Trojaner WTR Loader

lapulga · 26.04.2011, 22:29

OTL Scan (wie im Forum beschrieben) beendet...
Ergebnis:

OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 26.04.2011 23:15:50 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Flo\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 46,18 Gb Free Space | 39,66% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 79,04 Gb Free Space | 74,09% Space Free | Partition Type: NTFS
 
Computer Name: FLOW | User Name: Flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Flo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\43310856.exe ()
PRC - C:\ProgramData\sFGtypQnwU.exe (WinTrust)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\Common Files\AccSys\AccVSSvc.exe (AccSys GmbH)
PRC - C:\Windows\System32\WerFault.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe ()
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\P4P\P4P.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Flo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (LiveUpdate Notice) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe ()
SRV - (accvssvc) -- C:\Program Files\Common Files\AccSys\AccVSSvc.exe (AccSys GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20081220.001\IDSvix86.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (CO_Mon) -- C:\Windows\System32\drivers\CO_Mon.sys (Symantec Corporation)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (JGOGO) -- C:\Windows\system32\DRIVERS\JGOGO.sys (JMicron )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.spiegel.de"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2009.7.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port: 0
FF - user.js..network.proxy.ssl: ""
FF - user.js..network.proxy.ssl_port: 0
FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.socks: ""
FF - user.js..network.proxy.socks_port: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 19:01:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 19:01:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.07.01 18:06:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.12.16 19:46:55 | 000,000,000 | ---D | M]
 
