| |
| |||||||
Log-Analyse und Auswertung: KeyLogger in Systray.exe stubWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.04.2011, 09:04
| #1 |
 |  KeyLogger in Systray.exe stub hallo liebe gemeinde, ich bin grad mit meinen latein am ende. seit 2 tagen habe ich wohl einen keylogger auf dem laptop. meine firewall zeigt an das die datei systray.exe stub über eine anwendung in user/appdata/local zb ice327819.exe aufs internet zugreifen will. zudem wenn ich ^ drücke erscheinen immer ^^. ich habe bereits mit 4!! anti malware, spyware programmen meinen pc gescannt (spybot search and destroy, spyware terminator, windows defender, ..) und bin nicht fündig geworden. habt ihr noch ein tipp wie ich den mist wieder losbekomme? hier noch meine logs:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.04.2011 09:56:57 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144,09 Gb Total Space | 22,67 Gb Free Space | 15,74% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 48,19 Gb Free Space | 33,47% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Stylus S20 Series" = Druckerdeinstallation für EPSON Stylus S20 Series
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.5.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Recuva" = Recuva
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20AFAB5E-0631-4A3F-934F-EFC59479A26E}" = Hyperdesk - DarkMatter Subspace
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A25D5B05-29A2-4493-9E31-4B7487580607}" = WiFi2HiFi
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_930" = Adobe Acrobat 9.3.0 - CPSID_52073
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EAC30F10-3877-4967-9CC1-AF56CD27E0A1}" = Elite Antikeylogger 3.0 [build 327]
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F7D480DD-8D1A-470D-87C6-3B9DBF6A629B}" = Buyertools Reminder
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 9.18 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Aimersoft Video Converter Ultimate_is1" = Aimersoft Video Converter Ultimate(Build 4.0.0.5)
"AntiKeyloggerShield_is1" = Anti Keylogger Shield v3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"ManyCam" = ManyCam 2.6.25 (remove only)
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"QuickTime Converter_is1" = QuickTime Converter 2.12
"Security Task Manager" = Security Task Manager 1.8c
"SHOUTcast" = SHOUTcast DSP Plug-in v2
"SHOUTcast Radio Toolbar" = SHOUTcast Radio Toolbar
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"Spyware Terminator_is1" = Spyware Terminator
"TrueCrypt" = TrueCrypt
"Ultra QuickTime Converter_is1" = Ultra QuickTime Converter 4.1.0225
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.2
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
26.04.2011, 14:58
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | KeyLogger in Systray.exe stub Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________Außerdem fehlt die OTL.txt Logdatei!
__________________ |
|
26.04.2011, 15:20
| #3 |
| | KeyLogger in Systray.exe stub hier die malware logs
__________________Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6424 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 23.04.2011 18:02:28 mbam-log-2011-04-23 (18-02-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 337844 Laufzeit: 1 Stunde(n), 16 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6424 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 23.04.2011 15:01:31 mbam-log-2011-04-23 (15-01-31).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 168314 Laufzeit: 6 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. |
|
26.04.2011, 15:39
| #4 |
| | KeyLogger in Systray.exe stub hier die OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 26.04.2011 16:22:35 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 32,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 60,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 144,09 Gb Total Space | 3,51 Gb Free Space | 2,44% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 80,21 Gb Free Space | 55,70% Space Free | Partition Type: NTFS Computer Name: PC | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.26 16:22:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Slick\Downloads\OTL.exe PRC - [2011.03.18 19:56:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.03.04 14:36:20 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.03.04 14:36:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.03 12:08:39 | 001,650,504 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe PRC - [2011.03.03 12:08:39 | 001,405,384 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011.03.03 12:08:39 | 000,939,848 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011.02.19 01:21:30 | 000,995,328 | ---- | M] () -- C:\Program Files (x86)\WiFi2HiFi-Station\wifi2hifi-station.exe PRC - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe PRC - [2011.02.18 17:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010.08.23 19:25:04 | 000,094,552 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Camtasia Studio 7\TSCHelp.exe PRC - [2010.08.23 19:24:42 | 009,107,800 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe PRC - [2009.12.21 19:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2009.07.14 03:14:42 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\TSTheme.exe ========== Modules (SafeList) ========== MOD - [2011.04.26 16:22:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Slick\Downloads\OTL.exe MOD - [2011.04.14 18:09:04 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcr80.dll MOD - [2011.04.14 18:09:04 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcp80.dll MOD - [2011.02.15 17:25:56 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.12.29 08:55:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.02.15 17:26:18 | 000,822,264 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.03.21 11:06:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.03.04 14:36:20 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.04 14:36:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.03 12:08:39 | 001,405,384 | ---- | M] (Lavasoft Limited) [On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010.11.11 00:29:46 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\MSI4B39.tmp -- (HyperDeskCustomThemeEnabler) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.12.17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007.01.11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.03.04 14:36:34 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.03.04 14:36:34 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.02.18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.11.10 23:03:33 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2010.05.15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2010.04.19 21:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.02.06 04:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2011.03.03 12:08:42 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2011.02.15 17:25:38 | 000,033,528 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2010.05.15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\vsdatant.sys -- (Vsdatant) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC) IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 25 BE E4 19 81 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC) IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011.04.24 13:26:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.26 15:26:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.11 15:18:01 | 000,000,000 | ---D | M] [2011.04.26 15:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Slick\AppData\Roaming\mozilla\Extensions [2011.04.26 15:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.11.10 23:35:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.19 21:48:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.05 12:11:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2011.04.25 11:41:43 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\SLICK\APPDATA\ROAMING\5015 [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.11.27 19:36:50 | 000,002,210 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 ntrack.com127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 Registration O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 Registration O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 Registration O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 14 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SHOUTcast Loader) - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (SHOUTcast Radio Toolbar) - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SHOUTcast Radio Toolbar) - {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Buyertools Reminder] File not found O4 - HKCU..\Run: [EPSON Stylus S20 Series] File not found O4 - HKCU..\Run: [RocketDock] File not found O4 - HKCU..\Run: [Userinit] C:\Users\Slick\AppData\Roaming\appconf32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html () O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d8fc4375-6b52-11e0-80cc-0013776cdc1b}\Shell - "" = AutoRun O33 - MountPoints2\{d8fc4375-6b52-11e0-80cc-0013776cdc1b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.26 16:05:49 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{931D0AAE-F8CF-4D46-A915-38099308EE66} [2011.04.26 15:44:35 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\Sunbelt Software [2011.04.26 15:44:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EBDD7DE0-D012-47DF-859B-DB1061E2D512} [2011.04.26 15:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011.04.26 15:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2011.04.26 15:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2011.04.26 13:08:28 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{719CFAC9-4FEF-4EA8-8BBE-E4D6A6E2F2B0} [2011.04.26 01:07:37 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{226D5625-9ABD-4C2F-9F3E-EB2A6E83F79C} [2011.04.25 18:08:29 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Slick\AppData\Roaming\AcroIEHelpe028.dll [2011.04.25 14:52:03 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Roaming\UAs [2011.04.25 13:06:59 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{50614CFD-0F52-4F21-A80D-7E636BA279C4} [2011.04.25 11:41:43 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Roaming\5015 [2011.04.25 11:41:33 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Roaming\xmldm [2011.04.25 11:41:21 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Roaming\kock [2011.04.25 01:06:19 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{0ABA7B6F-FE8E-4FB2-A65B-BC7326D95008} [2011.04.24 13:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm-Sicherheit [2011.04.24 13:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm [2011.04.24 13:25:30 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll [2011.04.24 13:25:30 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll [2011.04.24 13:25:23 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll [2011.04.24 13:25:21 | 000,458,840 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\drivers\vsdatant.sys [2011.04.24 13:25:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ZoneLabs [2011.04.24 13:05:20 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{7192A14D-6381-4415-808E-877437345B13} [2011.04.23 21:42:03 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{713B5763-9EEF-411D-8167-BE7D87BC1FB9} [2011.04.23 18:58:52 | 002,851,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll.backup [2011.04.23 18:58:50 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll.backup [2011.04.23 18:45:36 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\SHOUTcast Radio Toolbar [2011.04.23 18:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\The Skins Factory [2011.04.23 14:53:57 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Roaming\Malwarebytes [2011.04.23 14:53:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.23 14:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.23 14:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.23 14:53:43 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.23 14:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.23 09:41:11 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{26FFFF97-CC15-4C8C-8E69-E55D8059885E} [2011.04.23 05:32:07 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{D14A12CF-EA47-43ED-A404-2C73B5763163} [2011.04.23 01:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.04.23 01:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.04.23 01:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.04.22 17:31:21 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{1F326028-CBF4-43D7-93BF-2FAC44AB0333} [2011.04.22 10:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011.04.22 10:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2011.04.22 10:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2011.04.21 21:47:23 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Roaming\Avira [2011.04.21 21:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.04.21 21:41:05 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.04.21 21:41:05 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.04.21 21:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.04.21 21:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.04.21 15:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SHOUTcast Radio Toolbar [2011.04.21 15:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SHOUTcast Radio Toolbar [2011.04.21 10:49:02 | 000,000,000 | ---D | C] -- C:\WinampPortable [2011.04.21 10:40:51 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{4A4ED29E-9094-4A62-A2AC-A6BB2538DEE7} [2011.04.20 15:38:30 | 000,000,000 | ---D | C] -- C:\Users\Slick\Desktop\Paul WFAHM [2011.04.20 15:35:21 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{9C9706EB-FACE-4755-8D71-15D1581F8F7C} [2011.04.19 23:35:00 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{2A6DC994-E0CB-46DA-A719-5015A56B1D0E} [2011.04.19 11:34:12 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{0BA1A3C8-E402-49E2-9125-753695E3C0F4} [2011.04.17 12:31:18 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{63FDDE6C-4274-414E-9EB4-38F0927829AC} [2011.04.16 00:37:48 | 000,000,000 | ---D | C] -- C:\Users\Slick\Desktop\Neuer Ordner [2011.04.15 20:25:45 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{2265CA03-2929-4094-8726-5F8CE400144B} [2011.04.15 08:24:45 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{4D67ACC7-5F9A-430A-9BBD-D591318C8F29} [2011.04.14 20:58:26 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar [2011.04.14 20:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convar [2011.04.14 20:24:06 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{926A6C51-A43D-4EF9-971D-28E9E6F88389} [2011.04.14 13:13:40 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.04.14 13:13:40 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.04.14 13:13:38 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.04.14 13:13:37 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.04.14 13:13:37 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.04.14 13:13:34 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll [2011.04.14 13:13:33 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll [2011.04.14 13:13:33 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011.04.14 13:13:33 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011.04.14 13:13:29 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.04.14 13:13:29 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.04.14 13:13:29 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.04.14 13:13:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.04.14 13:13:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.04.14 13:13:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.04.14 13:13:16 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.04.14 13:13:16 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.04.14 13:13:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.04.14 13:13:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.04.14 13:13:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.04.14 13:13:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.04.14 13:13:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.04.14 13:13:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.04.14 13:13:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.04.14 13:13:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.04.14 13:13:15 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.04.14 13:13:15 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.04.14 13:12:46 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll [2011.04.14 13:12:46 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe [2011.04.14 13:12:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011.04.14 13:12:41 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2011.04.14 13:12:41 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2011.04.14 13:12:41 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2011.04.14 13:12:41 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2011.04.14 13:12:41 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll [2011.04.14 13:12:41 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll [2011.04.14 13:12:41 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll [2011.04.14 13:12:39 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe [2011.04.13 18:51:35 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{B8B0B9EC-5703-463F-9644-6EDB1CB2737D} [2011.04.12 15:03:44 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{C1455807-8E32-4382-A0A7-B2CF487E10E6} [2011.04.12 03:02:55 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{722D286F-9F7E-4106-A0BB-4520BBCA85D5} [2011.04.11 15:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.04.11 15:14:40 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.04.11 15:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.04.11 15:14:40 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.04.09 02:31:01 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{B0C4D79E-C200-427C-92D2-BB8B4477ABD6} [2011.04.08 11:34:37 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{4282F7AB-3BF2-4CDF-A032-762507F46BAF} [2011.04.08 00:15:50 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{0C8F0727-B4B1-41E4-A148-DD39D6234180} [2011.04.07 10:03:55 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{76C22D32-8EB4-4F68-8E2A-5EA864BD80F6} [2011.04.06 21:32:01 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{758E0F04-6B3A-4458-AE70-F3A6355766F9} [2011.04.04 18:02:20 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{DDB8D985-E22D-40FB-88B9-BFC0C3BF503F} [2011.04.04 02:31:27 