|
Log-Analyse und Auswertung: Rescue Disk stürzt ab; PC langsamerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.05.2011, 10:58 | #1 |
| Rescue Disk stürzt ab; PC langsamer Hallo zusammen, mein PC braucht seit ich eine fragwürdige exe-datei ausgeführt habe etwas langsamer bzw. lädt manchmal lange, teilweise setzt das internet auch aus, zumindest für eine weile. zur Sicherheit wollte ich nun eine Rescue-disk ausführen. Allerdings schaltet er sich immer nach einer Weile aus, bevor das Programm zu Ende gescannt hat. Ich habe AntiVir Rescue System und kaspersky rescue Disk 10 benutzt. Im Internet fand ich nur, dass ich mich an das board hier wenden soll. Könnt ihr mir weiterhelfen? OTL logfile created on: 08.05.2011 11:36:14 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Braso\Downloads 64bit-Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 372,60 Gb Total Space | 5,49 Gb Free Space | 1,47% Space Free | Partition Type: NTFS Computer Name: ULTIMATIVE | User Name: Braso | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Braso\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Join Air\UIExec.exe () PRC - C:\Program Files (x86)\Join Air\AssistantServices.exe () PRC - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH) PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Neuer Ordner (2)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) PRC - C:\Programme\Neuer Ordner (2)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Neuer Ordner (2)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\CloneCD\CloneCDTray.exe (SlySoft, Inc.) PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) ========== Modules (SafeList) ========== MOD - C:\Users\Braso\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\guard32.dll (COMODO) ========== Win32 Services (SafeList) ========== SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe () SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\atiesrxx.exe () SRV:64bit: - (cmdAgent) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO) SRV:64bit: - (AntiVirService) -- C:\Program Files\Neuer Ordner (2)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll () SRV:64bit: - (AntiVirSchedulerService) -- C:\Program Files\Neuer Ordner (2)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV:64bit: - (dtpd) -- C:\Program Files\VPN Client\dtpd.exe () SRV:64bit: - (iked) -- C:\Program Files\VPN Client\iked.exe () SRV:64bit: - (ipsecd) -- C:\Program Files\VPN Client\ipsecd.exe () SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe () SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll () SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (UI Assistant Service) -- C:\Program Files (x86)\Join Air\AssistantServices.exe () SRV - (a2AntiMalware) -- C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH) SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (EvtEng) -- C:\Programme\Treiber\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys () DRV:64bit: - (vpnva) -- C:\Windows\SysNative\DRIVERS\vpnva64.sys () DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\DRIVERS\ZTEusbser6k.sys () DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\DRIVERS\ZTEusbnmea.sys () DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\DRIVERS\ZTEusbmdm6k.sys () DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys () DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys () DRV:64bit: - (FPSensor) LTT-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\SysNative\Drivers\FPSensor.sys () DRV:64bit: - (aksdf) -- C:\Windows\SysNative\DRIVERS\aksdf.sys () DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys () DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys () DRV:64bit: - (akshasp) -- C:\Windows\SysNative\DRIVERS\akshasp.sys () DRV:64bit: - (aksusb) -- C:\Windows\SysNative\DRIVERS\aksusb.sys () DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys () DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys () DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys () DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys () DRV:64bit: - (vflt) -- C:\Windows\SysNative\DRIVERS\vfilter.sys () DRV:64bit: - (vnet) -- C:\Windows\SysNative\DRIVERS\virtualnet.sys () DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys () DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys () DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys () DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys () DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys () DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys () DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys () DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys () DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys () DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys () DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV:64bit: - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfvfs02.sys () DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys () DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys () DRV - (Haspnt) -- C:\Windows\SysWOW64\drivers\Haspnt.sys (Aladdin Knowledge Systems) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () DRV - (hotcore3) -- C:\Windows\SysWOW64\drivers\hotcore3.sys (Paragon Software Group) DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "DAEMON Search" FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:defficial" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.07 12:26:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.07 12:26:25 | 000,000,000 | ---D | M] [2009.09.02 14:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Braso\AppData\Roaming\mozilla\Extensions [2011.05.07 14:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Braso\AppData\Roaming\mozilla\Firefox\Profiles\pi3hknej.default\extensions [2010.11.06 03:26:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Braso\AppData\Roaming\mozilla\Firefox\Profiles\pi3hknej.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.07.01 15:19:32 | 000,000,894 | ---- | M] () -- C:\Users\Braso\AppData\Roaming\Mozilla\Firefox\Profiles\pi3hknej.default\searchplugins\conduit.xml [2009.11.06 18:10:09 | 000,002,059 | ---- | M] () -- C:\Users\Braso\AppData\Roaming\Mozilla\Firefox\Profiles\pi3hknej.default\searchplugins\daemon-search.xml [2011.05.04 16:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.05.28 16:25:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.23 19:28:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.01.10 12:51:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\BRASO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PI3HKNEJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.05.07 12:26:18 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll [2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011.05.07 12:26:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.07 12:26:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.05.07 12:26:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.05.07 12:26:21 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.07 12:26:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.07 12:26:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AdiCash Toolbar) - {85223548-4D57-4A3B-896B-145985F681C6} - C:\Program Files (x86)\AdiCash\Toolbar.dll (AdiCash GmbH) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (AdiCash Toolbar) - {BB9540F0-94B9-4fe8-A2E1-DE3A506ECD4B} - C:\Program Files (x86)\AdiCash\Toolbar.dll (AdiCash GmbH) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (AdiCash Toolbar) - {6AA99CB6-74AF-4136-A6C6-C64C95333249} - C:\Program Files (x86)\AdiCash\Toolbar.dll (AdiCash GmbH) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Acrobat Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Neuer Ordner (2)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe () O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [VitaKeyPdtWzd] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M] O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Treiber\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Treiber\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Treiber\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Treiber\btsendto_ie.htm () O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Treiber\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Treiber\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Treiber\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Treiber\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll () O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Braso\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Braso\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0d92fd67-b585-11de-a2da-00242cda0894}\Shell - "" = AutoRun O33 - MountPoints2\{0d92fd67-b585-11de-a2da-00242cda0894}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{0fc5802a-142d-11e0-921b-00242cda0894}\Shell - "" = AutoRun O33 - MountPoints2\{0fc5802a-142d-11e0-921b-00242cda0894}\Shell\AutoRun\command - "" = E:\Install.exe O33 - MountPoints2\{369c3db3-08d1-11df-8141-00242cda0894}\Shell\Autoplay\command - "" = usb_driver.exe O33 - MountPoints2\{369c3db3-08d1-11df-8141-00242cda0894}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_driver.exe O33 - MountPoints2\{369c3db3-08d1-11df-8141-00242cda0894}\Shell\explore\Command - "" = usb_driver.exe O33 - MountPoints2\{369c3db3-08d1-11df-8141-00242cda0894}\Shell\Open\Command - "" = usb_driver.exe O33 - MountPoints2\{5d992efa-2904-11df-baaa-00242cda0894}\Shell\Autoplay\command - "" = kingston.exe O33 - MountPoints2\{5d992efa-2904-11df-baaa-00242cda0894}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL kingston.exe O33 - MountPoints2\{5d992efa-2904-11df-baaa-00242cda0894}\Shell\explore\Command - "" = kingston.exe O33 - MountPoints2\{5d992efa-2904-11df-baaa-00242cda0894}\Shell\Open\Command - "" = kingston.exe O33 - MountPoints2\{93f2897b-b586-11de-8f63-00242cda0894}\Shell - "" = AutoRun O33 - MountPoints2\{93f2897b-b586-11de-8f63-00242cda0894}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{ce07733a-7b87-11df-a8a8-00242cda0894}\Shell\Autoplay\command - "" = E:\usb_tools.exe O33 - MountPoints2\{ce07733a-7b87-11df-a8a8-00242cda0894}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\usb_tools.exe O33 - MountPoints2\{ce07733a-7b87-11df-a8a8-00242cda0894}\Shell\explore\Command - "" = E:\usb_tools.exe O33 - MountPoints2\{ce07733a-7b87-11df-a8a8-00242cda0894}\Shell\Open\Command - "" = E:\usb_tools.exe O33 - MountPoints2\{dc6445c6-67f4-11df-a8cf-00242cda0894}\Shell\Autoplay\command - "" = E:\kingston.exe O33 - MountPoints2\{dc6445c6-67f4-11df-a8cf-00242cda0894}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\kingston.exe O33 - MountPoints2\{dc6445c6-67f4-11df-a8cf-00242cda0894}\Shell\explore\Command - "" = E:\kingston.exe O33 - MountPoints2\{dc6445c6-67f4-11df-a8cf-00242cda0894}\Shell\Open\Command - "" = E:\kingston.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.07 17:02:31 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2011.05.04 23:36:17 | 000,000,000 | ---D | C] -- C:\Users\Braso\AppData\Roaming\R-TT [2011.05.04 23:27:25 | 000,000,000 | ---D | C] -- C:\Users\Braso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio [2011.05.04 23:27:24 | 000,000,000 | ---D | C] -- C:\Users\Braso\Documents\R-TT [2011.05.04 23:27:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\R-Studio [2011.05.03 14:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software [2011.05.03 14:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runtime Software [2011.04.23 15:31:17 | 000,000,000 | ---D | C] -- C:\Users\Braso\AppData\Roaming\vlc [2011.04.23 15:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.08 11:32:58 | 001,427,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.08 11:32:58 | 000,621,952 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.05.08 11:32:58 | 000,590,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.08 11:32:58 | 000,123,852 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.05.08 11:32:58 | 000,102,094 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.08 11:23:39 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.08 11:23:39 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.08 11:23:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.07 18:49:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.05.07 13:52:05 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{33D8D392-EEFB-42C8-9406-494FE21E3726}.job [2011.05.04 20:12:33 | 000,103,424 | ---- | M] () -- C:\Users\Braso\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.04 15:27:10 | 000,373,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.05.03 16:05:01 | 001,449,296 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.05.03 14:28:38 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk [2011.04.29 17:46:58 | 000,017,055 | ---- | M] () -- C:\Users\Braso\Desktop\520px-Logo-Universität_des_Saarlandes klein.svg.png [2011.04.28 17:55:44 | 571,463,541 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.26 18:10:21 | 000,056,169 | ---- | M] () -- C:\Users\Braso\Desktop\PraktikumBachelor.pdf [2011.04.24 18:26:55 | 000,342,104 | ---- | M] () -- C:\Users\Braso\Desktop\fulltext.pdf [2011.04.24 17:15:19 | 000,078,027 | ---- | M] () -- C:\Users\Braso\Desktop\PraktikumInfo.pdf [2011.04.23 15:27:34 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.04.23 15:24:56 | 020,533,281 | ---- | M] () -- C:\Users\Braso\Desktop\vlc-1.1.9-win32.exe [2011.04.19 14:51:43 | 000,024,215 | ---- | M] () -- C:\Users\Braso\Desktop\520px-Logo-Universität_des_Saarlandes.svg.png [2011.04.17 22:31:29 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.07 12:26:26 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.05.03 16:05:01 | 001,449,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.05.03 14:28:38 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk [2011.04.29 17:46:57 | 000,017,055 | ---- | C] () -- C:\Users\Braso\Desktop\520px-Logo-Universität_des_Saarlandes klein.svg.png [2011.04.26 18:10:21 | 000,056,169 | ---- | C] () -- C:\Users\Braso\Desktop\PraktikumBachelor.pdf [2011.04.24 18:26:55 | 000,342,104 | ---- | C] () -- C:\Users\Braso\Desktop\fulltext.pdf [2011.04.24 17:15:19 | 000,078,027 | ---- | C] () -- C:\Users\Braso\Desktop\PraktikumInfo.pdf [2011.04.23 15:27:34 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.04.23 15:24:22 | 020,533,281 | ---- | C] () -- C:\Users\Braso\Desktop\vlc-1.1.9-win32.exe [2011.04.19 14:51:42 | 000,024,215 | ---- | C] () -- C:\Users\Braso\Desktop\520px-Logo-Universität_des_Saarlandes.svg.png [2011.04.17 22:31:28 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.11.05 12:37:57 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2010.11.05 12:37:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2010.04.30 02:02:29 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2010.04.06 20:27:32 | 000,000,552 | ---- | C] () -- C:\Users\Braso\AppData\Local\d3d8caps.dat [2010.01.15 12:01:16 | 000,000,383 | ---- | C] () -- C:\Windows\SysWow64\haspdos.sys [2010.01.15 11:57:19 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\hdduinst.exe [2010.01.15 11:57:18 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI [2010.01.15 11:57:17 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE [2009.11.07 14:46:44 | 000,000,130 | ---- | C] () -- C:\Windows\cfplogvw.INI [2009.10.25 00:31:06 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2009.10.23 20:03:57 | 000,000,276 | ---- | C] () -- C:\Windows\game.ini [2009.10.10 12:23:12 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.09.04 12:57:17 | 000,000,680 | ---- | C] () -- C:\Users\Braso\AppData\Local\d3d9caps.dat [2009.09.02 22:24:15 | 000,103,424 | ---- | C] () -- C:\Users\Braso\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.02 03:10:43 | 004,244,744 | ---- | C] () -- C:\Windows\SysWow64\qtp-mt334.dll [2009.09.02 03:10:43 | 000,247,560 | ---- | C] () -- C:\Windows\SysWow64\prgiso.dll [2009.09.02 03:10:43 | 000,013,576 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll [2009.09.02 02:14:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.09.02 01:55:15 | 000,000,732 | ---- | C] () -- C:\Users\Braso\AppData\Local\d3d9caps64.dat [2009.09.02 01:05:34 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.07.14 18:15:00 | 000,178,432 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.06.02 18:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2008.12.03 11:41:58 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\VMC3KAPI.dll [2008.01.21 04:48:25 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 04:48:07 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 17:34:20 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2009.11.01 17:27:41 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\AdiCash [2010.04.30 02:04:34 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Atari [2010.12.09 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\AV Stumpfl [2010.05.03 18:27:11 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Canneverbe_Limited [2010.05.17 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Canon [2009.10.22 16:27:27 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\DAEMON Tools Lite [2009.09.06 13:42:34 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\DeepBurner [2010.12.09 14:10:39 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Downloaded Installations [2010.12.16 21:59:57 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\GetRightToGo [2010.08.02 20:08:58 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\ICQ [2009.10.22 16:57:06 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Leadertech [2011.05.04 23:36:17 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\R-TT [2010.11.22 18:44:11 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Research In Motion [2010.05.05 20:17:22 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\SpieleEntwicklungsKombinat [2010.09.02 21:50:57 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\streamripper [2010.09.08 20:04:52 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Sytexis Software [2010.07.26 12:55:28 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\TeamViewer [2009.09.07 19:40:14 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Thinstall [2009.10.24 23:58:12 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\TuneUp Software [2009.10.10 13:02:03 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Ubisoft [2009.09.13 23:57:51 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Uniblue [2009.09.02 15:00:50 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\VistaCodecs [2011.05.07 18:49:53 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.05.07 13:52:05 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{33D8D392-EEFB-42C8-9406-494FE21E3726}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 48 bytes -> C:\Users\Braso\ntuser.dat.log:{110214F5-DB92-3458-BA32-ACEAD44B0F0A} @Alternate Data Stream - 24 bytes -> C:\Windows:747E36C37A214846 < End of report > |
08.05.2011, 11:45 | #2 |
/// Malware-holic | Rescue Disk stürzt ab; PC langsamer hallo,
__________________was heißt genau fragwürdig? hast du die exe noch? falls ja, hochladen bittee im upload channel: http://www.trojaner-board.de/54791-a...ner-board.html falls du den link noch hast, als private nachicht an mich.
__________________ |
09.05.2011, 16:35 | #3 |
/// Malware-holic | Rescue Disk stürzt ab; PC langsamer ok, da es sich hier um nen keygen handelt.
__________________und diese illegal sind helfe ich dir dabei das system neu aufzusetzen und abzusichern bitte sichere deine daten, keine keygens cracks und sonstige illegalen downloads. melde dich bitte, wenn fertig
__________________ |
Themen zu Rescue Disk stürzt ab; PC langsamer |
alternate, antivir, autorun, avgntflt.sys, avira, becker, bho, bonjour, c:\windows\system32\rundll32.exe, cdburnerxp, conduit, defender, desktop, error, exe-datei, firefox, format, helper, internet, kaspersky, kaspersky rescue, location, logfile, mozilla, oldtimer, plug-in, programm, realtek, registry, rundll, sched.exe, searchplugins, security, services.exe, shell32.dll, sicherheit, softonic, softonic deutsch toolbar, software, sptd.sys, staropen, start menu, system, syswow64, uiexec.exe, vista |