| |
| |||||||
Log-Analyse und Auswertung: Weitergehende Prüfung nach Windows RecoveryWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.06.2011, 14:56
| #1 |
| |  Weitergehende Prüfung nach Windows Recovery Guten Tag liebe Forengemeinde! Habe mir die Windows Recovery Sache eingefangen und bin schön nach der Anleitung aus http://www.trojaner-board.de/96741-w...entfernen.html vorgegangen. Hat alles soweit funktioniert. Die Meldungen kommen nicht mehr - der Bildschirmhintergrund ist zwar nach wie vor Schwarz, aber das werde ich wohl selber wieder ändern müssen? Des weiteren is das Desktop-Symbol von Windows Recovery noch da. Auch die versteckten Dateien sehe ich nach den Einstellungen wieder, indem ich die unsichtbaren anzeigen lasse. Zusätzlich kommt beim Start noch eine kurze Meldung, welche gleich wieder verschwindet, dass das Catalyst controlecenter nicht funktioniert. Auch die Schnellstartleiste ist nach wie vor nicht wieder, wie sie ursprünglich war. Im allgemeinen kommt es mir auch vor, also würde der PC noch ein wenig langsamer laufen. Jetzt versuche ich Schritt für Schritt http://www.trojaner-board.de/69886-a...-beachten.html zu befolgen. Defogger Log sagt folgendes: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:20 on 05/06/2011 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 05.06.2011 15:35:25 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\***\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 71.92% Memory free 7.99 Gb Paging File | 6.83 Gb Available in Paging File | 85.52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97.66 Gb Total Space | 18.38 Gb Free Space | 18.82% Space Free | Partition Type: NTFS Drive D: | 833.66 Gb Total Space | 340.03 Gb Free Space | 40.79% Space Free | Partition Type: NTFS Drive E: | 1.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.05 15:30:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2010.10.19 16:16:09 | 000,218,496 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2010.10.18 14:55:10 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2009.12.17 18:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2009.11.10 19:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razerhid.exe PRC - [2009.11.04 17:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razertra.exe PRC - [2009.08.04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009.08.04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2007.08.16 18:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files (x86)\Razer\Lachesis\OSD.exe PRC - [2007.06.05 11:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Lachesis\razerofa.exe ========== Modules (SafeList) ========== MOD - [2011.06.05 15:30:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.10.07 04:28:28 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.06.03 10:43:31 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.10.19 16:16:09 | 000,218,496 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2010.10.18 14:55:10 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.12.17 18:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009.08.04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.07.26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.07.11 11:08:50 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.10.16 22:09:14 | 000,029,952 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr) DRV:64bit: - [2009.10.07 05:08:18 | 006,170,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.09.30 16:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.08.13 10:10:42 | 000,112,240 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.07.30 13:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009.06.10 22:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.01.16 11:18:12 | 000,610,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dr71WU.sys -- (RT73) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 0C 51 A5 A9 FA CB 01 [binary data] IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.27 16:53:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.27 16:53:05 | 000,000,000 | ---D | M] [2009.12.23 17:24:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.07.11 10:56:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fngpov4j.default\extensions [2011.05.15 13:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.05.15 13:25:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.05.09 13:59:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.11 08:22:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} File not found (No name found) -- [2011.05.15 13:27:16 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2011.05.15 13:27:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.15 13:27:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.05.15 13:27:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.11 10:50:19 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src [2011.05.15 13:27:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.15 13:27:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.15 13:27:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Steam] D:\Games\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.06.05 15:30:53 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.06.05 14:19:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.06.05 14:18:42 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.06.05 14:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.06.05 14:18:39 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.06.05 14:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.06.05 13:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer [2011.06.05 12:58:14 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery [2011.06.05 12:06:45 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{DFCFD77B-25BC-4575-8396-25D14AAB4215} [2011.06.04 11:05:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{8A4DA2C1-A380-4D60-BE63-67F72FDCAF5A} [2011.06.03 23:04:58 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{698E3E21-62F7-414B-A6CB-DEEAFD77B2A8} [2011.06.03 11:04:34 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{C9554147-CCFF-4544-8262-A053B38AF8BC} [2011.06.02 23:04:09 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{E1CA28FF-34EB-4A77-AC32-3D779645B9EB} [2011.06.02 11:03:45 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{1B6468D7-5BF8-48E2-B592-D421C82B6365} [2011.06.01 23:03:09 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{3670F46A-2E2B-40BB-B2AA-0BC563F561E6} [2011.06.01 11:02:43 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{8BE6CED1-F153-4F49-B45F-EA6D649264F3} [2011.05.30 12:51:44 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{48698A7C-84E4-4D0F-9FC1-778BE485C27B} [2011.05.28 11:28:17 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{DEDC0D85-F326-4DBE-ADA3-F739CA6C01C4} [2011.05.28 11:28:17 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{7F6579CA-F650-44EB-A15C-0110CB53DB43} [2011.05.27 16:57:02 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Apple Computer [2011.05.27 16:57:02 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Apple Computer [2011.05.27 16:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.05.27 16:56:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2011.05.27 16:56:48 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.05.27 16:56:47 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.05.27 16:56:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.05.27 16:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2011.05.27 16:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.05.27 16:52:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Apple Computer [2011.05.27 16:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2011.05.27 16:52:49 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Apple [2011.05.27 16:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011.05.27 16:52:39 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple [2011.05.27 16:52:28 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.05.27 16:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011.05.27 16:52:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Apple [2011.05.27 16:52:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011.05.27 13:57:30 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{75D45684-62BB-4E1A-9EB0-C9439D8C3D96} [2011.05.26 11:34:57 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{3C70E445-846C-4DB9-8F27-D0E014959662} [2011.05.25 18:48:29 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{5B4ED154-FDC6-4473-83F0-74469663C0BF} [2011.05.25 18:46:18 | 000,000,000 | ---D | C] -- C:\Windows\de [2011.05.25 18:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2011.05.25 18:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.05.25 18:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2011.05.25 18:40:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Windows Live [2011.05.25 18:05:27 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\GoPro HD [2011.05.21 17:58:41 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\Log OS Downloads [2011.05.19 23:08:56 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Gunther Wegner [2011.05.19 23:08:08 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\LRTimelapse [2011.05.15 13:25:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Skype Extras [2011.05.15 13:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.05.15 13:24:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype ========== Files - Modified Within 30 Days ========== [2011.06.05 15:31:02 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.05 15:31:02 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.05 15:30:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.06.05 15:26:42 | 004,778,196 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.06.05 15:26:42 | 000,694,232 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2011.06.05 15:26:42 | 000,693,256 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2011.06.05 15:26:42 | 000,688,910 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2011.06.05 15:26:42 | 000,679,144 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2011.06.05 15:26:42 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.06.05 15:26:42 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.06.05 15:26:42 | 000,136,864 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2011.06.05 15:26:42 | 000,133,554 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2011.06.05 15:26:42 | 000,129,942 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2011.06.05 15:26:42 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.06.05 15:26:42 | 000,126,946 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2011.06.05 15:26:42 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.06.05 15:22:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.05 15:22:01 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys [2011.06.05 15:20:56 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2011.06.05 15:20:13 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2011.06.05 14:18:42 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.05 13:57:27 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2011.06.05 12:58:14 | 000,000,642 | -H-- | M] () -- C:\Users\***\Desktop\Windows 7 Recovery.lnk [2011.06.05 12:58:14 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~40361720r [2011.06.05 12:58:14 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~40361720 [2011.06.05 12:58:13 | 000,000,336 | -H-- | M] () -- C:\ProgramData\40361720 [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.25 18:46:02 | 000,001,312 | -H-- | M] () -- C:\Users\***\Desktop\Windows Live Movie Maker.lnk [2011.05.20 14:14:09 | 000,125,564 | -H-- | M] () -- C:\Users\***\Desktop\Dienstverschiebungsgesuch.xps [2011.05.19 22:58:37 | 005,141,930 | -H-- | M] () -- C:\Users\***\Desktop\LRTimelapse.zip [2011.05.19 22:00:06 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT [2011.05.19 21:36:08 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT ========== Files Created - No Company Name ========== [2011.06.05 15:20:56 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2011.06.05 15:20:12 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2011.06.05 14:18:42 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.05 13:57:27 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2011.06.05 12:58:14 | 000,000,642 | -H-- | C] () -- C:\Users\***\Desktop\Windows 7 Recovery.lnk [2011.06.05 12:58:14 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~40361720r [2011.06.05 12:58:14 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~40361720 [2011.06.05 12:58:13 | 000,000,336 | -H-- | C] () -- C:\ProgramData\40361720 [2011.05.25 18:48:28 | 000,001,312 | -H-- | C] () -- C:\Users\***\Desktop\Windows Live Movie Maker.lnk [2011.05.20 14:14:05 | 000,125,564 | -H-- | C] () -- C:\Users\***\Desktop\Dienstverschiebungsgesuch.xps [2011.05.19 22:58:05 | 005,141,930 | -H-- | C] () -- C:\Users\***\Desktop\LRTimelapse.zip [2010.10.04 21:21:45 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe [2010.08.19 23:25:41 | 000,139,432 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.05.08 16:57:31 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Speech Enhancer [2010.05.08 16:57:31 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Soundtrack [2010.05.08 16:57:31 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.05.08 16:57:31 | 000,000,012 | RH-- | C] () -- C:\ProgramData\String Comparison [2010.05.08 16:53:47 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Spacious [2010.05.08 16:53:47 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Sound Effects [2010.05.08 16:53:47 | 000,000,012 | RH-- | C] () -- C:\ProgramData\StartupItems [2010.05.08 16:53:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2010.03.04 21:26:17 | 000,218,496 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.03.04 21:26:16 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.03.04 21:26:16 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2009.12.30 01:34:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.19 16:55:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.10.19 16:29:17 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009.10.19 16:29:17 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.10.19 16:26:13 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2009.08.27 09:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll ========== LOP Check ========== [2011.04.22 22:05:14 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2011.05.30 16:44:00 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\BitTorrent [2010.07.11 11:12:40 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2010.06.20 15:46:20 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Facebook [2011.05.19 23:08:56 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Gunther Wegner [2010.07.11 11:59:08 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Gutscheinmieze [2011.05.04 12:44:20 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\HDRsoft [2010.08.05 02:12:02 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\LolClient [2010.06.20 12:55:47 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Nikon [2010.01.10 14:24:18 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Razer [2010.01.11 00:26:14 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2009.12.30 23:17:10 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2011.05.30 12:49:49 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.05.21 13:50:05 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.10.19 16:41:29 | 000,000,000 | -H-D | M] -- C:\AMD [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.12.23 17:09:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.10.19 16:26:59 | 000,000,000 | -H-D | M] -- C:\Intel [2009.08.19 09:20:37 | 000,000,000 | -H-D | M] -- C:\Kaspersky_2010 [2009.08.19 09:22:06 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.05.27 16:56:48 | 000,000,000 | R--D | M] -- C:\Programme [2011.06.05 14:18:39 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.06.05 15:07:01 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.12.23 17:09:27 | 000,000,000 | -HSD | M] -- C:\Programme [2009.10.19 16:31:16 | 000,000,000 | -H-D | M] -- C:\RaidTool [2009.12.23 17:09:27 | 000,000,000 | -HSD | M] -- C:\Recovery [2009.08.19 09:20:32 | 000,000,000 | -H-D | M] -- C:\STEG [2011.06.05 15:36:13 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.05.09 21:23:33 | 000,000,000 | R--D | M] -- C:\Users [2011.05.25 18:46:18 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\***\AppData\Local\Temp\RarSFX1\procs\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\***\AppData\Local\Temp\RarSFX1\h\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\***\AppData\Local\Temp\RarSFX1\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\***\AppData\Local\Temp\RarSFX1\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Code:
ATTFilter OTL Extras logfile created on: 05.06.2011 15:35:25 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\***\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 71.92% Memory free