[2008.09.28 21:03:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Flo\AppData\Roaming\mozilla\Extensions
[2011.02.26 23:04:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\f4jdg38m.default\extensions
[2010.11.17 23:45:42 | 000,000,000 | -H-D | M] (Winload Toolbar) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\f4jdg38m.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.02.26 23:04:11 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\f4jdg38m.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.13 01:01:14 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\f4jdg38m.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.11.17 23:45:40 | 000,000,000 | -H-D | M] (Mein Gutscheincode Finder) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\f4jdg38m.default\extensions\finder@meingutscheincode.de
[2009.04.03 21:17:52 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\f4jdg38m.default\extensions\moveplayer@movenetworks.com
[2010.11.23 22:26:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\f4jdg38m.default\extensions\staged-xpis
[2011.02.01 14:41:05 | 000,000,000 | -H-D | M] (@@toolbarname@@) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\f4jdg38m.default\extensions\toolbar@ask.com
[2010.11.27 16:31:43 | 000,000,000 | -H-D | M] (vShare) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\f4jdg38m.default\extensions\vshare@toolbar
[2011.01.04 18:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.07.31 15:26:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.11.18 00:43:19 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2010.04.28 16:32:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.25 20:56:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.01.04 18:04:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.24 19:01:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.24 19:01:35 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.24 19:01:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.24 19:01:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.24 19:01:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - C:\Users\Flo\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\Flo\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\Flo\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\P4P\P4P.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [sFGtypQnwU] C:\ProgramData\sFGtypQnwU.exe (WinTrust)
O4 - Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate 2GHJVGXD Registrierungen.lnk = C:\Users\Flo\AppData\Roaming\Leadertech\PowerRegister\Seagate 2GHJVGXD Registrierungen.exe (Leader Technologies/Seagate)
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Flo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Flo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{227f6470-ca4d-11de-9709-001f3c8c71be}\Shell - "" = AutoRun
O33 - MountPoints2\{227f6470-ca4d-11de-9709-001f3c8c71be}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{227f6480-ca4d-11de-9709-002215542609}\Shell - "" = AutoRun
O33 - MountPoints2\{227f6480-ca4d-11de-9709-002215542609}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{227f6482-ca4d-11de-9709-002215542609}\Shell - "" = AutoRun
O33 - MountPoints2\{227f6482-ca4d-11de-9709-002215542609}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{237c363a-55d0-11dd-aea0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{237c363a-55d0-11dd-aea0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{4f4b83db-6887-11de-93a3-002215542609}\Shell - "" = AutoRun
O33 - MountPoints2\{4f4b83db-6887-11de-93a3-002215542609}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{60d533ad-d68c-11de-bc1f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{60d533ad-d68c-11de-bc1f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7fd28f86-147b-11de-bca9-001f3c8c71be}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe BA6US1D.vbs
O33 - MountPoints2\{8ef3c950-ca3b-11de-9543-001f3c8c71be}\Shell - "" = AutoRun
O33 - MountPoints2\{8ef3c950-ca3b-11de-9543-001f3c8c71be}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a9dc1469-c973-11de-9098-001f3c8c71be}\Shell - "" = AutoRun
O33 - MountPoints2\{a9dc1469-c973-11de-9098-001f3c8c71be}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a9dc1482-c973-11de-9098-001f3c8c71be}\Shell - "" = AutoRun
O33 - MountPoints2\{a9dc1482-c973-11de-9098-001f3c8c71be}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf5e7edf-94c6-11df-a37b-002215542609}\Shell\AutoRun\command - "" = F:\installer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.26 23:14:33 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe
[2011.04.26 19:26:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\ATI
[2011.04.26 19:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011.04.26 19:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.04.26 19:12:03 | 000,000,000 | -H-D | C] -- C:\ATI
[2011.04.26 19:07:16 | 000,000,000 | -H-D | C] -- C:\AMD
[2011.04.26 18:06:59 | 000,000,000 | -H-D | C] -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.26 17:57:52 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\sFGtypQnwU.exe
[2011.04.14 15:56:17 | 000,000,000 | -H-D | C] -- C:\Users\Flo\Desktop\Persönliche Finanzplanung
[2011.04.14 15:38:23 | 000,000,000 | -H-D | C] -- C:\Users\Flo\Desktop\Geldanlage - May
[2011.04.14 15:20:46 | 000,000,000 | -H-D | C] -- C:\Users\Flo\Desktop\Ganzheitliche Finanzplanung
[2007.01.24 12:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.26 23:14:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe
[2011.04.26 23:06:53 | 005,704,258 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.26 23:06:52 | 016,888,732 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.26 23:06:52 | 005,019,226 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.26 23:06:51 | 005,546,124 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.26 23:03:02 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.26 23:00:53 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.04.26 23:00:36 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.26 23:00:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 23:00:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 23:00:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.26 23:00:15 | 3220,430,848 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.26 19:33:02 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.26 18:11:43 | 000,000,392 | -H-- | M] () -- C:\ProgramData\43310856
[2011.04.26 18:07:02 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~43310856r
[2011.04.26 18:07:02 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~43310856
[2011.04.26 18:06:59 | 000,000,590 | -H-- | M] () -- C:\Users\Flo\Desktop\Windows Recovery.lnk
[2011.04.26 18:06:55 | 000,487,424 | -H-- | M] () -- C:\ProgramData\43310856.exe
[2011.04.26 17:57:51 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\sFGtypQnwU.exe
[2011.04.26 02:00:52 | 000,032,256 | -H-- | M] () -- C:\Users\Flo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.25 20:00:12 | 000,000,578 | -H-- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - Flo.job
[2011.04.23 20:36:18 | 000,014,359 | -H-- | M] () -- C:\Users\Flo\Desktop\Die Immobilie als Zentrales Element der privaten Altersvorsorge - 23.04.2011.odt
[2011.04.23 18:15:44 | 000,017,408 | -H-- | M] () -- C:\Users\Flo\AppData\Local\WebpageIcons.db
[2011.04.22 11:28:04 | 000,096,818 | -H-- | M] () -- C:\Users\Flo\Desktop\Rentenanleihen legen biederes Image ab _ FTD.de.pdf
[2011.04.20 11:36:09 | 000,072,192 | -H-- | M] () -- C:\Users\Flo\Desktop\Anmeldung DA.odt
[2011.04.20 11:34:56 | 001,809,174 | -H-- | M] () -- C:\Users\Flo\Desktop\CIMG3725.JPG
[2011.04.20 11:34:32 | 002,046,393 | -H-- | M] () -- C:\Users\Flo\Desktop\CIMG3704.JPG
[2011.04.20 11:34:19 | 001,477,575 | -H-- | M] () -- C:\Users\Flo\Desktop\CIMG3670.JPG
[2011.04.20 09:40:27 | 000,009,947 | -H-- | M] () -- C:\Users\Flo\Desktop\Alien & Dada.jpg
[2011.04.20 09:40:16 | 000,008,527 | -H-- | M] () -- C:\Users\Flo\Desktop\Alien.jpg
[2011.04.19 21:20:20 | 000,001,085 | -H-- | M] () -- C:\Users\Flo\Desktop\YouTube.lnk
[2011.04.14 16:09:21 | 000,076,383 | -H-- | M] () -- C:\Users\Flo\Desktop\Druckversion - Überweisungsfehler_ 1,5 Millionen Sparer müssen Riester-Zulage zurückzahlen - SPIEGEL ONLINE - Nachrichten - Wir.pdf
[2011.04.14 16:09:02 | 000,104,442 | -H-- | M] () -- C:\Users\Flo\Desktop\Berlin rollt Millionen Riester-Verträge auf _ FTD.de.pdf
[2011.04.14 15:53:40 | 000,044,885 | -H-- | M] () -- C:\Users\Flo\Desktop\Bücher Ansi.pdf
[2011.04.08 18:16:42 | 000,038,350 | -H-- | M] () -- C:\Users\Flo\Desktop\Die Immobilie als Zentrales Element der privaten Altersvorsorge - Text - 08.04.2011.odt
 
