17 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\FriloStart.lnk [2011.03.31 17:30:17 | 000,000,907 | ---- | M] () -- C:\Users\Charlie\Documents\FriloStart.lnk [2011.03.31 17:28:41 | 000,000,914 | ---- | M] () -- C:\Users\Charlie\Documents\FriloConfig.lnk [2011.03.31 16:09:58 | 000,003,284 | ---- | M] () -- C:\Windows\checkip.dat [2011.03.25 17:20:38 | 000,622,592 | ---- | M] () -- C:\Users\Charlie\Documents\Database1.accdb [2011.03.18 16:27:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ATSwpWDF_01009.Wdf [2011.03.17 15:07:12 | 000,488,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.03.17 01:35:40 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo ========== Files Created - No Company Name ========== [2011.04.13 13:46:00 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll [2011.04.10 12:29:07 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2011.04.10 12:29:07 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2011.04.06 16:55:22 | 000,095,083 | ---- | C] () -- C:\Users\Charlie\Desktop\SAP_FS_Zahnmedizin_Bild_7.jpg [2011.04.06 00:05:48 | 000,038,729 | ---- | C] () -- C:\Users\Charlie\Desktop\cafemadrid_04042011_61.JPG [2011.03.31 18:01:26 | 040,762,692 | ---- | C] () -- C:\Users\Charlie\Desktop\HB_F_L.rar [2011.03.31 17:29:25 | 000,040,960 | ---- | C] () -- C:\ProgramData\UninstallFrilo.Exe [2011.03.31 17:29:25 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\FriloStart.lnk [2011.03.31 17:29:25 | 000,000,907 | ---- | C] () -- C:\Users\Charlie\Documents\FriloStart.lnk [2011.03.31 17:28:41 | 000,000,914 | ---- | C] () -- C:\Users\Charlie\Documents\FriloConfig.lnk [2011.03.31 16:07:24 | 000,003,284 | ---- | C] () -- C:\Windows\checkip.dat [2011.03.25 14:46:18 | 000,622,592 | ---- | C] () -- C:\Users\Charlie\Documents\Database1.accdb [2011.03.25 10:18:32 | 417,674,085 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.03.18 16:27:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ATSwpWDF_01009.Wdf [2011.03.17 01:35:26 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2011.02.18 01:38:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.17 12:28:44 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011.01.17 12:28:44 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011.01.17 12:28:44 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011.01.17 12:28:44 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011.01.17 12:28:44 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011.01.17 12:28:44 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011.01.17 12:28:44 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011.01.17 12:28:44 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011.01.17 12:28:44 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011.01.17 12:28:44 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011.01.17 12:28:44 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011.01.17 12:28:44 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011.01.17 12:28:44 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011.01.17 12:28:44 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.01.17 12:28:44 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011.01.17 12:28:44 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011.01.17 12:28:44 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011.01.17 12:28:44 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011.01.17 12:28:44 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.12.14 22:34:21 | 001,759,872 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2010.12.14 22:34:21 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2010.12.14 22:34:21 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2009.12.02 20:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll [2009.07.14 10:47:43 | 000,691,532 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,145,098 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,488,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,647,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,118,636 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.07.14 01:15:05 | 000,668,160 | ---- | C] () -- C:\Windows\System32\autochk.exe [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2002.10.16 09:29:32 | 