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{3D9B7669-F0C2-46A6-AD8B-9FE3D08AF874} [2011.04.03 14:30:36 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{0269324C-BC2E-4245-95E7-FB015AAA98BA} [2011.04.03 02:29:32 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{E5B9FE7D-4DC8-484D-87B0-3E51CF765BE2} [2011.04.01 20:36:21 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{BDCD9D05-8E57-41A4-9C4A-5CF8FF89905E} [2011.03.31 18:55:12 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{F0E85BB2-ED67-4AC5-8618-D9909810A8BF} [2011.03.31 09:18:06 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{0213839E-6788-4069-9C63-350DF185C007} [2011.03.30 20:45:33 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{8B78BBA9-8563-4692-8E0E-EBB52C662F4C} [2011.03.30 19:14:54 | 000,000,000 | ---D | C] -- C:\Users\Slick\Desktop\Videos fertig [2011.03.29 12:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param [2011.03.29 12:04:22 | 000,000,000 | ---D | C] -- C:\Users\Slick\Documents\Aimersoft Video Converter Ultimate [2011.03.29 12:04:08 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll [2011.03.29 12:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aimersoft [2011.03.29 11:23:01 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Roaming\GetRightToGo [2011.03.29 11:23:01 | 000,000,000 | ---D | C] -- C:\Users\Slick\Documents\Downloads [2011.03.29 11:14:40 | 000,000,000 | ---D | C] -- C:\OutputFolder [2011.03.29 11:13:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ultra QuickTime Converter [2011.03.29 11:07:44 | 000,000,000 | -HSD | C] -- C:\Users\Slick\AppData\Local\.# [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Users\Slick\AppData\Roaming\*.tmp files -> C:\Users\Slick\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.26 16:05:47 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 16:05:47 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 15:57:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.26 15:57:32 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys [2011.04.26 15:43:58 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.04.26 15:26:58 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.26 14:41:41 | 000,029,016 | ---- | M] () -- C:\Users\Slick\Desktop\screen_fr.png [2011.04.26 14:41:41 | 000,027,823 | ---- | M] () -- C:\Users\Slick\Desktop\screen_en.png [2011.04.25 18:08:29 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Slick\AppData\Roaming\AcroIEHelpe028.dll [2011.04.24 13:27:03 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011.04.24 13:25:46 | 000,011,954 | ---- | M] () -- C:\Windows\SysWow64\vsconfig.xml [2011.04.24 13:25:46 | 000,001,062 | ---- | M] () -- C:\Users\Slick\Desktop\ZoneAlarm Security.lnk [2011.04.24 01:42:50 | 001,512,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.24 01:42:50 | 000,659,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.24 01:42:50 | 000,620,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.24 01:42:50 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.24 01:42:50 | 000,108,332 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.23 18:58:52 | 002,851,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll [2011.04.23 18:58:50 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2011.04.23 14:53:49 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.23 11:54:09 | 000,004,096 | ---- | M] () -- C:\Users\Slick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.23 09:45:34 | 000,377,260 | ---- | M] () -- C:\Users\Slick\Desktop\Load.exe [2011.04.22 18:12:36 | 000,000,600 | ---- | M] () -- C:\Users\Slick\AppData\Roaming\winscp.rnd [2011.04.22 00:29:23 | 000,039,072 | ---- | M] () -- C:\Users\Slick\Desktop\dsc_1194pum2.jpg [2011.04.21 21:41:19 | 000,002,062 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.04.21 11:40:47 | 000,000,997 | ---- | M] () -- C:\Users\Slick\Desktop\Winamp.lnk [2011.04.14 18:14:11 | 004,979,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.12 23:14:11 | 000,000,000 | -H-- | M] () -- C:\Users\Slick\Documents\Default.rdp [2011.04.11 15:15:08 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.06 22:07:44 | 003,815,820 | ---- | M] () -- C:\Users\Slick\Desktop\Bolt from the blue EFX + EQ.mp3 [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Users\Slick\AppData\Roaming\*.tmp files -> C:\Users\Slick\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.26 15:43:58 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.04.26 15:26:58 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.26 15:26:58 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.26 14:41:35 | 000,029,016 | ---- | C] () -- C:\Users\Slick\Desktop\screen_fr.png [2011.04.26 14:41:13 | 000,027,823 | ---- | C] () -- C:\Users\Slick\Desktop\screen_en.png [2011.04.24 13:25:46 | 000,001,062 | ---- | C] () -- C:\Users\Slick\Desktop\ZoneAlarm Security.lnk [2011.04.23 14:53:49 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.23 09:45:29 | 000,377,260 | ---- | C] () -- C:\Users\Slick\Desktop\Load.exe [2011.04.22 00:28:22 | 000,039,072 | ---- | C] () -- C:\Users\Slick\Desktop\dsc_1194pum2.jpg [2011.04.21 21:41:19 | 000,002,062 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.04.21 11:40:47 | 000,000,997 | ---- | C] () -- C:\Users\Slick\Desktop\Winamp.lnk [2011.04.12 23:14:11 | 000,000,000 | -H-- | C] () -- C:\Users\Slick\Documents\Default.rdp [2011.04.11 15:15:08 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.06 22:05:58 | 003,815,820 | ---- | C] () -- C:\Users\Slick\Desktop\Bolt from the blue EFX + EQ.mp3 [2011.03.29 12:04:12 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\AI_ContextMenu.dll [2011.03.29 12:04:08 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax [2011.03.29 12:04:08 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax [2010.12.13 12:37:15 | 000,004,939 | ---- | C] () -- C:\ProgramData\cbkxtjjv.ukg [2010.11.22 18:37:23 | 000,000,600 | ---- | C] () -- C:\Users\Slick\AppData\Roaming\winscp.rnd [2010.11.19 14:39:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.14 15:21:28 | 000,004,096 | ---- | C] () -- C:\Users\Slick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.10 21:55:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.12.09 17:23:13 | 000,047,848 | RHS- | C] () -- C:\Users\Slick\AppData\Roaming\appconf32.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4DACEB9F < End of report > dazu kommt nun ein neues problem: mein firefox bringt mir immer BEX Fehler bzw App fehler und muss geschlossen werden, das selbe auch bei 7zip zudem habe ich mein system jetzt mit diversen programmen gescanned. darunter avira antivir, ad-aware windows defener malwarebytes usw usw dort wird nichts mehr gefunden... aber ich bin mir fast sicher noch einen störenfried draufzuhaben |