========== Files Created - No Company Name ==========
 
[2011.04.26 19:44:18 | 3220,430,848 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.26 18:07:02 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~43310856r
[2011.04.26 18:07:02 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~43310856
[2011.04.26 18:06:59 | 000,000,590 | -H-- | C] () -- C:\Users\Flo\Desktop\Windows Recovery.lnk
[2011.04.26 18:06:57 | 000,000,392 | -H-- | C] () -- C:\ProgramData\43310856
[2011.04.26 18:06:55 | 000,487,424 | -H-- | C] () -- C:\ProgramData\43310856.exe
[2011.04.23 18:47:57 | 000,014,359 | -H-- | C] () -- C:\Users\Flo\Desktop\Die Immobilie als Zentrales Element der privaten Altersvorsorge - 23.04.2011.odt
[2011.04.22 11:28:02 | 000,096,818 | -H-- | C] () -- C:\Users\Flo\Desktop\Rentenanleihen legen biederes Image ab _ FTD.de.pdf
[2011.04.20 11:34:48 | 001,809,174 | -H-- | C] () -- C:\Users\Flo\Desktop\CIMG3725.JPG
[2011.04.20 11:34:26 | 002,046,393 | -H-- | C] () -- C:\Users\Flo\Desktop\CIMG3704.JPG
[2011.04.20 11:34:15 | 001,477,575 | -H-- | C] () -- C:\Users\Flo\Desktop\CIMG3670.JPG
[2011.04.20 09:40:27 | 000,009,947 | -H-- | C] () -- C:\Users\Flo\Desktop\Alien & Dada.jpg
[2011.04.20 09:40:15 | 000,008,527 | -H-- | C] () -- C:\Users\Flo\Desktop\Alien.jpg
[2011.04.19 21:20:20 | 000,001,085 | -H-- | C] () -- C:\Users\Flo\Desktop\YouTube.lnk
[2011.04.18 20:32:13 | 000,072,192 | -H-- | C] () -- C:\Users\Flo\Desktop\Anmeldung DA.odt
[2011.04.14 16:09:20 | 000,076,383 | -H-- | C] () -- C:\Users\Flo\Desktop\Druckversion - Überweisungsfehler_ 1,5 Millionen Sparer müssen Riester-Zulage zurückzahlen - SPIEGEL ONLINE - Nachrichten - Wir.pdf
[2011.04.14 16:09:01 | 000,104,442 | -H-- | C] () -- C:\Users\Flo\Desktop\Berlin rollt Millionen Riester-Verträge auf _ FTD.de.pdf
[2011.04.14 15:53:39 | 000,044,885 | -H-- | C] () -- C:\Users\Flo\Desktop\Bücher Ansi.pdf
[2011.04.08 16:34:34 | 000,038,350 | -H-- | C] () -- C:\Users\Flo\Desktop\Die Immobilie als Zentrales Element der privaten Altersvorsorge - Text - 08.04.2011.odt
[2011.03.21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.03.09 06:16:24 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.03.06 11:56:20 | 000,017,408 | -H-- | C] () -- C:\Users\Flo\AppData\Local\WebpageIcons.db
[2011.02.20 20:47:30 | 000,285,216 | ---- | C] () -- C:\Windows\System32\drivers\Onsio.sys
[2011.02.20 20:47:30 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Onsreged.sys
[2011.02.02 00:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.01.13 05:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.02.13 17:22:33 | 000,056,832 | ---- | C] () -- C:\Windows\System32\IYVU9_32.DLL
[2010.02.13 17:21:57 | 000,000,061 | ---- | C] () -- C:\Windows\ENations.ini
[2009.12.05 13:29:39 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.07.09 20:11:20 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.07.01 18:06:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.01.14 21:30:44 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2008.10.02 19:18:12 | 000,000,680 | -H-- | C] () -- C:\Users\Flo\AppData\Local\d3d9caps.dat
[2008.09.28 20:17:24 | 000,000,084 | -H-- | C] () -- C:\ProgramData\aspg.dat
[2008.09.28 20:12:11 | 000,032,256 | -H-- | C] () -- C:\Users\Flo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.28 19:27:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008.07.20 00:02:51 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe
[2008.07.20 00:02:48 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008.07.20 00:02:37 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2008.07.19 23:54:59 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ChkMail.ini
[2008.07.19 22:33:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.04.16 13:11:34 | 016,888,732 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 13:11:34 | 005,546,124 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 13:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 13:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.01.21 04:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2007.12.20 15:33:43 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.10.01 08:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.08.06 11:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2007.05.09 09:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,388,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 005,704,258 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 005,019,226 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7D43E156
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34
 
