| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.ZPACK.Gen2Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.05.2011, 21:02
| #1 |
 |  TR/Crypt.ZPACK.Gen2 Schönen guten Abend, ich bin wirklich ganz neu hier und bin mir nicht sicher, ob ich trotz lesens der Checkliste alles richtig gemacht habe.... Aber ich versuchs mal: Mein Problem ist folgendes: ich benutze Opera (oder auch firefox). beim Surfen kamen auf einmal folgende 2 Nachrichten von Avir 1) In der Datei 'C:\Users\AnGoe\AppData\Local\Temp\0.8982463739596128.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Datei löschen 2) In der Datei 'C:\Users\AnGoe\AppData\Local\Temp\0.8982463739596128.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Datei löschen Wie ihr Anhand der Logs (?) sehen könnt, habe ich die Datei gelöscht (oder es zumindest versucht). Eine erneute Suche mit Avir ergab keinen Fund, was laut zahlreicher Internetforen wohl nichts zu bedeuten hat. Meine Recherche im Internet ergab, dass der Trojaner wohl Passwörter an den Hacker schickt. Eine Neuinstallation wird in den meisten Fällen empfohlen. Es gab aber auch öfters die Nachricht, dass es sich um einen Fehlarlarm seitens Avir handelt. - Neuaufspielen ist problematisch, da ich einen vorinstallierten Rechner habe, und bereits einige Programme (z.B. ImageJ + plug-ins) installiert habe, bei denen ich Probleme haben werde, diese wieder so schön konfiguriert hinzubekommen, wie sie eben zur Zeit laufen. Den Hilferufen im Trojaner-Board zu urteilen, ist dieser Trojaner wohl nicht allzu selten. Meine Fragen an euch lauten: - ist die Avir-Meldung korrekt oder eine Falschmeldung? - Wurde der Trojaner entfernt durch Avir? Was kann ich tun um hier sicher zu gehen? - Muss ich mein System neu installieren (sehr ungern) oder gibt es andere Möglichkeiten - Welche weiteren Schritte muss ich vornehmen (bin eigentlich ein vorsichtiger Surfer) Und letzte Frage: Ich speichere keine Passwörter auf meinem Rechner und lösche nach jedem Online banking meine Privaten Daten.... Muss ich trotzdem sicherheitshalber alle PW ändern und mich gegebenenfalls bei meiner Bank melden? Puuh, ich hoffe, das war einigermaßen verständlich. Ich freue mich auf eure Antworten Vielen Dank im Voraus. |
|
16.05.2011, 21:08
| #2 |
| /// Malwareteam   | TR/Crypt.ZPACK.Gen2 Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Downloade Dir bitte Malwarebytes
Schritt 2 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
|
|
16.05.2011, 23:07
| #3 |
| | TR/Crypt.ZPACK.Gen2 Hallo Swiss,
__________________vielen Dank für deine rasche Antwort. Ich mach mich gleich mal ran |
|
16.05.2011, 23:07
| #4 |
| | TR/Crypt.ZPACK.Gen2 Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6593 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.19048 17.05.2011 00:04:26 mbam-log-2011-05-17 (00-04-26).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 164457 Laufzeit: 7 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 12 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Users\AnGoe\AppData\Local\Temp\0.33319233155083183.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\AnGoe\AppData\Local\Temp\0.1305663442157582.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\AnGoe\AppData\Local\Temp\0.2996849246483495.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\AnGoe\AppData\Local\Temp\0.3531717886170844.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\AnGoe\AppData\Local\Temp\0.4755838817407886.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\AnGoe\AppData\Local\Temp\0.6278697421971406.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\AnGoe\AppData\Local\Temp\0.7536244325821444.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\AnGoe\AppData\Local\Temp\0.9693267161192914.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\AnGoe\AppData\Local\Temp\0.9824939819579354.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Windows\Rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Recycle.Bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully. c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. |
|
16.05.2011, 23:20
| #5 |
| | TR/Crypt.ZPACK.Gen2 Schritt 2: OTL |
|
16.05.2011, 23:37
| #6 |
| | TR/Crypt.ZPACK.Gen2 OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.05.2011 00:20:56 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\AnGoe\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,65 Gb Total Space | 12,78 Gb Free Space | 18,35% Space Free | Partition Type: NTFS Drive D: | 69,64 Gb Total Space | 36,76 Gb Free Space | 52,79% Space Free | Partition Type: NTFS Computer Name: MENKOU | User Name: AnGoe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.17 00:08:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe PRC - [2011.02.28 16:15:30 | 000,427,008 | ---- | M] (Sony Ericsson) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe PRC - [2010.12.13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.11.18 10:06:44 | 000,215,944 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.07.12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2009.09.28 17:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\DriveLED\oodlag.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.05.05 09:30:20 | 000,221,300 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Sound Blaster Play\Volume Panel\VolPanlu.exe PRC - [2008.05.02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2008.05.02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008.04.30 10:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 09:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2008.01.19 09:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2008.01.16 05:29:16 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\AnGoe\AppData\Local\Temp\RtkBtMnt.exe PRC - [2007.10.26 15:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2007.08.29 11:35:38 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe PRC - [2007.07.24 12:21:26 | 000,450,560 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2007.07.12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.07.12 17:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.07.03 11:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.06.28 19:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.06.15 07:45:00 | 000,850,704 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2007.06.13 17:56:18 | 000,765,952 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe PRC - [2007.06.13 17:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007.06.13 12:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007.05.29 02:29:00 | 004,472,832 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.04.25 17:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.04.25 17:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe PRC - [2007.04.23 10:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.02.12 13:18:50 | 000,924,160 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2007.02.09 07:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2007.01.19 20:51:16 | 000,711,472 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2006.11.24 13:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2002.03.08 17:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibserver.exe PRC - [2002.03.07 13:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibguard.exe ========== Modules (SafeList) ========== MOD - [2011.05.17 00:08:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2011.02.10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2010.08.24 00:28:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.08.24 00:01:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2009.09.28 17:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.11.19 20:22:20 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2008.04.30 10:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.10.26 15:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2007.07.12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.07.03 11:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.06.28 19:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.06.13 17:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.06.13 12:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.04.25 17:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.04.23 10:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.02.12 13:18:50 | 000,924,160 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2006.11.24 13:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2002.03.08 17:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\bin\ibserver.exe -- (InterBaseServer) SRV - [2002.03.07 13:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\bin\ibguard.exe -- (InterBaseGuardian) ========== Driver Services (SafeList) ========== DRV - [2011.04.02 16:08:35 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2010.12.23 19:25:50 | 000,082,304 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvdfab.sys -- (dvdfab) DRV - [2009.12.08 20:11:40 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.09.28 17:24:10 | 000,025,608 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\OODrvled.sys -- (OODrvled) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.11.19 20:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2008.04.10 10:20:20 | 000,020,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\twtyfilt.sys -- (twtyfilt) DRV - [2008.02.29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2008.02.29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.01.19 07:56:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2007.11.28 01:21:56 | 000,310,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GrabsterSeries.X86.SYS -- (GrabsterSeries.X86) DRV - [2007.10.26 15:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2007.08.08 18:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.07.28 09:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.07.17 05:28:52 | 000,269,056 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15) DRV - [2007.05.02 13:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2007.03.02 19:19:34 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2007.02.12 13:17:40 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm) DRV - [2007.02.12 13:17:24 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007.02.12 13:14:42 | 000,112,384 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007.02.07 19:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.01.31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.11.02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.11.02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.10.01 15:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801) DRV - [2006.09.19 17:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SPIEGEL ONLINE - Nachrichten IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.charite.de/" FF - prefs.js..network.proxy.type: 2 FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.10 21:03:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.10 21:03:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.10.12 21:52:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.10 19:25:23 | 000,000,000 | ---D | M] [2008.08.29 01:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Extensions [2011.05.04 19:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions [2011.01.24 20:45:54 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2011.01.24 20:45:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.01.23 10:05:01 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E} [2009.02.27 11:42:22 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67} [2011.01.24 20:45:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.01.23 10:09:37 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2009.10.22 21:25:35 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011.01.24 20:45:54 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.04.26 10:07:18 | 000,000,000 | ---D | M] ("Unofficial Myspace Toolbar") -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\myspacetoolbar@gmail.com [2011.05.16 20:27:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions [2010.07.24 23:21:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.05.01 22:00:49 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.09.09 20:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.09 20:19:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2008.08.29 01:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\inspector@mozilla.org [2008.08.29 01:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2008.03.23 22:59:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008.08.01 02:09:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008.11.26 20:26:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2009.01.11 10:36:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.03.30 09:02:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2010.09.09 20:19:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.05.10 21:03:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2011.05.10 21:03:44 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.05.10 21:03:44 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2011.05.10 21:03:44 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.05.10 21:03:44 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.05.10 21:03:44 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.05.10 21:03:44 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.09.18 20:39:59 | 000,331,258 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 Avast | Free Zip Unzip | Enable Java Script | Vim at 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 11347 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [alphadixxLightS] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster Play\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Acer Tour Reminder] File not found O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\AnGoe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\AnGoe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{488adfcc-07c2-11de-8533-463500000031}\Shell\AutoRun\command - "" = F:\USBNB.exe O33 - MountPoints2\{8f5a1926-86e4-11df-91df-000000000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\secure32.exe O33 - MountPoints2\{be2730e1-e347-11de-aa68-463500000031}\Shell - "" = AutoRun O33 - MountPoints2\{be2730e1-e347-11de-aa68-463500000031}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1 O33 - MountPoints2\{eabba07b-c2fc-11df-900e-000000000000}\Shell\AutoRun\command - "" = F:\installer.exe O33 - MountPoints2\{eabba07b-c2fc-11df-900e-000000000000}\Shell\verb\command - "" = F:\installer.