|
26.04.2011, 15:39
| #5 |
| | KeyLogger in Systray.exe stub hier die OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.04.2011 16:22:35 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 32,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 60,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 144,09 Gb Total Space | 3,51 Gb Free Space | 2,44% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 80,21 Gb Free Space | 55,70% Space Free | Partition Type: NTFS Computer Name: PC | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.26 16:22:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Slick\Downloads\OTL.exe PRC - [2011.03.18 19:56:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.03.04 14:36:20 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.03.04 14:36:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.03 12:08:39 | 001,650,504 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe PRC - [2011.03.03 12:08:39 | 001,405,384 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011.03.03 12:08:39 | 000,939,848 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011.02.19 01:21:30 | 000,995,328 | ---- | M] () -- C:\Program Files (x86)\WiFi2HiFi-Station\wifi2hifi-station.exe PRC - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe PRC - [2011.02.18 17:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010.08.23 19:25:04 | 000,094,552 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Camtasia Studio 7\TSCHelp.exe PRC - [2010.08.23 19:24:42 | 009,107,800 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe PRC - [2009.12.21 19:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2009.07.14 03:14:42 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\TSTheme.exe ========== Modules (SafeList) ========== MOD - [2011.04.26 16:22:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Slick\Downloads\OTL.exe MOD - [2011.04.14 18:09:04 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcr80.dll MOD - [2011.04.14 18:09:04 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcp80.dll MOD - [2011.02.15 17:25:56 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.12.29 08:55:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.02.15 17:26:18 | 000,822,264 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.03.21 11:06:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.03.04 14:36:20 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.04 14:36:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.03 12:08:39 | 001,405,384 | ---- | M] (Lavasoft Limited) [On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010.11.11 00:29:46 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\MSI4B39.tmp -- (HyperDeskCustomThemeEnabler) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.12.17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007.01.11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.03.04 14:36:34 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.03.04 14:36:34 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.02.18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.11.10 23:03:33 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2010.05.15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2010.04.19 21:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.02.06 04:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2011.03.03 12:08:42 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2011.02.15 17:25:38 | 000,033,528 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2010.05.15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\vsdatant.sys -- (Vsdatant) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC) IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 25 BE E4 19 81 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC) IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011.04.24 13:26:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.26 15:26:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.11 15:18:01 | 000,000,000 | ---D | M] [2011.04.26 15:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Slick\AppData\Roaming\mozilla\Extensions [2011.04.26 15:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.11.10 23:35:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.19 21:48:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.05 12:11:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2011.04.25 11:41:43 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\SLICK\APPDATA\ROAMING\5015 [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.11.27 19:36:50 | 000,002,210 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 ntrack.com127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 Registration O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 Registration O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 Registration O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 14 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SHOUTcast Loader) - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (SHOUTcast Radio Toolbar) - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SHOUTcast Radio Toolbar) - {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Buyertools Reminder] File not found O4 - HKCU..\Run: [EPSON Stylus S20 Series] File not found O4 - HKCU..\Run: [RocketDock] File not found O4 - HKCU..