![]() |
|
Log-Analyse und Auswertung: Infektion mit diverser MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() Infektion mit diverser Malware Guten Morgen, vor ein paar Tagen hat mir Avira eine Vireninfektion angezeigt (Logfiles siehe unten). Das System wurde auch merklich langsamer, insbesondere Firefox hat auf Eingaben nur sehr verzögert reagiert, ebenso beim Seitenaufbau. Hatte Firefox neu installiert und diverse nicht mehr benötigte Software deinstalliert. Ein Lauf von Malwarebytes hat dann weitere Infektionen ergeben. Nachdem die betroffenen Dateien in Quarantäne verschoben wurden, wird beim Systemstart die Meldung angezeigt: Code:
ATTFilter Fehler beim Laden von C:\users\***\tloadF4.dll Das angegebene Modul wurde nicht gefunden. Jetzt wüsste ich gerne, wie ich da weiter vorgehen soll. OTL: Code:
ATTFilter OTL logfile created on: 28.05.2011 04:50:48 - Run 2 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\***\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,04% Memory free 4,24 Gb Paging File | 3,37 Gb Available in Paging File | 79,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 34,88 Gb Free Space | 46,81% Space Free | Partition Type: NTFS Drive D: | 64,76 Gb Total Space | 64,49 Gb Free Space | 99,59% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.27 22:44:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011.04.28 16:18:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.16 16:47:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.03 15:31:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.10 18:15:46 | 001,265,664 | ---- | M] (www.bid-o-matic.org) -- C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.07.09 18:14:06 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2008.06.25 04:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2008.06.19 21:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe PRC - [2008.06.04 02:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2008.03.18 21:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008.03.17 08:17:31 | 005,320,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.02 00:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2008.01.24 00:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2008.01.23 19:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe PRC - [2007.12.04 19:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe PRC - [2007.10.12 06:44:28 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (SafeList) ========== MOD - [2011.05.27 22:44:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Unknown | Stopped] -- -- (WPFFontCache_v0400) SRV - [2011.04.28 16:18:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.16 16:47:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.03.18 21:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) ========== Driver Services (SafeList) ========== DRV - [2011.03.16 16:47:13 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.22 21:23:06 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.06.03 23:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008.05.29 19:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby) DRV - [2008.05.01 03:09:59 | 007,448,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.03.21 21:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007.11.16 06:09:03 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH) DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.08.03 21:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2006.12.15 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.27 20:42:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.27 21:14:42 | 000,000,000 | ---D | M] [2011.05.27 20:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.05.27 21:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2009.05.15 20:13:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} File not found (No name found) -- [2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.07.19 19:47:11 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.05 23:13:00 | 000,307,170 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 10575 more lines... O2 - BHO: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe () O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe () O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [NvCplDaemonTool] File not found O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk = C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.28 04:23:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbam logdateien [2011.05.28 04:19:46 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\avira ereignisse [2011.05.28 04:14:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD [2011.05.27 22:44:15 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.05.27 20:22:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DriverCure [2011.05.27 20:22:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ParetoLogic [2011.05.27 20:22:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic [2011.05.27 20:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic [2011.05.27 20:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic [2011.05.27 20:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic [2011.05.27 19:52:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uniblue [2011.05.27 19:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2011.05.27 19:51:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} [2011.05.27 19:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue [2011.05.27 19:49:44 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8 [2011.05.27 19:49:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PackageAware [2011.05.26 15:57:37 | 005,249,448 | ---- | C] (ParetoLogic Inc.) -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor_de.exe [2011.05.16 17:05:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\rechtssoziologie [2011.05.04 22:56:39 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SnapDragon Games [2011.05.04 22:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\SnapDragon Games [2011.04.29 17:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard [2011.04.29 14:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2011.04.29 14:58:30 | 000,000,000 | -H-D | C] -- C:\Config.Msi [2011.04.29 14:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2011.04.29 14:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer [2008.06.03 23:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2011.05.28 04:23:49 | 000,042,749 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.05.28 04:16:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.28 04:16:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.28 04:15:10 | 000,042,749 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.05.28 04:13:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.28 00:31:16 | 000,000,272 | ---- | M] () -- C:\Users\***\Desktop\fehlermeldung beim start.rtf [2011.05.27 22:45:55 | 000,302,080 | ---- | M] () -- C:\Users\***\Desktop\ksdu5jyf.exe [2011.05.27 22:44:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.05.27 22:18:43 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2011.05.27 22:13:44 | 000,000,011 | R--- | M] () -- C:\Windows\amunres.lsl [2011.05.27 22:05:07 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.27 22:05:07 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.27 22:05:07 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.27 22:05:07 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.27 20:42:21 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.05.27 20:23:18 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2011.05.27 20:22:20 | 000,000,909 | ---- | M] () -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor.lnk [2011.05.27 20:22:20 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job [2011.05.27 20:22:20 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job [2011.05.27 20:22:20 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job [2011.05.27 19:52:36 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2011.05.27 19:52:19 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk [2011.05.27 19:31:57 | 000,323,216 | ---- | M] () -- C:\Users\***\Desktop\bookmarks-2011-05-27.json [2011.05.26 20:39:33 | 000,047,584 | ---- | M] () -- C:\Users\***\Desktop\werbung.jpg [2011.05.26 15:58:24 | 005,249,448 | ---- | M] (ParetoLogic Inc.) -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor_de.exe [2011.05.15 17:27:03 | 000,057,800 | ---- | M] () -- C:\Users\***\Desktop\alle affen gaffen.jpg [2011.05.14 14:46:09 | 000,388,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.05.14 03:20:35 | 000,105,656 | ---- | M] () -- C:\Users\***\Desktop\denkt denn niemand an die kinder.jpg [2011.05.13 00:49:56 | 003,575,463 | ---- | M] () -- C:\Users\***\Desktop\Come And Join Us - Bob Leaper And His Prophets.mp3 [2011.05.12 14:16:00 | 000,796,672 | ---- | M] (Qsc) -- C:\Windows\GPInstall.exe [2011.05.11 19:14:42 | 004,267,781 | ---- | M] () -- C:\Users\***\Desktop\Gabriella Cilmi - Sweet about me (unplugged).mp3 [2011.05.10 13:31:25 | 000,008,120 | ---- | M] () -- C:\Users\***\Desktop\denglisch.rtf [2011.05.09 20:40:14 | 000,000,548 | ---- | M] () -- C:\Users\***\Desktop\MinimogueVA.exe - Verknüpfung.lnk [2011.05.09 15:41:36 | 001,887,144 | ---- | M] () -- C:\Users\***\Desktop\2003-10-16_10-23-208_2005-12-02_11-19-376.pdf [2011.05.05 15:57:52 | 000,107,077 | ---- | M] () -- C:\Users\***\Desktop\claudia roth preis.pdf [2011.05.02 22:11:27 | 005,068,826 | ---- | M] () -- C:\Users\***\Desktop\Aloe Blacc - Loving You Is Killing Me (Live in Studio).mp3 [2011.05.02 21:54:13 | 000,050,061 | ---- | M] () -- C:\Users\***\Desktop\zimmer.jpg [2011.04.29 17:43:13 | 000,148,340 | ---- | M] () -- C:\Windows\hphins33.dat [2011.04.29 15:29:03 | 001,316,262 | ---- | M] () -- C:\Users\***\Desktop\dj169en.exe [2011.04.29 15:16:27 | 000,175,504 | ---- | M] () -- C:\Windows\hphins26.dat [2011.04.29 15:01:47 | 000,175,517 | ---- | M] () -- C:\Windows\hphins26.dat.temp ========== Files Created - No Company Name ========== [2011.05.28 00:31:16 | 000,000,272 | ---- | C] () -- C:\Users\***\Desktop\fehlermeldung beim start.rtf [2011.05.27 22:45:24 | 000,302,080 | ---- | C] () -- C:\Users\***\Desktop\ksdu5jyf.exe [2011.05.27 22:13:44 | 000,000,011 | R--- | C] () -- C:\Windows\amunres.lsl [2011.05.27 21:25:49 | 000,006,739 | ---- | C] () -- C:\Users\***\Documents\wavepurity.ini.bak [2011.05.27 20:42:21 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.05.27 20:42:21 