000,049,152 | ---- | C] () -- C:\Windows\amcap.exe [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2010.12.15 01:10:32 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Autodesk [2010.12.19 21:19:43 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\DAEMON Tools Lite [2011.03.31 23:49:27 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\frilo [2011.01.07 19:56:21 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\GetRightToGo [2011.03.24 22:50:20 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\ICQ [2010.12.15 00:46:52 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Local [2011.04.13 19:29:36 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Opera [2011.03.10 22:28:44 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\ShareTV [2010.12.15 01:17:14 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\TuneUp Software [2011.02.15 01:30:40 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Unity [2009.07.14 06:53:46 | 000,021,040 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.12.23 01:30:24 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Adobe [2011.01.08 23:37:40 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Apple Computer [2010.12.15 01:10:32 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Autodesk [2010.12.19 21:19:43 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\DAEMON Tools Lite [2011.01.29 00:39:13 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\DivX [2011.03.31 23:49:27 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\frilo [2011.01.07 19:56:21 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\GetRightToGo [2011.03.24 22:50:20 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\ICQ [2010.12.14 22:23:16 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Identities [2010.12.14 22:36:10 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\InstallShield [2010.12.15 00:46:52 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Local [2010.12.14 23:03:11 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Macromedia [2010.12.14 23:14:33 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Malwarebytes [2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Media Center Programs [2011.03.25 16:03:41 | 000,000,000 | --SD | M] -- C:\Users\Charlie\AppData\Roaming\Microsoft [2011.03.10 21:28:42 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Mozilla [2011.01.07 23:50:06 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Nero [2011.04.13 19:29:36 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Opera [2011.03.10 22:28:44 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\ShareTV [2011.04.04 21:13:35 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Skype [2011.04.04 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\skypePM [2010.12.15 01:17:14 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\TuneUp Software [2011.02.15 01:30:40 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Unity [2011.03.17 14:26:08 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\vlc [2010.12.15 01:14:46 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.03.18 16:34:21 | 000,061,440 | R--- | M] (Macrovision Corporation) -- C:\Users\Charlie\AppData\Roaming\Microsoft\Installer\{E815FB81-995F-4F33-8E25-F16712123AB7}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.12.19 21:09:53 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > extra.txt OTL Extras logfile created on: 15.04.2011 12:33:58 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Charlie\Documents An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 185,76 Gb Free Space | 79,77% Space Free | Partition Type: NTFS Drive D: | 221,16 Gb Total Space | 194,94 Gb Free Space | 88,14% Space Free | Partition Type: NTFS Drive E: | 296,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: CHAS-PC | User Name: Charlie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-2947023524-3392541412-3078226838-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Programme\videolan\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "D:\Programme\MediaMonkey\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "D:\Programme\MediaMonkey\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "D:\Programme\MediaMonkey\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [PlayWithVLC] -- "D:\Programme\videolan\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{010DDDB8-C84B-4748-86D4-669D6D87842C}_is1" = Need