7.99 Gb Paging File | 6.83 Gb Available in Paging File | 85.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 18.38 Gb Free Space | 18.82% Space Free | Partition Type: NTFS
Drive D: | 833.66 Gb Total Space | 340.03 Gb Free Space | 40.79% Space Free | Partition Type: NTFS
Drive E: | 1.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{270D4D2B-CEB9-C46B-4F17-B1390D450AB1}" = ATI AVIVO64 Codecs
"{60DBBC99-2D06-E985-6C21-2E637C030874}" = ATI Catalyst Install Manager
"{6EC70FBF-7390-74A2-E0A8-8D414F89FE6C}" = ATI Problem Report Wizard
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{844F6966-C077-4A61-4D2B-4CE155257163}" = ccc-utility64
"{8BBA6F77-4A79-4E90-BD82-E24669ACF221}" = Adobe Photoshop Lightroom 3.4.1 64-bit
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PhotomatixPro4.0x64_is1" = Photomatix Pro version 4.0.2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04FE401C-4621-4DB6-8FDC-E005E5CF8F0F}" = CCC Help Greek
"{08EF3284-0D6D-349C-F1A5-E2E89F593B31}" = CCC Help Portuguese
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DC69BC0-2786-E0F1-AC65-3E3A2F185E05}" = Catalyst Control Center Graphics Previews Vista
"{0F989337-0B75-6A1A-ED90-D5C81D4B928B}" = Catalyst Control Center Graphics Full Existing
"{1505303D-79F1-F93D-3449-8B15B1EA940E}" = CCC Help Danish
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2507B07A-500D-4377-FBCF-6DC154A9F275}" = Catalyst Control Center Graphics Full New
"{250AB80A-A96C-29E4-621D-EF97BCB8B9C4}" = CCC Help Hungarian
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{29370F90-2E3D-C3A6-D039-5E26F10635AE}" = CCC Help Korean
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus XtremeG DWL-G122
"{2E601BA9-2FCA-2A66-14B6-659CE5720E78}" = CCC Help Czech
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3DFDA2FF-E9DB-E63D-590D-A22594E21F38}" = CCC Help Thai
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{44A18820-82E5-A498-D5DF-11E9A112E540}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C452061-9806-D73E-5ECD-3DFE54F3A9E5}" = CCC Help French
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{543909C1-3432-16B2-D7C4-B6AF0972573B}" = CCC Help German
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5F45E955-1E0A-01FF-40AA-906DF409D4BC}" = CCC Help English
"{6644E8D5-0BD5-885A-1273-869D65E9CBDA}" = CCC Help Italian
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = LuminanceHDR 2.0.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789C047C-A1BA-657C-1172-0702F4EE08D3}" = CCC Help Turkish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0816-0000-0000000FF1CE}_PROHYBRIDR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0816-0000-0000000FF1CE}_PROHYBRIDR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0816-0000-0000000FF1CE}_PROHYBRIDR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0816-0000-0000000FF1CE}_PROHYBRIDR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0816-0000-0000000FF1CE}_PROHYBRIDR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0816-0000-0000000FF1CE}_PROHYBRIDR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_PROHYBRIDR_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROHYBRIDR_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_PROHYBRIDR_{C312E1CD-EC19-4270-A072-F36F634DFF79}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-040C-1000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0410-1000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0816-1000-0000000FF1CE}_PROHYBRIDR_{A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0C0A-1000-0000000FF1CE}_PROHYBRIDR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0816-0000-0000000FF1CE}_PROHYBRIDR_{A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91398948-1237-E884-D508-784499AF749D}" = ccc-core-static
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EB07342-575D-6DE4-1955-98A0534AF77A}" = Catalyst Control Center HydraVision Full
"{9EEB1602-1044-F0B4-1CB5-923B68F522A6}" = CCC Help Finnish
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A53B8515-7029-398F-0C5E-C0F8A9F7FA01}" = CCC Help Polish
"{A5DC3B72-BFDC-43F5-45E2-6A19E8940F7E}" = CCC Help Chinese Traditional
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4C5E2D7-07B2-B7F3-E106-8A0E3CC633C9}" = CCC Help Japanese
"{C4EECC3D-1642-A683-9732-A698222B65B1}" = CCC Help Spanish
"{C6CF55F6-84FB-64B8-2745-76872FB3CD7B}" = Catalyst Control Center Graphics Light
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{CB073983-1A8D-5ADF-BB99-F1D6A7FD5002}" = CCC Help Swedish
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CBC8B827-F013-A99E-D480-895BFE5D849F}" = Catalyst Control Center Core Implementation
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEA1648F-54C2-3F7C-FE08-5E0948D5BE8B}" = CCC Help Dutch
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4720B7D-5C0D-74E6-7F36-DC7253B20E43}" = Catalyst Control Center InstallProxy
"{D842B0D9-F765-2386-51AA-F8A4872C3BB3}" = CCC Help Russian
"{D8B2AB1F-E10C-B446-4EAC-357EEED96CC5}" = Catalyst Control Center Graphics Previews Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1ADBFA9-26C3-C21F-47C4-6748982C2DDE}" = Catalyst Control Center Localization All
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7EE88BF-D287-74E1-EC9C-29746228B0D8}" = HydraVision
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0AC616C-528E-B50E-2E45-920E963F94A5}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BitTorrent" = BitTorrent
"EADM" = EA Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.04.2011 09:12:22 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.210.7 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ea0 Startzeit:
01cbf9130da77283 Endzeit: 22 Anwendungspfad: C:\Program Files (x86)\Java\jre6\bin\javaw.exe
Berichts-ID:
Error - 12.04.2011 09:24:51 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.210.7 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d28 Startzeit:
01cbf913446ffdfe Endzeit: 14 Anwendungspfad: C:\Program Files (x86)\Java\jre6\bin\javaw.exe
Berichts-ID:
Error - 12.04.2011 09:29:04 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.210.7 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 104 Startzeit:
01cbf9151c5d2d3b Endzeit: 32 Anwendungspfad: C:\Program Files (x86)\Java\jre6\bin\javaw.exe
Berichts-ID:
Error - 12.04.2011 09:32:17 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.210.7 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: bc4 Startzeit:
01cbf9159c7bfd1c Endzeit: 33 Anwendungspfad: C:\Program Files (x86)\Java\jre6\bin\javaw.exe
Berichts-ID:
Error - 12.04.2011 09:35:25 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.210.7 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b4c Startzeit:
01cbf9160fcd2d8e Endzeit: 26 Anwendungspfad: C:\Program Files (x86)\Java\jre6\bin\javaw.exe
Berichts-ID:
Error - 14.04.2011 09:42:33 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.210.7 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: aac Startzeit:
01cbfaa97dc6662e Endzeit: 30 Anwendungspfad: C:\Program Files (x86)\Java\jre6\bin\javaw.exe
Berichts-ID:
06d8a4d7-669d-11e0-ba5a-6cf0490050e4
Error - 22.04.2011 22:05:27 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.210.7 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d5c Startzeit:
01cc01288e7d8872 Endzeit: 37 Anwendungspfad: C:\Program Files (x86)\Java\jre6\bin\javaw.exe
Berichts-ID:
Error - 22.04.2011 22:07:55 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.210.7 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1170 Startzeit:
01cc015aef608ef7 Endzeit: 28 Anwendungspfad: C:\Program Files (x86)\Java\jre6\bin\javaw.exe
Berichts-ID:
7a2fed75-6d4e-11e0-9e52-6cf0490050e4
Error - 01.05.2011 17:35:40 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm lightroom.exe, Version 3.3.0.10 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 4a0 Startzeit:
01cc084773a9e6ec Endzeit: 40 Anwendungspfad: D:\Media\Adobe Lightroom\lightroom.exe
Berichts-ID:
f277f9a9-743a-11e0-a437-6cf0490050e4
Error - 01.05.2011 17:37:56 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm lightroom.exe, Version 3.3.0.10 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 114c Startzeit:
01cc0847bc14684e Endzeit: 55 Anwendungspfad: D:\Media\Adobe Lightroom\lightroom.exe
Berichts-ID:
41604201-743b-11e0-a437-6cf0490050e4
[ System Events ]
Error - 27.10.2010 16:46:46 | Computer Name = *** | Source = DCOM | ID = 10010
Description =
Error - 27.10.2010 16:46:46 | Computer Name = *** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80080005 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
(KB2388210)
Error - 03.11.2010 09:40:57 | Computer Name = *** | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 04.11.2010 08:37:54 | Computer Name = *** | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 09.11.2010 14:51:57 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 09.11.2010 14:51:57 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 16.11.2010 19:08:40 | Computer Name = *** | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 17.11.2010 11:11:18 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 17.11.2010 11:11:18 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 21.11.2010 10:20:32 | Computer Name = *** | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
< End of report >
Grüsse |
|
05.06.2011, 17:27
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Weitergehende Prüfung nach Windows Recovery Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
[2011.06.05 12:58:14 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
:Files
C:\Users\***\AppData\Local\{*
C:\ProgramData\~*
C:\ProgramData\4*
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ |
|
05.06.2011, 17:55
| #3 |
| | Weitergehende Prüfung nach Windows Recovery Danke dir
__________________Folgendes sagt der Log: Code:
ATTFilter ========== OTL ==========
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery folder moved successfully.
========== FILES ==========
C:\Users\***\AppData\Local\{1B6468D7-5BF8-48E2-B592-D421C82B6365} folder moved successfully.
C:\Users\***\AppData\Local\{3670F46A-2E2B-40BB-B2AA-0BC563F561E6} folder moved successfully.
C:\Users\***\AppData\Local\{3C70E445-846C-4DB9-8F27-D0E014959662} folder moved successfully.
C:\Users\***\AppData\Local\{48698A7C-84E4-4D0F-9FC1-778BE485C27B} folder moved successfully.
C:\Users\***\AppData\Local\{5B4ED154-FDC6-4473-83F0-74469663C0BF} folder moved successfully.
C:\Users\***\AppData\Local\{698E3E21-62F7-414B-A6CB-DEEAFD77B2A8} folder moved successfully.
C:\Users\***\AppData\Local\{75D45684-62BB-4E1A-9EB0-C9439D8C3D96} folder moved successfully.
C:\Users\***\AppData\Local\{7F6579CA-F650-44EB-A15C-0110CB53DB43} folder moved successfully.
C:\Users\***\AppData\Local\{8A4DA2C1-A380-4D60-BE63-67F72FDCAF5A} folder moved successfully.
C:\Users\***\AppData\Local\{8BE6CED1-F153-4F49-B45F-EA6D649264F3} folder moved successfully.
C:\Users\***\AppData\Local\{C9554147-CCFF-4544-8262-A053B38AF8BC} folder moved successfully.
C:\Users\***\AppData\Local\{DEDC0D85-F326-4DBE-ADA3-F739CA6C01C4} folder moved successfully.
C:\Users\***\AppData\Local\{DFCFD77B-25BC-4575-8396-25D14AAB4215} folder moved successfully.
C:\Users\***\AppData\Local\{E1CA28FF-34EB-4A77-AC32-3D779645B9EB} folder moved successfully.
C:\ProgramData\~40361720 moved successfully.
C:\ProgramData\~40361720r moved successfully.