\Run: [Userinit] C:\Users\Slick\AppData\Roaming\appconf32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html () O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d8fc4375-6b52-11e0-80cc-0013776cdc1b}\Shell - "" = AutoRun O33 - MountPoints2\{d8fc4375-6b52-11e0-80cc-0013776cdc1b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.26 16:05:49 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{931D0AAE-F8CF-4D46-A915-38099308EE66} [2011.04.26 15:44:35 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\Sunbelt Software [2011.04.26 15:44:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EBDD7DE0-D012-47DF-859B-DB1061E2D512} [2011.04.26 15:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011.04.26 15:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2011.04.26 15:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2011.04.26 13:08:28 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{719CFAC9-4FEF-4EA8-8BBE-E4D6A6E2F2B0} [2011.04.26 01:07:37 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{226D5625-9ABD-4C2F-9F3E-EB2A6E83F79C} [2011.04.25 18:08:29 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Slick\AppData\Roaming\AcroIEHelpe028.dll [2011.04.25 14:52:03 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Roaming\UAs [2011.04.25 13:06:59 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{50614CFD-0F52-4F21-A80D-7E636BA279C4} [2011.04.25 11:41:43 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Roaming\5015 [2011.04.25 11:41:33 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Roaming\xmldm [2011.04.25 11:41:21 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Roaming\kock [2011.04.25 01:06:19 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{0ABA7B6F-FE8E-4FB2-A65B-BC7326D95008} [2011.04.24 13:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm-Sicherheit [2011.04.24 13:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm [2011.04.24 13:25:30 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll [2011.04.24 13:25:30 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll [2011.04.24 13:25:23 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll [2011.04.24 13:25:21 | 000,458,840 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\drivers\vsdatant.sys [2011.04.24 13:25:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ZoneLabs [2011.04.24 13:05:20 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{7192A14D-6381-4415-808E-877437345B13} [2011.04.23 21:42:03 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{713B5763-9EEF-411D-8167-BE7D87BC1FB9} [2011.04.23 18:58:52 | 002,851,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll.backup [2011.04.23 18:58:50 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll.backup [2011.04.23 18:45:36 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\SHOUTcast Radio Toolbar [2011.04.23 18:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\The Skins Factory [2011.04.23 14:53:57 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Roaming\Malwarebytes [2011.04.23 14:53:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.23 14:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.23 14:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.23 14:53:43 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.23 14:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.23 09:41:11 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{26FFFF97-CC15-4C8C-8E69-E55D8059885E} [2011.04.23 05:32:07 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{D14A12CF-EA47-43ED-A404-2C73B5763163} [2011.04.23 01:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.04.23 01:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.04.23 01:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.04.22 17:31:21 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{1F326028-CBF4-43D7-93BF-2FAC44AB0333} [2011.04.22 10:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011.04.22 10:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2011.04.22 10:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2011.04.21 21:47:23 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Roaming\Avira [2011.04.21 21:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.04.21 21:41:05 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.04.21 21:41:05 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.04.21 21:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.04.21 21:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.04.21 15:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SHOUTcast Radio Toolbar [2011.04.21 15:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SHOUTcast Radio Toolbar [2011.04.21 10:49:02 | 000,000,000 | ---D | C] -- C:\WinampPortable [2011.04.21 10:40:51 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{4A4ED29E-9094-4A62-A2AC-A6BB2538DEE7} [2011.04.20 15:38:30 | 000,000,000 | ---D | C] -- C:\Users\Slick\Desktop\Paul WFAHM [2011.04.20 15:35:21 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{9C9706EB-FACE-4755-8D71-15D1581F8F7C} [2011.04.19 23:35:00 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{2A6DC994-E0CB-46DA-A719-5015A56B1D0E} [2011.04.19 11:34:12 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{0BA1A3C8-E402-49E2-9125-753695E3C0F4} [2011.04.17 12:31:18 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{63FDDE6C-4274-414E-9EB4-38F0927829AC} [2011.04.16 00:37:48 | 000,000,000 | ---D | C] -- C:\Users\Slick\Desktop\Neuer Ordner [2011.04.15 20:25:45 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{2265CA03-2929-4094-8726-5F8CE400144B} [2011.04.15 08:24:45 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{4D67ACC7-5F9A-430A-9BBD-D591318C8F29} [2011.04.14 20:58:26 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar [2011.04.14 20:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convar [2011.04.14 20:24:06 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{926A6C51-A43D-4EF9-971D-28E9E6F88389} [2011.04.14 13:13:40 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.04.14 13:13:40 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.04.14 13:13:38 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.04.14 13:13:37 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.04.14 13:13:37 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.04.14 13:13:34 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll [2011.04.14 13:13:33 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll [2011.04.14 13:13:33 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011.04.14 13:13:33 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011.04.14 13:13:29 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.04.14 13:13:29 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.04.14 13:13:29 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.04.14 