for Speed(TM) Hot Pursuit Version 1.0 "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{378317B3-D201-4BC0-BEC9-9451C9ACAEED}" = Alcor Micro USB Card Reader "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5783F2D7-9001-0407-0002-0060B0CE6BBA}" = AutoCAD 2011 - Deutsch "{5783F2D7-9001-0407-1002-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - Deutsch "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM) "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2 "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10 "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9B7A87BB-BB10-4991-A89C-E38660A76B05}" = Frilo Installation "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011 "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite "{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Akamai" = Akamai NetSession Interface "AmUStor" = Alcor Micro USB Card Reader "AutoCAD 2011 - Deutsch" = AutoCAD 2011 - Deutsch "AutoCAD 2011 - Deutsch Version 2.1" = AutoCAD 2011 - Deutsch Version 2.1 "avast5" = avast! Free Antivirus "AviSynth" = AviSynth 2.5 "DivX Setup.divx.com" = DivX-Setup "EPSON Scanner" = EPSON Scan "Epson Stylus SX510W_TX550W Benutzerhandbuch" = Epson Stylus SX510W_TX550W Handbuch "EPSON SX510W Series" = EPSON SX510W Series Printer Uninstall "Fallout New Vegas_is1" = Fallout New Vegas "Frilo" = Frilo "HotspotShield" = Hotspot Shield 1.57 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaMonkey_is1" = MediaMonkey 3.2 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15) "NVIDIA Drivers" = NVIDIA Drivers "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Opera 11.01.1190" = Opera 11.01 "SopCast" = SopCast 3.3.2 "SqrSoftACF" = SqrSoft® Advanced Crossfading (remove only) "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities" = TuneUp Utilities "Veetle TV" = Veetle TV 0.9.18 "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 1.1.7 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2947023524-3392541412-3078226838-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14.04.2011 20:17:08 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6099 Error - 14.04.2011 20:17:09 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 14.04.2011 20:17:09 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7098 Error - 14.04.2011 20:17:09 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7098 Error - 14.04.2011 20:17:10 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 14.04.2011 20:17:10 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8112 Error - 14.04.2011 20:17:10 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8112 Error - 14.04.2011 20:17:11 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 14.04.2011 20:17:11 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9110 Error - 14.04.2011 20:17:11 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9110 [ System Events ] Error - 15.04.2011 06:41:32 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "C:" den Befehl "chkdsk" aus. Error - 15.04.2011 06:41:32 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "C:" den Befehl "chkdsk" aus. Error - 15.04.2011 06:44:20 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus. Error - 15.04.2011 06:44:20 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus. Error - 15.04.2011 06:44:20 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "C:" den Befehl "chkdsk" aus. Error - 15.04.2011 06:44:37 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus. Error - 15.04.2011 06:44:37 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus. Error - 15.04.2011 06:44:37 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "C:" den Befehl "chkdsk" aus. Error - 15.04.2011 06:44:37 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "C:" den Befehl "chkdsk" aus. Error - 15.04.2011 06:44:37 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "C:" den Befehl "chkdsk" aus. < End of report > --- --- --- |
|
15.04.2011, 14:12
| #10 |
| /// Malware-holic | trojaner eingefangen , malware auswertung :) lade den CCleaner slim: Piriform - Builds falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.04.2011, 18:06