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux8 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi8 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi9 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer8 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer9 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave8 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave9 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.17 00:13:07 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2011.05.17 00:08:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe [2011.05.16 23:53:56 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\AppData\Roaming\Malwarebytes [2011.05.16 23:53:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.16 23:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.16 23:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.16 23:53:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.16 23:53:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.09 23:40:48 | 000,000,000 | ---D | C] -- C:\Programme\Sony Media Go Install [2011.05.09 23:40:48 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\AppData\Roaming\Sony [2008.10.01 21:50:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\AnGoe\AppData\Roaming\pcouffin.sys [2007.10.28 06:12:48 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2007.10.28 05:49:06 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2007.10.28 05:49:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2007.10.28 05:49:06 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007.07.04 18:20:35 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.17 00:18:20 | 000,686,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.17 00:18:20 | 000,643,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.17 00:18:20 | 000,150,694 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.17 00:18:20 | 000,122,500 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.17 00:12:52 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.17 00:12:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.17 00:12:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.17 00:12:33 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2011.05.17 00:10:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.05.17 00:09:17 | 000,037,096 | ---- | M] () -- C:\Users\AnGoe\AppData\Roaming\wklnhst.dat [2011.05.17 00:08:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe [2011.05.16 23:48:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.06 18:05:07 | 000,004,096 | -H-- | C] () -- C:\Users\AnGoe\AppData\Local\keyfile3.drm [2011.01.10 19:35:03 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf5 [2010.08.24 00:02:15 | 000,025,113 | R--- | C] () -- C:\Windows\System32\cttwty.ini [2010.08.24 00:02:15 | 000,000,053 | R--- | C] () -- C:\Windows\System32\ctzapxx.ini [2010.08.24 00:02:11 | 000,000,917 | R--- | C] () -- C:\Windows\twtycfg.ini [2010.08.24 00:02:07 | 000,127,488 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2010.08.24 00:02:07 | 000,069,120 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2009.12.23 22:19:53 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009.11.25 14:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.08.23 13:04:38 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2009.08.23 13:04:20 | 000,906,784 | ---- | C] () -- C:\Windows\System32\owl52f.dll [2009.08.23 13:04:19 | 000,385,024 | ---- | C] () -- C:\Windows\System32\UTILib36.dll [2009.08.23 13:04:19 | 000,065,536 | ---- | C] () -- C:\Windows\System32\EZTW32.DLL [2009.02.05 17:50:11 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE [2009.02.02 09:23:19 | 000,241,664 | ---- | C] () -- C:\Windows\System32\hppapr04.dll [2009.02.02 09:23:19 | 000,000,647 | ---- | C] () -- C:\Windows\System32\hppapr04.dat [2009.01.16 02:13:14 | 000,000,680 | ---- | C] () -- C:\Users\AnGoe\AppData\Local\d3d9caps.dat [2008.12.02 17:02:50 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.12.02 17:01:46 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.12.02 16:59:18 | 000,370,944 | ---- | C] () -- C:\Windows\System32\drivers\GrabsterSeries.X64.SYS [2008.12.02 16:59:18 | 000,310,016 | ---- | C] () -- C:\Windows\System32\drivers\GrabsterSeries.X86.SYS [2008.12.02 16:59:18 | 000,256,000 | ---- | C] () -- C:\Windows\System32\drivers\GrabsterSeries.C64.SYS [2008.12.02 16:59:18 | 000,253,824 | ---- | C] () -- C:\Windows\System32\drivers\GrabsterSeries.C86.SYS [2008.11.06 16:21:19 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AP6RMHV.BIN [2008.11.06 16:21:19 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJH.BIN [2008.11.06 16:21:19 | 000,000,238 | ---- | C] () -- C:\Windows\System32\AP6RMFP.BIN [2008.11.06 16:21:19 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AP6RMHR.BIN [2008.11.06 16:20:39 | 000,049,152 | R--- | C] () -- C:\Windows\System32\AVerIO.dll [2008.11.06 16:20:39 | 000,003,456 | R--- | C] () -- C:\Windows\System32\AVerIO.sys [2008.11.06 16:20:34 | 000,258,048 | R--- | C] () -- C:\Windows\System32\sptlib01.dll [2008.11.06 16:20:34 | 000,253,952 | R--- | C] () -- C:\Windows\System32\sptlib02.dll [2008.10.01 21:50:37 | 000,087,608 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\inst.exe [2008.10.01 21:50:37 | 000,007,887 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\pcouffin.cat [2008.10.01 21:50:37 | 000,001,144 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\pcouffin.inf [2008.08.13 00:42:19 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.08.13 00:42:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.07.16 02:10:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.03.31 17:46:56 | 000,037,096 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\wklnhst.dat [2008.03.31 17:43:00 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.02.11 17:16:31 | 000,001,442 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.01.22 19:35:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.01.16 01:49:06 | 000,131,072 | ---- | C] () -- C:\Users\AnGoe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.10.28 15:36:00 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.10.28 15:36:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.10.28 15:36:00 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.10.28 06:13:30 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.10.28 06:13:30 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.10.28 06:12:48 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2007.10.28 06:12:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.10.28 