13:13:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.04.14 13:13:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.04.14 13:13:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.04.14 13:13:16 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.04.14 13:13:16 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.04.14 13:13:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.04.14 13:13:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.04.14 13:13:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.04.14 13:13:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.04.14 13:13:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.04.14 13:13:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.04.14 13:13:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.04.14 13:13:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.04.14 13:13:15 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.04.14 13:13:15 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.04.14 13:12:46 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll [2011.04.14 13:12:46 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe [2011.04.14 13:12:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011.04.14 13:12:41 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2011.04.14 13:12:41 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2011.04.14 13:12:41 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2011.04.14 13:12:41 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2011.04.14 13:12:41 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll [2011.04.14 13:12:41 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll [2011.04.14 13:12:41 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll [2011.04.14 13:12:39 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe [2011.04.13 18:51:35 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{B8B0B9EC-5703-463F-9644-6EDB1CB2737D} [2011.04.12 15:03:44 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{C1455807-8E32-4382-A0A7-B2CF487E10E6} [2011.04.12 03:02:55 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{722D286F-9F7E-4106-A0BB-4520BBCA85D5} [2011.04.11 15:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.04.11 15:14:40 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.04.11 15:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.04.11 15:14:40 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.04.09 02:31:01 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{B0C4D79E-C200-427C-92D2-BB8B4477ABD6} [2011.04.08 11:34:37 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{4282F7AB-3BF2-4CDF-A032-762507F46BAF} [2011.04.08 00:15:50 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{0C8F0727-B4B1-41E4-A148-DD39D6234180} [2011.04.07 10:03:55 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{76C22D32-8EB4-4F68-8E2A-5EA864BD80F6} [2011.04.06 21:32:01 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{758E0F04-6B3A-4458-AE70-F3A6355766F9} [2011.04.04 18:02:20 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{DDB8D985-E22D-40FB-88B9-BFC0C3BF503F} [2011.04.04 02:31:27 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{3D9B7669-F0C2-46A6-AD8B-9FE3D08AF874} [2011.04.03 14:30:36 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{0269324C-BC2E-4245-95E7-FB015AAA98BA} [2011.04.03 02:29:32 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{E5B9FE7D-4DC8-484D-87B0-3E51CF765BE2} [2011.04.01 20:36:21 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{BDCD9D05-8E57-41A4-9C4A-5CF8FF89905E} [2011.03.31 18:55:12 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{F0E85BB2-ED67-4AC5-8618-D9909810A8BF} [2011.03.31 09:18:06 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{0213839E-6788-4069-9C63-350DF185C007} [2011.03.30 20:45:33 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Local\{8B78BBA9-8563-4692-8E0E-EBB52C662F4C} [2011.03.30 19:14:54 | 000,000,000 | ---D | C] -- C:\Users\Slick\Desktop\Videos fertig [2011.03.29 12:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param [2011.03.29 12:04:22 | 000,000,000 | ---D | C] -- C:\Users\Slick\Documents\Aimersoft Video Converter Ultimate [2011.03.29 12:04:08 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll [2011.03.29 12:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aimersoft [2011.03.29 11:23:01 | 000,000,000 | ---D | C] -- C:\Users\Slick\AppData\Roaming\GetRightToGo [2011.03.29 11:23:01 | 000,000,000 | ---D | C] -- C:\Users\Slick\Documents\Downloads [2011.03.29 11:14:40 | 000,000,000 | ---D | C] -- C:\OutputFolder [2011.03.29 11:13:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ultra QuickTime Converter [2011.03.29 11:07:44 | 000,000,000 | -HSD | C] -- C:\Users\Slick\AppData\Local\.# [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Users\Slick\AppData\Roaming\*.tmp files -> C:\Users\Slick\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.26 16:05:47 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 16:05:47 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 15:57:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.26 15:57:32 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys [2011.04.26 15:43:58 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.04.26 15:26:58 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.26 14:41:41 | 000,029,016 | ---- | M] () -- C:\Users\Slick\Desktop\screen_fr.png [2011.04.26 14:41:41 | 000,027,823 | ---- | M] () -- C:\Users\Slick\Desktop\screen_en.png [2011.04.25 18:08:29 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Slick\AppData\Roaming\AcroIEHelpe028.dll [2011.04.24 13:27:03 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011.04.24 13:25:46 | 000,011,954 | ---- | M] () -- C:\Windows\SysWow64\vsconfig.xml [2011.04.24 13:25:46 | 000,001,062 | ---- | M] () -- C:\Users\Slick\Desktop\ZoneAlarm Security.lnk [2011.04.24 01:42:50 | 001,512,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.24 01:42:50 | 000,659,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.24 01:42:50 | 000,620,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.24 01:42:50 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.24 01:42:50 | 000,108,332 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.23 18:58:52 | 002,851,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll [2011.04.23 