< End of report >

--- --- ---

Extras:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 26.04.2011 23:15:50 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Flo\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 46,18 Gb Free Space | 39,66% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 79,04 Gb Free Space | 74,09% Space Free | Partition Type: NTFS
 
Computer Name: FLOW | User Name: Flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AC67851-7A98-4213-B657-1B9058C82B1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3DA3596B-17CF-48F5-9357-16ED05914514}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B2B4B23B-7923-443E-8CC5-86FED6E442FE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2895148B-533D-42BE-999C-2818479C48D9}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{3B6958CD-841D-4AE5-A62B-A7B58A2E14AE}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{82B8372A-E895-4D38-982D-738B1AF77ADF}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{8FA30181-49D2-4C67-898E-960E8E63FC40}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{AD3AD9FF-201C-4357-A3B1-36C227B75E56}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{C4363F92-C085-4F01-8C61-B56E5380D63E}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{DAC6FEEB-618E-4BE0-92A1-08178A350E34}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{E724C133-A966-4582-9A44-BAFCC4EC4A4A}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"TCP Query User{52188EB5-3FD0-4B2E-B821-B740D3A63965}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{63B1C286-D27F-412C-88A1-DC3C278DE414}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0AED91F6-7353-4852-AA6A-BBA38A9C0B6F}" = DSL Connection Manager
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2396F815-84E0-4353-83D7-8B190556DA42}" = ASUS CopyProtect
"{23A3F575-7C13-4E99-A4EF-F4751BA6AFE6}" = SymNet
"{25E6D9E3-3CA4-D2CF-6F18-9A08C4FF2885}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{37AB6736-3C58-B2AD-9232-BBCF074F9A9C}" = Catalyst Control Center
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FE61132-076C-4E13-BE57-B61A87EA07CA}" = DSL Connection Manager
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BCDD54-0B5A-8C86-4E7E-A16F3CE60B81}" = Catalyst Control Center Localization All
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8D261060-84D3-FCF3-177D-969A30DB7FAA}" = Catalyst Control Center InstallProxy
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AECB358B-9B7C-4F7D-BC18-7711FF3AFA87}" = Symantec Real Time Storage Protection Component
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BC1E438B-1292-C544-D333-6D9E7D9D8726}" = ATI Catalyst Install Manager
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C42AA487-8DB6-EEDF-0DA5-27B2B710671E}" = Catalyst Control Center Graphics Previews Common
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Nur Web
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E3E77710-D43D-79AD-8701-45A498760A9F}" = ccc-utility
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2EFF310ED3BF3BFB24E6CC25AEB5491813E56803" = Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (06/20/2007 5.0.0004.2)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Citavi" = Citavi 2.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"FotoWorks XL_is1" = FotoWorks XL
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Updater" = Google Updater
"KOMPASS Digital Map Deutsche Alpen_is1" = KOMPASS Digital Map Deutsche Alpen
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"OpenTTD" = OpenTTD 1.0.0
"PROHYBRIDR" = 2007 Microsoft Office system
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"S7FOY07-FPDEMO_is1" = Indiana Jones and the Fountain of Youth Demo
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBSB03968.TBSB03968Toolbar" = Toolbar fuer eBay
"Uninstall_is1" = Uninstall 1.0.0.1
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"Video mp3 Extractor_is1" = Video mp3 Extractor 1.2
"VLC media player" = VLC media player 1.0.3
"vShare" = vShare Plugin
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR archiver
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

Bin neu hier und tierisch verwirrt...