C:\ProgramData\40361720 moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.23.0 log created on 06052011_185111
|
|
05.06.2011, 18:27
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weitergehende Prüfung nach Windows Recovery Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.06.2011, 19:43
| #5 |
| | Weitergehende Prüfung nach Windows Recovery Und weiter gehts, danke für diese überaus schnelle Bearbeitung meines Problemes! Code:
ATTFilter 2011/06/05 20:38:40.0117 4348 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 20:38:40.0191 4348 ================================================================================
2011/06/05 20:38:40.0191 4348 SystemInfo:
2011/06/05 20:38:40.0191 4348
2011/06/05 20:38:40.0191 4348 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/05 20:38:40.0191 4348 Product type: Workstation
2011/06/05 20:38:40.0191 4348 ComputerName: ***
2011/06/05 20:38:40.0191 4348 UserName: ***
2011/06/05 20:38:40.0191 4348 Windows directory: C:\Windows
2011/06/05 20:38:40.0191 4348 System windows directory: C:\Windows
2011/06/05 20:38:40.0191 4348 Running under WOW64
2011/06/05 20:38:40.0191 4348 Processor architecture: Intel x64
2011/06/05 20:38:40.0191 4348 Number of processors: 8
2011/06/05 20:38:40.0191 4348 Page size: 0x1000
2011/06/05 20:38:40.0191 4348 Boot type: Normal boot
2011/06/05 20:38:40.0191 4348 ================================================================================
2011/06/05 20:38:41.0173 4348 Initialize success
2011/06/05 20:40:12.0040 0360 ================================================================================
2011/06/05 20:40:12.0040 0360 Scan started
2011/06/05 20:40:12.0040 0360 Mode: Manual;
2011/06/05 20:40:12.0040 0360 ================================================================================
2011/06/05 20:40:12.0351 0360 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/05 20:40:12.0387 0360 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/05 20:40:12.0431 0360 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/05 20:40:12.0479 0360 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/05 20:40:12.0506 0360 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/05 20:40:12.0541 0360 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/05 20:40:12.0596 0360 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/06/05 20:40:12.0622 0360 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/05 20:40:12.0642 0360 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/05 20:40:12.0665 0360 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/05 20:40:12.0685 0360 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/05 20:40:12.0701 0360 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/05 20:40:12.0726 0360 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/06/05 20:40:12.0747 0360 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/05 20:40:12.0768 0360 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/06/05 20:40:12.0791 0360 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/05 20:40:12.0841 0360 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/05 20:40:12.0861 0360 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/05 20:40:12.0884 0360 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/05 20:40:12.0897 0360 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/05 20:40:12.0955 0360 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2011/06/05 20:40:13.0076 0360 atikmdag (b86a300894d3531c4421d93977a2d7ee) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/05 20:40:13.0176 0360 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/05 20:40:13.0207 0360 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/05 20:40:13.0250 0360 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/05 20:40:13.0284 0360 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/05 20:40:13.0321 0360 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/05 20:40:13.0344 0360 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/05 20:40:13.0355 0360 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/05 20:40:13.0380 0360 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/05 20:40:13.0406 0360 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/05 20:40:13.0419 0360 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/05 20:40:13.0432 0360 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/05 20:40:13.0466 0360 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/05 20:40:13.0494 0360 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/05 20:40:13.0518 0360 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/05 20:40:13.0542 0360 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/05 20:40:13.0572 0360 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/05 20:40:13.0622 0360 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/05 20:40:13.0647 0360 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/05 20:40:13.0670 0360 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/05 20:40:13.0699 0360 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/05 20:40:13.0721 0360 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/05 20:40:13.0750 0360 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/05 20:40:13.0795 0360 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/06/05 20:40:13.0852 0360 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/06/05 20:40:13.0876 0360 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/05 20:40:13.0907 0360 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/05 20:40:13.0946 0360 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/05 20:40:13.0985 0360 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/05 20:40:14.0017 0360 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
2011/06/05 20:40:14.0090 0360 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/05 20:40:14.0160 0360 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/05 20:40:14.0184 0360 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/05 20:40:14.0215 0360 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/05 20:40:14.0229 0360 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/05 20:40:14.0250 0360 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/05 20:40:14.0276 0360 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/05 20:40:14.0297 0360 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/05 20:40:14.0312 0360 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/05 20:40:14.0331 0360 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/05 20:40:14.0361 0360 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/05 20:40:14.0375 0360 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/05 20:40:14.0411 0360 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/05 20:40:14.0437 0360 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/05 20:40:14.0490 0360 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/05 20:40:14.0511 0360 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/05 20:40:14.0535 0360 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/05 20:40:14.0578 0360 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/05 20:40:14.0591 0360 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/05 20:40:14.0613 0360 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/05 20:40:14.0637 0360 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/05 20:40:14.0673 0360 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/05 20:40:14.0710 0360 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/05 20:40:14.0738 0360 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/05 20:40:14.0765 0360 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/05 20:40:14.0802 0360 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/05 20:40:14.0849 0360 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/06/05 20:40:14.0903 0360 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/05 20:40:14.0981 0360 IntcAzAudAddService (397af4c77e4ac1b262e4ebac2958188c) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/05 20:40:15.0017 0360 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/05 20:40:15.0043 0360 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/05 20:40:15.0075 0360 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/05 20:40:15.0101 0360 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/05 20:40:15.0128 0360 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/05 20:40:15.0162 0360 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/05 20:40:15.0177 0360 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/05 20:40:15.0203 0360 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/05 20:40:15.0256 0360 JRAID (86cfef6dc6de51aab0c10384fe98f48f) C:\Windows\system32\DRIVERS\jraid.sys