05:49:06 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.10.28 05:48:27 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.10.26 15:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2007.07.05 05:31:13 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.07.05 03:03:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2007.07.05 03:03:03 | 000,686,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2007.07.05 03:03:03 | 000,150,694 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2007.07.05 03:03:03 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.07.05 02:54:52 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.07.04 18:20:33 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.07.04 17:32:20 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.04.25 17:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 17:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 17:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 17:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 17:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 17:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2007.04.18 11:19:21 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2007.04.18 11:19:21 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2007.04.18 11:19:21 | 000,000,041 | ---- | C] () -- C:\Windows\PreLaunch.ini [2007.01.19 20:11:16 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.12.25 16:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.13 06:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin [2006.11.02 14:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,413,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,643,612 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,122,500 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2002.05.11 06:36:02 | 000,053,760 | ---- | C] () -- C:\Windows\System32\zlib.dll [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1999.12.15 22:16:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\Lpng.dll ========== LOP Check ========== [2008.02.11 17:14:18 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\AD ON Multimedia [2008.11.30 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\Desktopicon [2011.05.16 23:56:20 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\EndNote [2010.12.05 15:50:47 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\eXPert PDF Editor [2010.12.05 16:58:09 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\Foxit Software [2008.07.28 05:21:45 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\FrostWire [2011.01.10 19:35:02 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\GraphPad Software [2010.08.31 20:00:32 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\gtk-2.0 [2008.03.02 02:00:06 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\ICQ [2009.01.18 05:56:42 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\IrfanView [2009.12.07 18:06:57 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\ISI ResearchSoft [2009.08.10 23:47:54 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\Opera [2011.05.09 23:40:48 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\Sony [2008.05.11 20:29:46 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\Thinstall [2008.01.22 19:28:12 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\Thunderbird [2008.11.30 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\Toolbars [2010.12.25 18:54:01 | 000,000,000 | ---D | M] -- C:\Users\AnGoe\AppData\Roaming\Vso [2011.05.17 00:10:31 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2007.10.28 06:10:21 | 000,003,380 | ---- | M] () -- C:\-20071028.log [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2008.01.19 09:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr [2006.11.11 09:41:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2009.12.28 11:19:27 | 000,044,202 | ---- | M] () -- C:\hpfr5100.log [2008.01.18 02:36:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008.01.18 02:36:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011.05.17 00:12:26 | 2459,627,520 | -HS- | M] () -- C:\pagefile.sys [2007.10.17 04:11:16 | 000,008,035 | -HS- | M] () -- C:\Patch.rev [2007.01.11 02:52:52 | 000,000,631 | ---- | M] () -- C:\PDVD.iss [2007.07.04 18:38:26 | 000,000,137 | RHS- | M] () -- C:\preload.rev [2007.04.18 11:19:23 | 000,000,004 | ---- | M] () -- C:\wps.dat < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2006.11.02 14:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2008.04.04 22:01:40 | 000,272,896 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpcpp5r1.dll [2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2007.04.09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2009.07.10 14:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2008.06.26 23:56:17 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2007.07.28 09:26:42 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\user32.dll /md5 > [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\system32\ws2help.dll /md5 > [2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.01.24 13:55:55 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.01.24 13:55:54 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-13 16:12:09 < > < End of report > |
|
16.05.2011, 23:41
| #7 |
| | TR/Crypt.ZPACK.Gen2 OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.05.2011 00:20:56 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\AnGoe\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 12,78 Gb Free Space | 18,35% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 36,76 Gb Free Space | 52,79% Space Free | Partition Type: NTFS
Computer Name: MENKOU | User Name: AnGoe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E77E7F-DE13-4CF6-A9A9-C7578BBBEA2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{065C9460-F936-4941-AE68-B274DF7C7DF4}" = rport=138 | protocol=17 | dir=out | app=system |
"{0BCDCBD0-43C0-45C9-87F4-F8D1DA30CFA8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1EABA1C6-A240-4B2C-AE5C-73C44F2C9F5E}" = rport=139 | protocol=6 | dir=out | app=system |
"{30D6649E-0305-4534-828B-A115E2FF35FD}" = lport=138 | protocol=17 | dir=in | app=system |
"{4AEB381A-FCF1-4AA7-BF6E-99EE287EF7C5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{58F3D252-8911-4F8B-92E9-3F7695D4CCBF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{66D87C95-50F0-44BA-9077-0237328C97E0}" = rport=445 | protocol=6 | dir=out | app=system |
"{7260CD35-A51B-498C-B35F-925C8BE4D7C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{810BEBB9-DF61-4BD2-8164-A6FA487EA37B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83527D8B-14B6-4AD9-A943-8EB5970887B2}" = rport=137 | protocol=17 | dir=out | app=system |
"{864BAC36-752E-49DF-B940-7E81517EC749}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9214F1D2-107F-4309-8E3B-B0246D092AD7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{95D0A141-A248-4A61-B7FB-2AFCEBA208CA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A2C3D533-203D-4C20-B734-F9750911335D}" = lport=139 | protocol=6 | dir=in | app=system |