| #11 |
| | trojaner eingefangen , malware auswertung :) Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 19.02.2011 6,00MB 10.2.152.26 NOTWENDIG Adobe Flash Player 10 Plugin Adobe Systems Incorporated 18.01.2011 6,00MB 10.1.102.64 NOTWENDIG Adobe Reader X - Deutsch Adobe Systems Incorporated 22.12.2010 115,1MB 10.0.0 NOTWENDIG Adobe Shockwave Player 11.5 Adobe Systems, Inc. 08.03.2011 11.5.9.620 NOTWENDIG Akamai NetSession Interface 13.12.2010 uNBEKANNT Alcor Micro USB Card Reader Alcor Micro Corp. 13.12.2010 2,80MB 1.4.1217.35202 UNBEKANNT/NICHT NOTWENDIG Apple Application Support Apple Inc. 06.01.2011 52,8MB 1.4.1 UNBEÖTIGT Apple Mobile Device Support Apple Inc. 06.01.2011 21,7MB 3.3.0.69 UNBENÖTIGT Apple Software Update Apple Inc. 06.01.2011 2,26MB 2.1.2.120 UNBENÖTIGT ASUS Data Security Manager ASUS 13.12.2010 15,1MB 1.00.0014 UNBEKANNT ASUS LifeFrame3 ASUS 13.12.2010 27,7MB 3.0.20 UNNÖTIG ASUS Live Update ASUS 13.12.2010 2.5.9 UNBEKANNT ASUS MultiFrame ASUS 13.12.2010 1.0.0019 UNNÖTIG ASUS Virtual Camera asus 13.12.2010 3,12MB 1.0.19 NOTWENDIG ATK Generic Function Service ATK 13.12.2010 1.00.0008 UNBEKANNT ATK Hotkey ASUS 13.12.2010 5,75MB 1.0.0053 UNBEKANNT ATK Media ASUS 13.12.2010 0,20MB 2.0.0006 UNBEKANNT ATKOSD2 ASUS 13.12.2010 6,53MB 7.0.0006 UNBEKANNT AuthenTec Fingerprint Sensor Minimum Install AuthenTec 17.03.2011 2,33MB 7.9.2 UNNÖTIG AuthenTec TrueSuite AuthenTec, Inc. 17.03.2011 6,54MB 2.0.0.57 NOTWENDIG AutoCAD 2011 - Deutsch Autodesk 14.12.2010 18.1.49.0 NOTWENDIG Autodesk Material Library 2011 Autodesk 13.12.2010 181,4MB 2.0.0.49 NOTWENDIG Autodesk Material Library 2011 Base Image library Autodesk 13.12.2010 255MB 2.0.0.49 NOTWENDIG avast! Free Antivirus Alwil Software 14.12.2010 5.0.677.0 NOTWENDIG AviSynth 2.5 21.01.2011 UNBEKANNT Bonjour Apple Inc. 06.01.2011 1,10MB 2.0.4.0 UNBEKANNT CCleaner Piriform 14.04.2011 3.05  DivX Web Player DivX,Inc. 30.01.2011 1.5.0 NOTWENDIG DivX-Setup DivX, LLC 25.12.2010 2.2.1.2 NOTWENDIG Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 16.01.2011 2.1.0.0 NOTWEDNIG EPSON Scan 16.01.2011 NOTWENDIG Epson Stylus SX510W_TX550W Handbuch 16.01.2011 UNNÖTIG EPSON SX510W Series Printer Uninstall SEIKO EPSON Corporation 16.01.2011 NOTWENDIG EpsonNet Print SEIKO EPSON CORPORATION 16.01.2011 2.4i UNBEKANNT EpsonNet Setup SEIKO EPSON CORPORATION 16.01.2011 3.1a UNBEKANNT Fallout New Vegas Bethesda Softworks 08.01.2011 1.0 UNNÖTIG FARO LS 1.1.406.58 FARO Scanner Production 13.12.2010 21,5MB 4.6.58.2 UNBEKANNT Frilo 30.03.2011 NOTWNEDIG Hotspot Shield 1.57 AnchorFree 29.03.2011 1.57 NOTWENDIG IKEA Home Planner IKEA IT 06.03.2011 167,3MB 2.0.3 UNNÄTIG iTunes Apple Inc. 06.01.2011 144,8MB 10.1.1.4 NOTWENDIG Java(TM) 6 Update 23 Oracle 15.12.2010 95,0MB 6.0.230 NOTWENDIG Malwarebytes' Anti-Malware Malwarebytes Corporation 21.12.2010 10,5MB NOTWENDIG MediaMonkey 3.2 Ventis Media Inc. 19.12.2010 3.2 NOTWENDIG Messenger Plus! Live Yuna Software 14.12.2010 4.90.0.392 NOTWEDNIG Microsoft .NET Framework 4 Client Profile Microsoft Corporation 13.01.2011 38,8MB 4.0.30319 UNBEK. Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 13.01.2011 2,94MB 4.0.30319 UNBEK. Microsoft .NET Framework 4 Extended Microsoft Corporation 13.01.2011 52,0MB 4.0.30319 UNBEK. Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 13.01.2011 10,7MB 4.0.30319 UNBEKA. Microsoft Office Professional Plus 2010 Microsoft Corporation 18.12.2010 14.0.4763.1000 NOTWEDNIG Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 06.01.2011 7,71MB 8.0.50727.42 Microsoft Silverlight Microsoft Corporation 16.02.2011 40,4MB 4.0.60129.0 UNBEKANNT Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 09.03.2011 2,70MB 8.0.59193 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 22.12.2010 0,23MB 9.0.30729 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 13.12.2010 0,58MB 9.0.30729.4148 UNBEKANNT Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 08.01.2011 11,0MB 10.0.30319 UNBEKANNT Mozilla Firefox (3.6.15) Mozilla 10.03.2011 3.6.15 (de) NOTWEDNIG MSXML 4.0 SP2 (KB954430) Microsoft Corporation 08.01.2011 35,00KB 4.20.9870.0 UNBEKANNT MSXML 4.0 SP2 (KB973688) Microsoft Corporation 08.01.2011 1,33MB 4.20.9876.0 UNBEKANNT Need for Speed(TM) Hot Pursuit Version 