2011/06/05 20:40:15.0285 0360 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/05 20:40:15.0304 0360 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/05 20:40:15.0327 0360 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/05 20:40:15.0343 0360 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/05 20:40:15.0357 0360 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/05 20:40:15.0397 0360 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/05 20:40:15.0435 0360 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/05 20:40:15.0452 0360 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/05 20:40:15.0466 0360 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/05 20:40:15.0480 0360 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/05 20:40:15.0503 0360 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/05 20:40:15.0549 0360 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/05 20:40:15.0562 0360 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/05 20:40:15.0587 0360 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/05 20:40:15.0604 0360 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/05 20:40:15.0627 0360 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/05 20:40:15.0651 0360 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/05 20:40:15.0691 0360 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/05 20:40:15.0714 0360 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/05 20:40:15.0737 0360 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/05 20:40:15.0767 0360 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/05 20:40:15.0800 0360 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/05 20:40:15.0816 0360 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/05 20:40:15.0843 0360 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/05 20:40:15.0863 0360 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/05 20:40:15.0881 0360 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/05 20:40:15.0916 0360 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/05 20:40:15.0933 0360 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/05 20:40:15.0951 0360 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/05 20:40:15.0980 0360 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/05 20:40:16.0010 0360 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/05 20:40:16.0038 0360 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/05 20:40:16.0064 0360 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/05 20:40:16.0090 0360 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/05 20:40:16.0126 0360 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/05 20:40:16.0146 0360 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/05 20:40:16.0170 0360 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/05 20:40:16.0215 0360 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/05 20:40:16.0257 0360 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/05 20:40:16.0289 0360 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/05 20:40:16.0310 0360 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/05 20:40:16.0324 0360 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/05 20:40:16.0337 0360 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/05 20:40:16.0351 0360 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/05 20:40:16.0366 0360 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/05 20:40:16.0388 0360 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/05 20:40:16.0474 0360 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
2011/06/05 20:40:16.0515 0360 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/05 20:40:16.0539 0360 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/05 20:40:16.0556 0360 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/05 20:40:16.0603 0360 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/06/05 20:40:16.0635 0360 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/05 20:40:16.0809 0360 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/05 20:40:16.0976 0360 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/06/05 20:40:17.0000 0360 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/06/05 20:40:17.0033 0360 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/05 20:40:17.0064 0360 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/05 20:40:17.0119 0360 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/05 20:40:17.0141 0360 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/05 20:40:17.0162 0360 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/05 20:40:17.0178 0360 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/05 20:40:17.0190 0360 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/05 20:40:17.0220 0360 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/05 20:40:17.0243 0360 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/05 20:40:17.0344 0360 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/05 20:40:17.0364 0360 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/05 20:40:17.0395 0360 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/05 20:40:17.0435 0360 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/05 20:40:17.0458 0360 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/05 20:40:17.0485 0360 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/05 20:40:17.0505 0360 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/05 20:40:17.0534 0360 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/05 20:40:17.0555 0360 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/05 20:40:17.0583 0360 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/05 20:40:17.0597 0360 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/05 20:40:17.0620 0360 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/05 20:40:17.0640 0360 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/05 20:40:17.0656 0360 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/05 20:40:17.0684 0360 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/06/05 20:40:17.0717 0360 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/05 20:40:17.0741 0360 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/05 20:40:17.0755 0360 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/05 20:40:17.0781 0360 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/06/05 20:40:17.0828 0360 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/05 20:40:17.0888 0360 RT73 (3b5809e9d3b8995fb65a82cb92745072) C:\Windows\system32\DRIVERS\Dr71WU.sys
2011/06/05 20:40:17.0916 0360 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/05 20:40:17.0939 0360 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/06/05 20:40:17.0958 0360 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/05 20:40:17.0984 0360 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/05 20:40:18.0004 0360 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/05 20:40:18.0029 0360 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/05 20:40:18.0047 0360 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/05 20:40:18.0075 0360 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/05 20:40:18.0105 0360 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/05 20:40:18.0123 0360 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/05 20:40:18.0143 0360 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/05 20:40:18.0154 0360 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/05 20:40:18.0186 0360 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/05 20:40:18.0205 0360 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/05 20:40:18.0226 0360 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/05 20:40:18.0261 0360 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/05 20:40:18.0328 0360 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