THX

markusg · 27.04.2011, 09:58

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
PRC - C:\ProgramData\43310856.exe ()
PRC - C:\ProgramData\sFGtypQnwU.exe (WinTrust)
O4 - HKCU..\Run: [sFGtypQnwU] C:\ProgramData\sFGtypQnwU.exe (WinTrust)
O33 - MountPoints2\{7fd28f86-147b-11de-bca9-001f3c8c71be}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe
BA6US1D.vbs
[2011.04.26 18:06:59 | 000,000,000 | -H-D | C] -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.26 18:11:43 | 000,000,392 | -H-- | M] () -- C:\ProgramData\43310856
[2011.04.26 18:07:02 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~43310856r
[2011.04.26 18:07:02 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~43310856
[2011.04.26 18:06:59 | 000,000,590 | -H-- | M] () -- C:\Users\Flo\Desktop\Windows Recovery.lnk
[2011.04.26 18:06:55 | 000,487,424 | -H-- | M] () -- C:\ProgramData\43310856.exe
[2011.04.26 17:57:51 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\sFGtypQnwU.exe

:Files
C:\ProgramData\sFGtypQnwU.exe
C:\ProgramData\43310856.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

lade unhide:
http://www.trojaner-board.de/54791-a...ner-board.html

lapulga · 27.04.2011, 16:43

Okay, Neustart...

All processes killed
========== OTL ==========
No active process named 43310856.exe was found!
No active process named sFGtypQnwU.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\sFGtypQnwU deleted successfully.
C:\ProgramData\sFGtypQnwU.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fd28f86-147b-11de-bca9-001f3c8c71be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fd28f86-147b-11de-bca9-001f3c8c71be}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe not found.
C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery folder moved successfully.
C:\ProgramData\43310856 moved successfully.
C:\ProgramData\~43310856r moved successfully.
C:\ProgramData\~43310856 moved successfully.
C:\Users\Flo\Desktop\Windows Recovery.lnk moved successfully.
C:\ProgramData\43310856.exe moved successfully.
File C:\ProgramData\sFGtypQnwU.exe not found.
========== FILES ==========
File\Folder C:\ProgramData\sFGtypQnwU.exe not found.
File\Folder C:\ProgramData\43310856.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Flo
->Flash cache emptied: 531 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Flo
->Temp folder emptied: 40798 bytes
->Temporary Internet Files folder emptied: 389685 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 21900603 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30480 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 21,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04272011_173149

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

markusg · 27.04.2011, 16:46

ok unhide, dann upload

lapulga · 27.04.2011, 16:50

die .rar Datei uploaden?!

markusg · 27.04.2011, 16:55

ja sicher, steht doch da wies geht :-)