18:58:50 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2011.04.23 14:53:49 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.23 11:54:09 | 000,004,096 | ---- | M] () -- C:\Users\Slick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.23 09:45:34 | 000,377,260 | ---- | M] () -- C:\Users\Slick\Desktop\Load.exe [2011.04.22 18:12:36 | 000,000,600 | ---- | M] () -- C:\Users\Slick\AppData\Roaming\winscp.rnd [2011.04.22 00:29:23 | 000,039,072 | ---- | M] () -- C:\Users\Slick\Desktop\dsc_1194pum2.jpg [2011.04.21 21:41:19 | 000,002,062 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.04.21 11:40:47 | 000,000,997 | ---- | M] () -- C:\Users\Slick\Desktop\Winamp.lnk [2011.04.14 18:14:11 | 004,979,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.12 23:14:11 | 000,000,000 | -H-- | M] () -- C:\Users\Slick\Documents\Default.rdp [2011.04.11 15:15:08 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.06 22:07:44 | 003,815,820 | ---- | M] () -- C:\Users\Slick\Desktop\Bolt from the blue EFX + EQ.mp3 [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Users\Slick\AppData\Roaming\*.tmp files -> C:\Users\Slick\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.26 15:43:58 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.04.26 15:26:58 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.26 15:26:58 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.26 14:41:35 | 000,029,016 | ---- | C] () -- C:\Users\Slick\Desktop\screen_fr.png [2011.04.26 14:41:13 | 000,027,823 | ---- | C] () -- C:\Users\Slick\Desktop\screen_en.png [2011.04.24 13:25:46 | 000,001,062 | ---- | C] () -- C:\Users\Slick\Desktop\ZoneAlarm Security.lnk [2011.04.23 14:53:49 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.23 09:45:29 | 000,377,260 | ---- | C] () -- C:\Users\Slick\Desktop\Load.exe [2011.04.22 00:28:22 | 000,039,072 | ---- | C] () -- C:\Users\Slick\Desktop\dsc_1194pum2.jpg [2011.04.21 21:41:19 | 000,002,062 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.04.21 11:40:47 | 000,000,997 | ---- | C] () -- C:\Users\Slick\Desktop\Winamp.lnk [2011.04.12 23:14:11 | 000,000,000 | -H-- | C] () -- C:\Users\Slick\Documents\Default.rdp [2011.04.11 15:15:08 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.06 22:05:58 | 003,815,820 | ---- | C] () -- C:\Users\Slick\Desktop\Bolt from the blue EFX + EQ.mp3 [2011.03.29 12:04:12 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\AI_ContextMenu.dll [2011.03.29 12:04:08 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax [2011.03.29 12:04:08 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax [2010.12.13 12:37:15 | 000,004,939 | ---- | C] () -- C:\ProgramData\cbkxtjjv.ukg [2010.11.22 18:37:23 | 000,000,600 | ---- | C] () -- C:\Users\Slick\AppData\Roaming\winscp.rnd [2010.11.19 14:39:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.14 15:21:28 | 000,004,096 | ---- | C] () -- C:\Users\Slick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.10 21:55:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.12.09 17:23:13 | 000,047,848 | RHS- | C] () -- C:\Users\Slick\AppData\Roaming\appconf32.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4DACEB9F < End of report > dazu kommt nun ein neues problem: mein firefox bringt mir immer BEX Fehler bzw App fehler und muss geschlossen werden, das selbe auch bei 7zip zudem habe ich mein system jetzt mit diversen programmen gescanned. darunter avira antivir, ad-aware windows defener malwarebytes usw usw dort wird nichts mehr gefunden... aber ich bin mir fast sicher noch einen störenfried draufzuhaben |
|
26.04.2011, 17:50
| #6 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | KeyLogger in Systray.exe stubZitat:
 Zitat:
 ...
__________________ --> KeyLogger in Systray.exe stub |
|
26.04.2011, 18:32
| #7 |
| | KeyLogger in Systray.exe stub das ja schön aber hilft mir ja leider nicht weiter... ist mein system denn nun sauber oder nicht? |
|
26.04.2011, 19:01
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | KeyLogger in Systray.exe stubZitat:
Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.04.2011, 19:09
| #9 |
| | KeyLogger in Systray.exe stub uhm ich verstehe jetzt nich wo das problem ist? mein windows is gekauft genauso wie adobe acrobat reader 9.2 ist in der adobe nun irgendwas drin ? |
|
26.04.2011, 19:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | KeyLogger in Systray.exe stub Den Reader muss man nicht kaufen, sowas allerdings schon: AdobeCS5 Oder hast du dafür hunderte bis Tausende Euro auf den Tisch gepackt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.04.2011, 20:01
| #11 |
| | KeyLogger in Systray.exe stub an der uni hab ich von einem wahlpflichtfach photoshop für einsteiger zb. den photoshop cs5 mit uni lizenz vom prof bekommen. sind das noch überbleibsel von der installation? |
|
27.04.2011, 09:32
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | KeyLogger in Systray.exe stub Sieht aber stark nach einer gecrackten Software aus, hat nichts mit Überbleibseln zu tun. CS5/CS4 ist ja noch installiert
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2011, 13:23
| #13 |
| | KeyLogger in Systray.exe stub also ich kann nur sagen wir haben damals eben photoshop von der prof. bekommen mit samt serien nummer und co. aber das hat sich ja eh erledigt ich bin grad am system neu aufsetzen -.- wenn ich festplatte formatiere bin ich ja alle schädlinge los? |
|
27.04.2011, 13:43
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | KeyLogger in Systray.exe stub Ja wenn man richtig neu aufsetzt, deswegen den Artikel zur Neuinstallation genau umsetzen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2011, 13:47
| #15 |
| | KeyLogger in Systray.exe stub kannst du denn noch sagen ob viel infiziertes vorhanden war? |
|
| Themen zu KeyLogger in Systray.exe stub |
| 64-bit, 7-zip, adobe, analysis, avira, c:\windows\system32\rundll32.exe, converter, defender, dll, eraser, error, excel, explorer, firewall, flash player, format, homepage, iexplore.exe, install.exe, internet, location, logfile, malware, microsoft office word, mozilla, notepad.exe, oldtimer, opera, photoshop, plug-in, recuva, registry, rundll, saver, security, shell32.dll, shortcut, software, spyware, spyware terminator, studio, syswow64, video converter, windows, wscript.exe |
Linear-Darstellung