"{A7DDC671-14A0-48A3-BD01-62F0CE4D4F68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AC8D1D60-B24F-4E7C-A0B0-6AC9B113061C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D1ABFF8A-F46D-4D43-A657-9125B3C1134B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DA56E6D4-5D7B-4FDC-B86C-5E87492A83CF}" = lport=137 | protocol=17 | dir=in | app=system |
"{F4E6236B-3F95-41BE-B004-55918741470A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1176668C-D6A8-46D7-98AE-517791695A56}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{139CD6BA-A0ED-408D-859E-8E4B2296C0EF}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{269B078E-7E8D-40BE-905E-D2B26944C8D5}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{37433D6E-F9AF-488E-869D-7260249F2683}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{379A2A16-EB7D-4024-ABAF-D12DC084EED4}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{3CD4282D-7921-4C71-978D-E41E68B02695}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{480EB638-76A7-4094-94EF-1A6B24119727}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{587B7E37-A678-4498-9CA0-E63C6776DECC}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{5C647CD7-83AD-4093-A523-443F2BFB8334}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{63E6143C-BBB9-41A7-B8A7-CEE8FD8B166F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{71F9E79D-E8E4-42EC-9BD2-20DED870E42F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7D45DE3A-904D-486F-817B-78F1E14D91BB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{CF743434-8C71-42B2-AA26-4C4DDF68C533}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{E4106503-5FA1-4202-A495-A766BF249CAB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E53E6766-5029-4473-B404-6A6B54572DB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5D3B397-3AF7-4627-9968-6AB1B050BFB6}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{F7AE5C78-0451-472A-A123-104F8A29C2C2}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{FD876DD9-1355-4B89-92F6-A6CA7A442ACC}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{0EDF04DA-E88A-4B6C-989C-EF369B206E45}C:\program files\imagej\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
"TCP Query User{2092FEA2-0AC6-4C42-9B9D-22C4264BD31A}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{36519C4D-1E71-4F2C-BA3F-095C43C767BC}C:\users\angoe\appdata\local\temp\par-angoe\cache-perlprimer_tmp\perlprimer.exe" = protocol=6 | dir=in | app=c:\users\angoe\appdata\local\temp\par-angoe\cache-perlprimer_tmp\perlprimer.exe |
"TCP Query User{46A32858-B65F-4F5D-8FDD-100A037A4AA2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{49C2B847-5E39-41EA-9B5A-83A685F6C601}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{5A57C19C-C6E8-48C1-8F2B-F125954EDF31}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{622C23CC-031B-4F9D-A397-B1326028F1C0}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{674ABD60-825A-427B-990A-0ADF184D0636}D:\programm 2009\imagej 091117\neue plugins\fiji\fiji.app\fiji-win32.exe" = protocol=6 | dir=in | app=d:\programm 2009\imagej 091117\neue plugins\fiji\fiji.app\fiji-win32.exe |
"TCP Query User{B521E8E8-5D1F-46AA-B1C1-57EECB91FC68}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{BC14FB45-53C1-4021-988B-E79B71B307D7}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{C77AB2D6-3583-428C-924B-70DBE7FCBAD5}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{CDC6CAF7-59CE-4594-ADE4-FE4166159885}E:\d-link.exe" = protocol=6 | dir=in | app=e:\d-link.exe |
"UDP Query User{1CE0EC26-B122-4315-B2D7-6FCBA918EE7E}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{1FD3C2FF-9BA3-443A-A72A-D0944C610F7B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{568F011F-C88C-429D-BC06-D65DEF3E2B4A}C:\program files\imagej\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
"UDP Query User{60FB7D84-2A2C-413A-8429-5157B4196D64}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{6CE11091-A3E4-49D8-AE2F-9CD8C6DF918E}E:\d-link.exe" = protocol=17 | dir=in | app=e:\d-link.exe |
"UDP Query User{74C9FF21-A374-4809-973B-06673F0427E8}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{7F3FB675-452C-402F-A532-23FD61FF817E}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{852403FE-1A85-4064-945F-13BAED756043}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{8AC756EC-3394-4623-B581-728111992FE8}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{8EDDBD09-E12B-4DB5-B366-3BB575FA976C}D:\programm 2009\imagej 091117\neue plugins\fiji\fiji.app\fiji-win32.exe" = protocol=17 | dir=in | app=d:\programm 2009\imagej 091117\neue plugins\fiji\fiji.app\fiji-win32.exe |
"UDP Query User{D6DC60AB-4414-447B-BA47-FB05E95F9F94}C:\users\angoe\appdata\local\temp\par-angoe\cache-perlprimer_tmp\perlprimer.exe" = protocol=17 | dir=in | app=c:\users\angoe\appdata\local\temp\par-angoe\cache-perlprimer_tmp\perlprimer.exe |
"UDP Query User{ED7FFC0B-DEB3-41F8-8292-0F4F1472080E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0819B21B-E958-438C-B06C-5A54C98833E9}" = DSL Connection Manager
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F0122E0-5665-4B91-9C71-85F98E20DCF2}" = Scion Image 4.0.3.2
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{120D9280-C7A0-F52B-0F0C-8F1DE9ACEAEE}" = Catalyst Control Center Localization Korean
"{15112D8C-D377-D1F9-3701-90E9CF9EC65B}" = Catalyst Control Center Localization Japanese
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{163B1CF0-6C0C-D558-341E-BA1DE37F9FA1}" = Catalyst Control Center Localization Danish
"{1E863F44-2D2D-4BD7-B25B-EDA9FF622267}" = Radiotracker
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D08187-7192-A65D-4ABA-BB09BF315E4F}" = Catalyst Control Center Core Implementation
"{226EF265-A4E4-4E10-BAA9-9C5D89F6EAF9}" = Catalyst Control Center Localization Turkish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{238BA203-497D-16EA-8495-A42A37A1D1DC}" = Catalyst Control Center Localization Russian
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 21
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D72ACF2-C3A9-A980-FB98-0062C1F4AABF}" = Catalyst Control Center Localization Chinese Standard
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5 (Trial)
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{487C2D48-A9E3-4F34-92BD-B6A847025C16}" = Free eXPert PDF Reader
"{4971AB6A-D3AF-4227-51BD-0165C56F35F6}" = Catalyst Control Center Localization Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4EB4978B-F18F-A9BF-114D-275F675CD9E7}" = Catalyst Control Center Localization Polish
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A44BF79-7923-E7D4-C8A6-F93F81EF48B9}" = Catalyst Control Center Localization Finnish
"{5DCE4F2F-427B-F3DA-AF1E-34FBFCF779ED}" = ccc-core-static
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62F596B9-0DF7-AD7B-2D66-E6DC4BFB94C1}" = Catalyst Control Center Localization French
"{64B3A619-65FF-6AF5-ABF8-D7D17E20D8A1}" = Catalyst Control Center Localization German
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C8D0421-2896-45E0-AFDA-960BC2E2E2EF}" = Sound Blaster Play!