1.0 Zocky 23.12.2010 1.0 UNNÖTIG Nero BackItUp 10 Nero AG 06.01.2011 107,6MB 5.4.11600.19.100 NOTWEDNIG Nero Burning ROM 10 Nero AG 06.01.2011 162,3MB 10.0.11100.10.100 NOTWEDNIG Nero BurnRights 10 Nero AG 06.01.2011 6,42MB 4.0.11000.12.100 NOTWEDNIG Nero CoverDesigner 10 Nero AG 06.01.2011 77,1MB 5.0.10900.11.100 NOTWEDNIG Nero DiscCopy Gadget 10 Nero AG 06.01.2011 35,4MB 3.0.10700.9.100 ALLE NERO WÜRDE ICH SAGEN NOTWENDIG Nero DiscSpeed 10 Nero AG 06.01.2011 7,47MB 6.0.10800.7.100 Nero Express 10 Nero AG 06.01.2011 159,5MB 10.0.11000.10.100 Nero InfoTool 10 Nero AG 06.01.2011 8,07MB 7.0.10800.8.100 Nero MediaHub 10 Nero AG 06.01.2011 158,0MB 1.0.13400.11.100 Nero Multimedia Suite 10 Nero AG 06.01.2011 1.369MB 10.0.13100 Nero Recode 10 Nero AG 06.01.2011 80,0MB 4.6.10900.4.100 Nero RescueAgent 10 Nero AG 06.01.2011 6,83MB 3.0.10900.9.100 Nero SoundTrax 10 Nero AG 06.01.2011 95,6MB 4.6.10600.2.100 Nero StartSmart 10 Nero AG 06.01.2011 110,2MB 10.0.11200.12.100 Nero Update Nero AG 06.01.2011 1,41MB 1.0.0017 Nero Vision 10 Nero AG 06.01.2011 214MB 7.0.11100.8.100 Nero WaveEditor 10 Nero AG 06.01.2011 76,6MB 5.6.10600.2.100 NVIDIA Drivers NVIDIA Corporation 13.12.2010 1.8 UNBEKANNT Opera 11.01 Opera Software ASA 26.01.2011 11.01.1190 NOTWEDNIG QuickTime Apple Inc. 06.01.2011 73,7MB 7.69.80.9 NOTWEDNIG Skype™ 5.1 Skype Technologies S.A. 01.04.2011 24,5MB 5.1.112 NOTWEDNIG SopCast 3.3.2 www.sopcast.com 25.12.2010 3.3.2 NOTWEDNIG SqrSoft® Advanced Crossfading (remove only) 30.12.2010 UNBEKANNT Synaptics Pointing Device Driver Synaptics Incorporated 13.12.2010 14.0.1.1 UNBEKANNT TuneUp Utilities TuneUp Software 14.12.2010 9.0.4400.15 NOTWEDNIG Unity Web Player Unity Technologies ApS 14.02.2011 12,0MB Veetle TV 0.9.18 Veetle, Inc 03.02.2011 0.9.18 NOTWEDNIG Virtual DJ - Atomix Productions 19.12.2010 NOTWEDNIG VLC media player 1.1.7 VideoLAN 16.03.2011 1.1.7 NOTWEDNIG Windows Live Anmelde-Assistent Microsoft Corporation 13.12.2010 1,94MB 5.000.818.5 UNBEKANNT Windows Live Essentials Microsoft Corporation 13.12.2010 14.0.8117.0416 UNBEKANNT Windows Live OneCare safety scanner Microsoft Corporation 03.02.2011 UNBEKANNT Windows Live-Uploadtool Microsoft Corporation 13.12.2010 0,22MB 14.0.8014.1029 UNBEKANNT Windows Mobile-Gerätecenter Microsoft Corporation 13.01.2011 27,5MB 6.1.6965.0 UNBEKANNT WinFlash ASUS 13.12.2010 1,29MB 2.29.0 UNBEKANNT WinRAR 14.12.2010 NOTWEDNIG Wireless Console 2 ATK 13.12.2010 2.0.10 UNBEKANNT |
|
15.04.2011, 18:13
| #12 |
| /// Malware-holic | trojaner eingefangen , malware auswertung :) öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus. so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden. unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken. unter update, auf instalieren stellen. klicke übernehmen /ok deinstaliere. ASUS alle außer die benötigten AuthenTec Fingerprint Sensor Bonjour Fallout IKEA Mozilla öffne den firefox hilfe, update, version 4 ist draußen deinstalire Need for Speed SqrSoft® TuneUp soclhe programme können dir das system zerschießen, außerdem tunen sie nichts, das sind alles leere versprechnungen, am ende wird das system sogar noch langsamer, weg mit dem schrott Windows Live alle 3 bereinige mit dem ccleaner
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.04.2011, 02:22
| #13 |
| | trojaner eingefangen , malware auswertung :) heyy danke hab das mal ales gemacht lg |
|
16.04.2011, 10:01
| #14 |
| /// Malware-holic | trojaner eingefangen , malware auswertung :) bitte besuche jetzt mal die avast homepage und hohl dir version 6 mache dann einen boot time scan.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.04.2011, 13:29
| #15 |
| | trojaner eingefangen , malware auswertung :) heyy sorry komm nicht klar wo ich das machen kann, ich habe avast antivirus free version... habs jetzt auf die version 6.0.0.1 geupdate aber kein plan wo ich da ein boot scan time machen kann |
|
| Themen zu trojaner eingefangen , malware auswertung :) |
| adobe, antivirus, asus, avast, avast!, bho, bonjour, browser, computer, explorer, hijack, hijackthis, hotkey, hotspot, hotspot shield, logfile, malware, microsoft, nvidia, object, opera, plug-in, programme, rundll, security, senden, software, system, trojaner, trojaner eingefangen |
Linear-Darstellung