lapulga · 27.04.2011, 16:56

Nochmal Danke Danke Danke

lapulga · 27.04.2011, 16:57

Du hast mir echt den Arsch gerettet

markusg · 27.04.2011, 16:58

noch nicht fertig.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

lapulga · 27.04.2011, 19:32

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-04-26.05 - Flo 27.04.2011  19:47:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3070.1935 [GMT 2:00]
ausgeführt von:: c:\users\Flo\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Flo\AppData\Roaming\Desktopicon
c:\users\Flo\AppData\Roaming\Desktopicon\config.ini
c:\users\Flo\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert 
Kopie von - Kitty had a snack :p wurde wiederhergestellt 
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-27 bis 2011-04-27  ))))))))))))))))))))))))))))))
.
.
2011-04-27 18:09 . 2011-04-27 18:19	--------	d-----w-	c:\users\Flo\AppData\Local\temp
2011-04-27 18:09 . 2011-04-27 18:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-27 16:42 . 2011-04-27 16:42	--------	d-----w-	c:\users\Flo\AppData\Roaming\AVG10
2011-04-27 16:20 . 2011-04-27 16:20	--------	d--h--w-	c:\programdata\Common Files
2011-04-27 16:18 . 2011-04-27 17:14	--------	d-----w-	c:\programdata\AVG10
2011-04-27 16:17 . 2011-04-27 16:17	--------	d-----w-	c:\program files\AVG
2011-04-27 16:05 . 2011-04-27 17:12	--------	d-----w-	c:\programdata\MFAData
2011-04-27 15:31 . 2011-04-27 15:44	--------	d-----w-	C:\_OTL
2011-04-26 17:26 . 2011-04-26 17:26	--------	d-----w-	c:\programdata\ATI
2011-04-26 17:17 . 2011-04-26 17:17	--------	d-----w-	c:\program files\AMD APP
2011-04-26 17:12 . 2011-04-26 17:12	--------	d-----w-	C:\ATI
2011-04-26 17:07 . 2011-04-26 17:07	--------	d-----w-	C:\AMD
2011-04-20 23:18 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{297C48CE-A701-49E0-BEF9-932EEC880C63}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-27 18:19 . 2008-09-28 17:27	45056	----a-w-	c:\windows\system32\acovcnt.exe
2011-03-21 17:56 . 2011-03-21 17:56	59904	----a-w-	c:\windows\system32\OVDecode.dll
2011-03-21 17:56 . 2011-03-21 17:56	51712	----a-w-	c:\windows\system32\OpenCL.dll
2011-03-21 17:55 . 2011-03-21 17:55	12385792	----a-w-	c:\windows\system32\amdocl.dll
2011-03-09 09:21 . 2011-03-09 09:21	7723008	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2011-03-09 05:19 . 2011-03-09 05:19	17397248	----a-w-	c:\windows\system32\atioglxx.dll
2011-03-09 04:57 . 2011-03-09 04:57	143360	----a-w-	c:\windows\system32\atiapfxx.exe
2011-03-09 04:56 . 2011-03-09 04:56	679424	----a-w-	c:\windows\system32\aticfx32.dll
2011-03-09 04:53 . 2011-03-09 04:53	462848	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-03-09 04:53 . 2011-03-09 04:53	393216	----a-w-	c:\windows\system32\atieclxx.exe
2011-03-09 04:52 . 2011-03-09 04:52	176128	----a-w-	c:\windows\system32\atiesrxx.exe
2011-03-09 04:51 . 2007-12-20 14:02	159744	----a-w-	c:\windows\system32\atitmmxx.dll
2011-03-09 04:51 . 2007-12-20 14:02	356352	----a-w-	c:\windows\system32\atipdlxx.dll
2011-03-09 04:51 . 2011-03-09 04:51	278528	----a-w-	c:\windows\system32\Oemdspif.dll
2011-03-09 04:51 . 2011-03-09 04:51	15872	----a-w-	c:\windows\system32\atimuixx.dll
2011-03-09 04:51 . 2007-12-20 14:01	43520	----a-w-	c:\windows\system32\ati2edxx.dll
2011-03-09 04:48 . 2011-03-09 04:48	4277760	----a-w-	c:\windows\system32\atidxx32.dll
2011-03-09 04:34 . 2011-03-09 04:34	46080	----a-w-	c:\windows\system32\aticalrt.dll
2011-03-09 04:34 . 2011-03-09 04:34	44032	----a-w-	c:\windows\system32\aticalcl.dll
2011-03-09 04:32 . 2011-03-09 04:32	5618688	----a-w-	c:\windows\system32\aticaldd.dll
2011-03-09 04:30 . 2007-12-20 13:48	4294656	----a-w-	c:\windows\system32\atiumdag.dll
2011-03-09 04:18 . 2011-03-09 04:18	258048	----a-w-	c:\windows\system32\atiadlxx.dll
2011-03-09 04:17 . 2011-03-09 04:17	12800	----a-w-	c:\windows\system32\atiglpxx.dll
2011-03-09 04:17 . 2011-03-09 04:17	32768	----a-w-	c:\windows\system32\atigktxx.dll
2011-03-09 04:17 . 2011-03-09 04:17	239616	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2011-03-09 04:17 . 2011-03-09 04:17	31232	----a-w-	c:\windows\system32\atiuxpag.dll
2011-03-09 04:16 . 2011-03-09 04:16	28672	----a-w-	c:\windows\system32\atiu9pag.dll
2011-03-09 04:16 . 2011-03-09 04:16	23040	----a-w-	c:\windows\system32\atitmpxx.dll
2011-03-09 04:16 . 2011-03-09 04:16	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-03-09 04:11 . 2011-03-09 04:11	52736	----a-w-	c:\windows\system32\coinst.dll
2011-03-09 03:42 . 2011-03-09 03:42	1912832	----a-w-	c:\windows\system32\atiumdmv.dll
2011-03-09 03:34 . 2007-12-20 13:34	3471872	----a-w-	c:\windows\system32\atiumdva.dll
2011-03-09 03:18 . 2011-03-09 03:18	52736	----a-w-	c:\windows\system32\atimpc32.dll
2011-03-09 03:18 . 2011-03-09 03:18	52736	----a-w-	c:\windows\system32\amdpcom32.dll
2011-02-02 16:11 . 2011-01-04 16:02	222080	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 14:45	2355224	----a-w-	c:\program files\Winload\tbWinl.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-21 11:17	1233288	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-07-19 33136]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-07-19 37232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
.
c:\users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Seagate 2GHJVGXD Registrierungen.lnk - c:\users\Flo\AppData\Roaming\Leadertech\PowerRegister\Seagate 2GHJVGXD Registrierungen.exe [2009-10-29 1731736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microtek Scanner Finder.lnk - c:\program files\Microtek\ScanWizard 5\ScannerFinder.exe [2011-2-20 356352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 133104]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-17 99376]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 133104]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2007-09-26 15416]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081220.001\IDSvix86.sys [2008-09-12 270384]
S2 accvssvc;AccSys WLAN Control Service;c:\program files\Common Files\AccSys\AccVSSvc.exe [2008-04-08 136760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-06-20 49664]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-06 19:57]
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 19:58]
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 19:58]
.
2011-04-25 c:\windows\Tasks\Norton Internet Security - Systemprüfung ausführen - Flo.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 17:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\f4jdg38m.default\
FF - prefs.js: browser.startup.homepage - SPIEGEL ONLINE - Nachrichten
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Citavi Picker: {8AA36F4F-6DC7-4c06-77AF-5035170634FE} - c:\program files\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - user.js: network.proxy.http - 
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl - 
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.socks - 
FF - user.js: network.proxy.socks_port - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-DVD Shrink_is1 - d:\neuer ordner\shrink\DVD Shrink\unins000.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3752)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\windows\system32\conime.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-27  20:24:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-27 18:23
.
Vor Suchlauf: 14 Verzeichnis(se), 63.690.481.664 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 62.411.329.536 Bytes frei
.
- - End Of File - - 85772BC5B2D55EA47F6622878D60603B