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7616F372-AFF8-355C-582D-6EA9BE9445CF}" = Catalyst Control Center Graphics Light
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}" = Ad-Aware SE Personal
"{79B92639-4B90-CD61-6CB3-72C1977D7256}" = Catalyst Control Center Localization Portuguese
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B8CFD39-A3EA-7469-344A-35715AA9DB10}" = Catalyst Control Center Localization Spanish
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.8
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{88637F72-B46E-43F9-B306-6DA1FF478D51}" = WIDCOMM Bluetooth Software 6.0.1.3900
"{8DA83EA6-E731-4722-958D-613399AE1031}" = Nero 7 Essentials
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{958B08B0-C784-4A77-8D2B-C0A58F1E14B5}" = HP Officejet 6500 E710a-f Hilfe
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99C2CE24-18E1-5779-642B-ED28AFBE912E}" = Catalyst Control Center Localization Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAA58088-CBEE-466C-F225-E6DC91A9A067}" = Catalyst Control Center Localization Norwegian
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B1286E7E-AAAF-955C-1C72-60C5EF8F5F2D}" = Catalyst Control Center Localization Italian
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4A0EFC6-0933-6AE9-8EE0-7D6C5D5E28A8}" = Catalyst Control Center Localization Swedish
"{B8DC25AB-AEF8-264E-072D-62EB71D331B6}" = Catalyst Control Center Localization Hungarian
"{BA0BE54D-BB87-4ED4-B5C5-5F7A8CE2B4EA}" = Scion FG Java Package for ImageJ
"{BDFD03D4-CA66-36B1-41DE-F10059E248C4}" = Catalyst Control Center Localization Greek
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BEE7031E-5FC1-4A23-9F86-6D2A9F689E37}" = Sequencher 4.9 Demo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C0B0893D-6DA2-4F14-B1D0-3C0F1272B398}" = Reference Manager 11
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C51975DE-6450-4B3A-908F-5CA91494B1D3}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D273D5F0-5868-358A-F5EE-77565BD6AAD4}" = Catalyst Control Center Localization Chinese Traditional
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D4E01931-9B3F-49BD-B19B-511000A1E039}" = Samsung PC Studio II 2.0 PIMS & File Manager
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.149
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79E42D0-C1F2-C461-5E1A-3A169E25F2C2}" = ccc-utility
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = FSCTV
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF9E6D14-CD96-B086-BF2B-1E5DE6A7780F}" = Catalyst Control Center Localization Czech
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"alphabreaxx" = alphabreaxx
"alphacombixx" = alphacombixx
"alphadixx Light Spanisch" = alphadixx Light Spanisch
"alpharelaxx" = alpharelaxx
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CDex" = CDex extraction audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.6.1 (18/12/2010)
"DVDFab Passkey 8_is1" = DVDFab Passkey 8.0.1.6 (24/12/2010)
"EndNote" = EndNote
"FBDBServer1_is1" = Firebird 1.0.0.796
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Foxit Reader" = Foxit Reader
"FrostWire" = FrostWire 4.13.5
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"ImageTool" = ImageTool
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = FSCTV
"IrfanView" = IrfanView (remove only)
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Litlink v3.5" = Litlink v3.5
"LManager" = Launch Manager
"MAGIX Filme auf CD & DVD TerraTec Edition D" = MAGIX Filme auf CD & DVD TerraTec Edition 6.0.3.7 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MiKTeX 2.7" = MiKTeX 2.7
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Office 2007 Word Konverter_is1" = Office 2007 Word Konverter 1.0.1
"OpenVPN" = OpenVPN 2.1_rc15
"Opera 11.10.2092" = Opera 11.10
"PEAK CAN Driver" = PEAK CAN Driver
"Peak Drivers" = Peak Drivers
"PerlPrimer" = PerlPrimer 1.1.16
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"realplex" = realplex
"Recuva" = Recuva