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.05.27 20:23:18 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2011.05.27 20:22:20 | 000,000,909 | ---- | C] () -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor.lnk [2011.05.27 20:22:20 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job [2011.05.27 20:22:20 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job [2011.05.27 20:22:20 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job [2011.05.27 19:52:36 | 000,000,220 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job [2011.05.27 19:52:19 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk [2011.05.27 19:31:56 | 000,323,216 | ---- | C] () -- C:\Users\***\Desktop\bookmarks-2011-05-27.json [2011.05.26 20:39:32 | 000,047,584 | ---- | C] () -- C:\Users\***\Desktop\werbung.jpg [2011.05.15 17:25:38 | 000,057,800 | ---- | C] () -- C:\Users\***\Desktop\alle affen gaffen.jpg [2011.05.14 03:20:35 | 000,105,656 | ---- | C] () -- C:\Users\***\Desktop\denkt denn niemand an die kinder.jpg [2011.05.13 00:49:54 | 003,575,463 | ---- | C] () -- C:\Users\***\Desktop\Come And Join Us - Bob Leaper And His Prophets.mp3 [2011.05.11 19:14:37 | 004,267,781 | ---- | C] () -- C:\Users\***\Desktop\Gabriella Cilmi - Sweet about me (unplugged).mp3 [2011.05.09 20:40:14 | 000,000,548 | ---- | C] () -- C:\Users\***\Desktop\MinimogueVA.exe - Verknüpfung.lnk [2011.05.09 15:41:29 | 001,887,144 | ---- | C] () -- C:\Users\***\Desktop\2003-10-16_10-23-208_2005-12-02_11-19-376.pdf [2011.05.05 15:57:50 | 000,107,077 | ---- | C] () -- C:\Users\***\Desktop\claudia roth preis.pdf [2011.05.02 22:10:44 | 005,068,826 | ---- | C] () -- C:\Users\***\Desktop\Aloe Blacc - Loving You Is Killing Me (Live in Studio).mp3 [2011.05.02 21:54:13 | 000,050,061 | ---- | C] () -- C:\Users\***\Desktop\zimmer.jpg [2011.04.29 17:38:11 | 000,148,340 | ---- | C] () -- C:\Windows\hphins33.dat [2011.04.29 17:38:11 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat [2011.04.29 15:28:55 | 001,316,262 | ---- | C] () -- C:\Users\***\Desktop\dj169en.exe [2011.04.29 15:13:52 | 000,175,517 | ---- | C] () -- C:\Windows\hphins26.dat.temp [2011.04.29 15:13:52 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat.temp [2011.04.29 14:57:48 | 000,175,504 | ---- | C] () -- C:\Windows\hphins26.dat [2011.04.29 14:57:48 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat [2010.08.03 20:43:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.08.03 20:42:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.05.20 12:36:28 | 000,000,016 | ---- | C] () -- C:\Users\***\AppData\Roaming\qvjsge.dat [2010.04.07 22:46:32 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini [2010.04.07 22:42:44 | 000,000,326 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.04.30 14:34:46 | 000,000,167 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.02.10 20:55:09 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2009.01.05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe [2009.01.05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini [2008.12.06 19:36:56 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2008.10.18 18:01:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.18 15:08:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2008.09.24 04:46:36 | 000,042,749 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.09.24 04:46:34 | 000,042,749 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.09.24 04:40:32 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe [2008.09.24 04:40:21 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe [2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg [2008.04.16 11:30:52 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.04.16 11:30:52 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.04.16 11:30:52 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.04.16 11:30:52 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.04.16 11:01:43 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2007.08.06 19:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe [2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:44:53 | 000,388,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe ========== LOP Check ========== [2009.09.22 00:10:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.config [2011.05.27 21:15:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011.05.28 04:55:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM [2011.05.27 21:20:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COWON [2011.05.27 20:22:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DriverCure [2011.03.11 00:27:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.24 18:01:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2010.03.30 23:11:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.05.27 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gutscheinmieze [2010.05.02 17:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2010.05.01 15:29:31 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec [2008.10.18 18:45:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.05.27 20:22:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ParetoLogic [2009.09.07 17:25:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qualcomm [2011.01.08 04:26:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\REAPER [2011.05.27 19:52:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue [2011.05.27 20:23:18 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job [2011.05.27 20:22:20 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job [2011.05.27 20:22:20 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job [2011.05.27 20:22:20 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job [2011.05.27 19:52:36 | 000,000,220 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job [2009.02.05 18:04:07 | 000,021,986 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.10.18 15:15:02 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2008.09.24 04:49:22 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS [2010.08.03 21:17:07 | 000,000,000 | -HSD | M] -- C:\Boot [2011.05.28 03:09:18 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2010.03.11 16:57:36 | 000,000,000 | ---D | M] -- C:\ct [2009.04.13 00:45:19 | 000,000,000 | ---D | M] -- C:\cwplayer [2008.10.18 15:01:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.05.05 00:40:23 | 000,000,000 | ---D | M] -- C:\dos [2008.10.30 16:21:34 | 000,000,000 | ---D | M] -- C:\logs [2011.05.09 20:40:20 | 000,000,000 | ---D | M] -- C:\minimoog [2008.01.21 04:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs [2009.06.15 17:51:29 | 000,000,000 | ---D | M] -- C:\postda [2011.05.27 22:17:50 | 000,000,000 | R--D | M] -- C:\Program Files [2011.05.27 21:40:24 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.12.06 19:12:12 | 000,000,000 | ---D | M] -- C:\qb [2010.04.07 22:46:14 | 000,000,000 | ---D | M] -- C:\SIERRA [2011.05.28 04:52:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.10.18 15:08:26 | 000,000,000 | R--D | M] -- C:\Users [2011.01.25 22:10:35 | 000,000,000 | ---D | M] -- C:\vst [2011.05.27 22:13:44 | 000,000,000 | ---D | M] -- C:\Windows [2009.09.22 18:03:02 | 000,000,000 | ---D | M] -- C:\xtender < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-28 01:09:47 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:C10F9B26 < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.05.2011 00:31:21 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\***\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,37% Memory free 4,23 Gb Paging File | 3,28 Gb Available in Paging File | 77,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 34,36 Gb Free Space | 46,11% Space Free | Partition Type: NTFS Drive D: | 64,76 Gb Total Space | 64,49 Gb Free Space | 99,59% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2C44C9B8-6FA2-4E57-96A1-F1A613941342}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3912536B-2707-456D-B4A9-2E0BFBD13EB7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{43D4CF31-CC80-4003-B456-01462B3E2027}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{65400965-145C-4B37-B8BA-CB160F537165}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CFA048CA-6731-4CE0-80BC-D81F5DEA2B0E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{EED069AF-F199-4E20-9267-EAEDDF1439CD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F51C7C49-D339-4A1B-8135-E733D223F48D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FD47045D-17EB-473A-B22C-298DFEEBB612}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{15B82674-B505-418A-B1C7-5A943354E1E5}" = protocol=6 | dir=in | app=c:\program files\ftp explorer\ftpx.exe | "{7ED725E5-9CB9-43CF-A0DC-29A6160CA23B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{95024D4A-F3B6-40DA-A908-5A53B05EDFB3}" = protocol=17 | dir=in | app=c:\program files\ftp explorer\ftpx.exe | "{B280AB1F-4344-43A8-8E2E-44F59A1F5B57}" = dir=in | app=c:\program files\asustek\asusdvd\powerdvd.exe | "{EB73C2B2-0F81-4953-AF29-0DF69B4B66BB}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe | "{F7B4AB7F-75DB-454A-B183-A901836CC404}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe | "TCP Query User{149C703E-0CD0-42C2-A9CD-EBC7B9B6B1BB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{37E0E16A-5102-4D19-94F2-F35F52D8F047}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{B723F0A3-2454-4230-B1B4-F3D8BADF0C00}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{D642D53B-3EA7-4D11-A8E2-59C21CCFB754}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{F7DB53C0-EC2F-4B0E-AADE-196AF5290D80}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{1FFBB0E6-A643-4B21-94D0-AE23BF915D21}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{99A4B196-54E2-4581-B7A6-863E97366FFF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{CE1D5C9B-B9B0-4BCE-A409-77C7F304637E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{D353F28E-A797-43FD-9FFB-71A9B614F9BA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{ED3BB049-97F1-44BC-B548-C355A98E645B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01F4EF69-CFE4-49D7-9459-3873D0FB2BDA}" = SmartFTP Client German (Germany) MUI "{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0 "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster "{0BC990FA-89D8-4F70-AFA9-0C01557FB7B3}" = SmartFTP Client "{167F938F-5AD3-40e2-B05D-2B7C6F0FDE48}" = HP Deskjet D1500 Printer Driver 10.0 Rel .3 "{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey "{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2 "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer "{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6 "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2 "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Agere Systems Soft Modem" = Agere Systems HDA Modem "Ashampoo WinOptimizer 4 FREE_is1" = Ashampoo WinOptimizer 4 FREE "Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1 "Biet-O-Matic v2.8.3" = Biet-O-Matic v2.8.3 "Caesar 3" = Caesar 3 "HijackThis" = HijackThis 2.0.2 "ImgBurn" = ImgBurn "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de) "Native Instruments Pro-53 Demo" = Native Instruments Pro-53 Demo "NVIDIA Drivers" = NVIDIA Drivers "Security Task Manager" = Security Task Manager 1.7h "Sierra-Dienstprogramme" = Sierra-Dienstprogramme "SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Tone Stack Calculator" = Tone Stack Calculator "Uniblue RegistryBooster" = Uniblue RegistryBooster ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 20.05.2011 06:32:54 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013 Description = Error - 20.05.2011 06:32:55 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013 Description = Error - 20.05.2011 06:32:55 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013 Description = Error - 20.05.2011 06:32:56 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013 Description = Error - 20.05.2011 06:32:56 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013 Description = Error - 20.05.2011 06:32:58 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013 Description = Error - 20.05.2011 06:32:58 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013 Description = Error - 20.05.2011 06:33:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013 Description = Error - 20.05.2011 06:33:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013 Description = Error - 22.05.2011 19:04:26 | Computer Name = ***-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3909 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 39c Anfangszeit: 01cc187c6c279488 Zeitpunkt der Beendigung: 60 [ System Events ] Error - 27.05.2011 15:42:40 | Computer Name = ***-PC | Source = DCOM | ID = 10016 Description = Error - 27.05.2011 15:45:37 | Computer Name = ***-PC | Source = DCOM | ID = 10016 Description = Error - 27.05.2011 15:45:39 | Computer Name = ***-PC | Source = DCOM | ID = 10016 Description = Error - 27.05.2011 15:46:04 | Computer Name = ***-PC | Source = DCOM | ID = 10016 Description = Error - 27.05.2011 15:46:05 | Computer Name = ***-PC | Source = DCOM | ID = 10016 Description = Error - 27.05.2011 15:51:01 | Computer Name = ***-PC | Source = DCOM | ID = 10016 Description = Error - 27.05.2011 16:12:33 | Computer Name = ***-PC | Source = DCOM | ID = 10016 Description = Error - 27.05.2011 16:22:22 | Computer Name = ***-PC | Source = DCOM | ID = 10016 Description = Error - 27.05.2011 16:31:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009 Description = Error - 27.05.2011 16:31:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > Code:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net Rootkit scan 2011-05-28 04:10:25 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1600BEVT-22ZCT0 rev.11.01A11 Running: ksdu5jyf.exe; Driver: C:\Users\***\AppData\Local\Temp\pwliyfow.sys ---- Kernel code sections - GMER 1.0.15 ---- ? System32\drivers\fvxllon.sys Das System kann den angegebenen Pfad nicht finden. ! .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BC04340, 0x3DC4A7, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[2644] ntdll.dll!LdrLoadDll 77AE93A8 5 Bytes JMP 011F1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider) ---- Files - GMER 1.0.15 ---- File C:\ADSM_PData_0150 0 bytes File C:\ADSM_PData_0150\DB 0 bytes File C:\ADSM_PData_0150\DB\SI.db 624 bytes File C:\ADSM_PData_0150\DB\UL.db 16 bytes File C:\ADSM_PData_0150\DB\VL.db 16 bytes File C:\ADSM_PData_0150\DB\_avt 512 bytes File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable File C:\ADSM_PData_0150\_avt 512 bytes File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6694 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 28.05.2011 00:22:42 mbam-log-2011-05-28 (00-22-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 265425 Laufzeit: 1 Stunde(n), 34 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Heuristics.Shuriken) -> Value: NvCplDaemonTool -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scancdiskd60.dll (Heuristics.Shuriken) -> No action taken. c:\Users\***\tloadF4.dll (Heuristics.Shuriken) -> No action taken. c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\E45NVVOV\about[1].exe (Heuristics.Shuriken) -> No action taken. c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> No action taken. |
Themen zu Infektion mit diverser Malware |
32 bit, alternate, antivir, audacity, autorun, avira, bho, c:\windows\system32\rundll32.exe, calculator, error, fehler, firefox, flash player, google, google earth, heuristics.shuriken, hijack, hijackthis, home, iexplore.exe, installation, malwar, malware, mozilla, ntdll.dll, nvlddmkm.sys, oldtimer, plug-in, realtek, registry, safer networking, scan, searchplugins, security, software, start menu, studio, svchost.exe, system, usb, usb 2.0, vista, {dfefcdee-cf1a-4fc8-88ad-48514e463b27} |