--- --- ---

markusg · 27.04.2011, 19:33

machst du onlinebanking einkäufe oder sonst was wichtiges mit dem pc

lapulga · 28.04.2011, 09:18

Nicht häufig, aber hin und wieder ja. Am wichtigsten ist gerade die Diplomarbeit die ich mit dem PC tippe...

markusg · 28.04.2011, 09:22

also, die arbeit kannst du zu ende schreiben, aber der pc muss neu aufgesetzt werden, wir können aufgrund der malware auf diesem pc, nicht dafür garantieren das wir ihn sauber bekommen, dies heißt er muss neu aufgesetzt werden.
ich zeige dir, falls erwünscht, wie man das system richtig absichert nach neu aufsetzen

lapulga · 28.04.2011, 09:55

Klingt sehr sinnvoll, allerdings habe ich gerade keine Installations-CD bei der Hand. Bis zur Neu-Installation sollte ich am besten keine Online-Banking bzw. Bestellungen machen, oder?!

markusg · 28.04.2011, 09:59

richtig, und jedes an diesem pc eingegebene passwort muss erneuert werden.
wie gesagt zum arbeit schreiben ok, dann aber muss neu gemacht werden
ich werde dir auch eine backup strategie mit auf den weg geben, bei dieser kannst du, wenn regelmäßig ausgeführt, innerhalb von 5 minuten dein system sauber mit wenig daten verlusst zurück setzen.

27.04.2011, 16:46	#4
markusg /// Malware-holic	Trojaner WTR Loader ok unhide, dann upload __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

27.04.2011, 16:55	#6
markusg /// Malware-holic	Trojaner WTR Loader ja sicher, steht doch da wies geht :-) __________________ --> Trojaner WTR Loader

27.04.2011, 19:33	#11
markusg /// Malware-holic	Trojaner WTR Loader machst du onlinebanking einkäufe oder sonst was wichtiges mit dem pc __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Trojaner WTR Loader

Log-Analyse und Auswertung: Trojaner WTR Loader