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"REST 2008_is1" = REST 2008 2.0.7
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Slim Mobile USB DVB-T" = Slim Mobile USB DVB-T 1.0.0.29
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Spanisch 01" = Spanisch 01
"ST6UNST #1" = Langenscheidts Vokabeltrainer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative Systeminformationen
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.50
"Update Service" = Sony Ericsson Update Service
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WinAce Archiver 2.0" = WinAce Archiver 2.0
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Works2005Setup" = Setup-Start von Microsoft Works 2005
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.05.2011 16:07:17 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.05.2011 18:10:07 | Computer Name = menkou | Source = EventSystem | ID = 4609
Description =
Error - 16.05.2011 18:13:06 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.05.2011 18:13:06 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.05.2011 18:14:57 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.05.2011 18:14:58 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.05.2011 18:14:58 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.05.2011 18:14:59 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.05.2011 18:15:12 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.05.2011 18:15:12 | Computer Name = menkou | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 15.05.2011 13:09:19 | Computer Name = menkou | Source = Service Control Manager | ID = 7000
Description =
Error - 15.05.2011 18:08:08 | Computer Name = menkou | Source = DCOM | ID = 10010
Description =
Error - 16.05.2011 12:29:47 | Computer Name = menkou | Source = HTTP | ID = 15016
Description =
Error - 16.05.2011 12:30:00 | Computer Name = menkou | Source = Service Control Manager | ID = 7000
Description =
Error - 16.05.2011 16:05:11 | Computer Name = menkou | Source = DCOM | ID = 10010
Description =
Error - 16.05.2011 16:06:52 | Computer Name = menkou | Source = HTTP | ID = 15016
Description =
Error - 16.05.2011 16:07:06 | Computer Name = menkou | Source = Service Control Manager | ID = 7000
Description =
Error - 16.05.2011 18:10:05 | Computer Name = menkou | Source = DCOM | ID = 10010
Description =
Error - 16.05.2011 18:12:35 | Computer Name = menkou | Source = HTTP | ID = 15016
Description =
Error - 16.05.2011 18:12:55 | Computer Name = menkou | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
16.05.2011, 23:42
| #8 |
| | TR/Crypt.ZPACK.Gen2 Da bin ich ja mal gespannt. Malwarebyte hat ja noch einiges gefunden.  |
|
17.05.2011, 01:29
| #9 |
| /// Malwareteam | TR/Crypt.ZPACK.Gen2Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Lade ComboFix von einem dieser Download-Spiegel herunter: BleepingComputer - ForoSpyware * Wichtig !! Speichere ComboFix auf dem Desktop
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei. |
|
18.05.2011, 19:08
| #10 |
| | TR/Crypt.ZPACK.Gen2 hallo swiss, sorry hat etwas gedauert. schicke dir gleich die combofix log. das meintest du doch mit C:\ComboFix.txt? |
|
18.05.2011, 19:11
| #11 |
| | TR/Crypt.ZPACK.Gen2 Combofix Logfile: Code:
ATTFilter ComboFix 11-05-17.03 - AnGoe 18.05.2011 19:40:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2046.890 [GMT 2:00]
ausgeführt von:: c:\users\AnGoe\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\AnGoe\AppData\Roaming\AD ON Multimedia
c:\users\AnGoe\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\config.ini
c:\users\AnGoe\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe
c:\users\AnGoe\AppData\Roaming\Desktopicon
c:\users\AnGoe\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\users\AnGoe\AppData\Roaming\inst.exe
c:\windows\system32\Ijl11.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\UNWISE.EXE
c:\windows\system32\zip32.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-18 bis 2011-05-18 ))))))))))))))))))))))))))))))
.
.
2011-05-17 17:02 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBD065B0-1FDE-435C-9C43-3EA713FC3CEF}\mpengine.dll
2011-05-16 21:53 . 2011-05-16 21:53 -------- d-----w- c:\users\AnGoe\AppData\Roaming\Malwarebytes
2011-05-16 21:53 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 21:53 . 2011-05-16 21:53 -------- d-----w- c:\programdata\Malwarebytes
2011-05-16 21:53 . 2011-05-16 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-16 21:53 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-16 20:09 . 2011-05-16 20:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 07:41 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-10 19:03 . 2011-05-10 19:03 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-10 19:03 . 2011-05-10 19:03 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-10 19:03 . 2011-05-10 19:03 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-10 19:03 . 2011-05-10 19:03 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-10 19:03 . 2011-05-10 19:03 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-10 19:03 . 2011-05-10 19:03 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-10 19:03 . 2011-05-10 19:03 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-10 19:03 . 2011-05-10 19:03 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-09 21:40 . 2011-05-09 21:40 -------- d-----w- c:\program files\Sony Media Go Install
2011-05-09 21:40 . 2011-05-09 21:40 -------- d-----w- c:\users\AnGoe\AppData\Roaming\Sony
2011-04-28 16:58 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 16:58 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-02 14:08 . 2011-04-02 14:08 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2011-03-10 16:12 . 2011-04-15 16:48 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12 . 2011-04-15 16:48 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00 . 2011-04-15 16:48 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56 . 2011-04-28 16:58 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-28 16:58 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-28 16:58 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-04-28 16:58 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 12:53 . 2011-04-15 16:48 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49 . 2011-04-15 16:48 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 12:52 . 2011-04-15 16:48 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 12:52 . 2011-04-15 16:48 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 12:51 . 2011-04-15 16:48 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 12:51 . 2011-04-15 16:48 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-22 06:21 . 2011-04-15 16:48 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17 . 2011-04-15 16:48 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16 . 2011-04-15 16:48 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16 . 2011-04-15 16:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16 . 2011-04-15 16:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20 . 2011-04-15 16:48 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43 . 2011-04-15 16:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42 . 2011-04-15 16:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-18 13:31 . 2011-04-15 16:48 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-18 13:31 . 2011-04-15 16:48 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-18 13:31 . 2011-04-15 16:48 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-05-10 19:03 . 2011-05-10 19:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-04-14 428544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Skytel"="Skytel.exe" [2007-05-29 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VolPanel"="c:\program files\Creative\Sound Blaster Play\Volume Panel\VolPanlu.exe" [2008-05-05 221300]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2010-11-18 215944]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-1-19 711472]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-4 535336]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-18 805392]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-1-20 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9876aa347e0fb;Google Update Service (gupdate1c9876aa347e0fb);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 133104]
R3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2007-07-17 269056]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-23 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-23 79360]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GrabsterSeries.X86;GRABSTER SERIES, Service X86;c:\windows\system32\DRIVERS\GrabsterSeries.X86.SYS [2007-11-27 310016]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 133104]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
R3 twtyfilt;twtyfilt;c:\windows\system32\drivers\twtyfilt.sys [2008-04-10 20480]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnwlh.sys [x]
R3 WisINT15;WisINT15;c:\elements\1stboot\WisINT15.SYS [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S0 OODrvled;OODrvled;c:\windows\system32\DRIVERS\OODrvled.sys [2009-09-28 25608]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 O&O DriveLED;O&O DriveLED Service;c:\program files\OO Software\DriveLED\oodlag.exe [2009-09-28 529664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [2010-12-23 82304]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2011-04-02 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 08:20]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 08:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://spiegel-online.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! Deutschland
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\AnGoe\AppData\Roaming\Mozilla\Firefox\Profiles\sulic17f.Privat\
FF - prefs.js: browser.startup.homepage - tagesschau.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-alphadixxLightS - c:\program files\Alpha Institute\alphadixx Light Spanisch\awlight.exe
AddRemove-alphacombixx - c:\progra~1\ALPHAC~1\UNWISE32
AddRemove-alphadixx Light Spanisch - c:\progra~1\ALPHAI~1\ALPHAD~1\UNWISE32
AddRemove-Audiograbber-Lame - c:\program files\Audiograbber\Lame-Uninstall.exe
AddRemove-PEAK CAN Driver - c:\windows\System32\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-18 19:49
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\AnGoe\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterBaseGuardian]
"ImagePath"="c:\program files\Firebird\bin\ibguard -s"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterBaseServer]
"ImagePath"="c:\program files\Firebird\bin\ibserver -s"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-18 19:55:01
ComboFix-quarantined-files.txt 2011-05-18 17:54
.
Vor Suchlauf: 11 Verzeichnis(se), 15.533.711.360 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 15.536.119.808 Bytes frei
.
- - End Of File - - FCC536BB22E13BD72F8B1A3683868725
|
|
18.05.2011, 19:17
| #12 |
| | TR/Crypt.ZPACK.Gen2 kleine Zwischenfrage: wie sieht es denn aus? ist mein rechner stark befallen? |
|
18.05.2011, 21:38
| #13 |
| /// Malwareteam | TR/Crypt.ZPACK.Gen2 Er war mit einem Backdoor verseucht. Hier kann man von starke Infiezierung sprechen. Wieso meinst du? |
|
18.05.2011, 21:52
| #14 |
| | TR/Crypt.ZPACK.Gen2 na, ich dachte, da ist eventuell noch mehr drauf... weis auch nicht...z.b. wie nennt man das noch mal, wenn die ressourcen mehrerer computer für angriffe auf andere missbraucht werden.... ist er denn jetzt wieder "sauber"? |
|
18.05.2011, 21:55
| #15 |
| /// Malwareteam | TR/Crypt.ZPACK.Gen2 Du meinst Teil eines BOTNetzes. Aber das schliesse ich aus. Wie läuft das System mitlerweilen? |
|
| Themen zu TR/Crypt.ZPACK.Gen2 |
| appdata, checkliste, datei, datei gelöscht, firefox, folge, foren, frage, gelöscht, hacker, neu, nicht sicher, online, online banking, opera, plug-ins, problem, probleme, programm, programme, rechner, seite, sicherheitshalber, suche, surfen, system, system neu, temp, trojan, trojaner, trojaner-board, virus, ändern |
Textbox.
Linear-Darstellung