2011/06/05 20:40:18.0367 0360 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/06/05 20:40:18.0400 0360 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/05 20:40:18.0442 0360 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/05 20:40:18.0485 0360 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/05 20:40:18.0514 0360 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/06/05 20:40:18.0530 0360 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/06/05 20:40:18.0546 0360 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/05 20:40:18.0619 0360 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/06/05 20:40:18.0671 0360 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/05 20:40:18.0693 0360 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/05 20:40:18.0709 0360 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/05 20:40:18.0733 0360 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/05 20:40:18.0756 0360 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/05 20:40:18.0790 0360 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/05 20:40:18.0820 0360 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/05 20:40:18.0856 0360 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/05 20:40:18.0868 0360 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/05 20:40:18.0895 0360 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/05 20:40:18.0927 0360 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/05 20:40:18.0951 0360 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/05 20:40:18.0969 0360 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/05 20:40:19.0001 0360 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/06/05 20:40:19.0033 0360 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/05 20:40:19.0069 0360 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/05 20:40:19.0101 0360 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
2011/06/05 20:40:19.0136 0360 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/05 20:40:19.0160 0360 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
2011/06/05 20:40:19.0181 0360 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/05 20:40:19.0210 0360 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/05 20:40:19.0243 0360 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
2011/06/05 20:40:19.0277 0360 VaneFltr (18436f7006443fb76145b3d35162a810) C:\Windows\system32\drivers\Lachesis.sys
2011/06/05 20:40:19.0299 0360 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/05 20:40:19.0322 0360 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/05 20:40:19.0340 0360 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/05 20:40:19.0363 0360 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/05 20:40:19.0381 0360 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/05 20:40:19.0405 0360 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/06/05 20:40:19.0430 0360 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/06/05 20:40:19.0449 0360 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/05 20:40:19.0469 0360 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/05 20:40:19.0503 0360 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/05 20:40:19.0541 0360 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/05 20:40:19.0571 0360 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/05 20:40:19.0597 0360 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/05 20:40:19.0634 0360 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/06/05 20:40:19.0674 0360 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/05 20:40:19.0698 0360 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 20:40:19.0709 0360 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 20:40:19.0759 0360 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/05 20:40:19.0787 0360 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/05 20:40:19.0838 0360 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/05 20:40:19.0859 0360 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/05 20:40:19.0927 0360 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/05 20:40:19.0968 0360 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/05 20:40:20.0006 0360 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/05 20:40:20.0032 0360 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/05 20:40:20.0059 0360 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/05 20:40:20.0097 0360 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/05 20:40:20.0103 0360 ================================================================================
2011/06/05 20:40:20.0103 0360 Scan finished
2011/06/05 20:40:20.0103 0360 ================================================================================
2011/06/05 20:40:20.0111 2360 Detected object count: 0
2011/06/05 20:40:20.0111 2360 Actual detected object count: 0
|
|
05.06.2011, 19:50
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weitergehende Prüfung nach Windows Recovery Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Weitergehende Prüfung nach Windows Recovery |
|
05.06.2011, 20:29
| #7 |
| | Weitergehende Prüfung nach Windows RecoveryCode:
ATTFilter ComboFix 11-06-05.02 - *** 05.06.2011 21:09:03.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.41.1031.18.4091.2364 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\Desktop\Windows 7 Recovery.lnk
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-05 bis 2011-06-05 ))))))))))))))))))))))))))))))
.
.
2011-06-05 19:12 . 2011-06-05 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-05 19:08 . 2011-06-05 19:08 -------- d-----w- C:\32788R22FWJFW
2011-06-05 16:51 . 2011-06-05 16:51 -------- d-----w- C:\_OTL
2011-06-05 12:19 . 2011-06-05 12:19 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-06-05 12:18 . 2011-06-05 12:18 -------- d-----w- c:\programdata\Malwarebytes
2011-06-05 12:18 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-05 12:18 . 2011-06-05 13:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-05 12:18 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 11:57 . 2011-06-05 12:01 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer
2011-06-03 08:47 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2A11372-E382-44B4-8A8D-CA74BCA9BF43}\mpengine.dll
2011-05-27 14:57 . 2011-05-27 15:05 -------- d-----w- c:\users\***\AppData\Roaming\Apple Computer
2011-05-27 14:57 . 2011-05-27 14:57 -------- d-----w- c:\users\***\AppData\Local\Apple Computer
2011-05-27 14:56 . 2011-05-27 14:56 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-27 14:56 . 2009-05-18 11:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-27 14:56 . 2008-04-17 10:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-05-27 14:56 . 2008-04-17 10:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-05-27 14:56 . 2011-05-27 14:56 -------- d-----w- c:\program files\iPod
2011-05-27 14:56 . 2011-05-27 14:56 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-05-27 14:56 . 2011-05-27 14:56 -------- d-----w- c:\program files\iTunes
2011-05-27 14:56 . 2011-05-27 14:56 -------- d-----w- c:\program files (x86)\iTunes
2011-05-27 14:52 . 2011-05-27 14:56 -------- d-----w- c:\programdata\Apple Computer
2011-05-27 14:52 . 2011-05-27 14:53 -------- d-----w- c:\program files (x86)\QuickTime
2011-05-27 14:52 . 2011-05-27 14:52 -------- d-----w- c:\users\***\AppData\Local\Apple
2011-05-27 14:52 . 2011-05-27 14:52 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-05-27 14:52 . 2011-05-27 14:52 -------- d-----w- c:\program files\Common Files\Apple
2011-05-27 14:52 . 2011-05-27 14:52 -------- d-----w- c:\program files\Bonjour
2011-05-27 14:52 . 2011-05-27 14:52 -------- d-----w- c:\program files (x86)\Bonjour
2011-05-27 14:52 . 2011-05-27 14:56 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-05-27 14:52 . 2011-05-27 14:52 -------- d-----w- c:\programdata\Apple
2011-05-25 16:46 . 2011-05-25 16:46 -------- d-----w- c:\windows\de
2011-05-25 16:45 . 2011-05-25 16:45 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-05-25 16:43 . 2011-05-27 11:53 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-05-25 16:42 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-05-25 16:42 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-05-25 16:42 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-05-25 16:42 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-05-25 16:41 . 2011-05-25 16:41 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9b66a6bd1cc1afa08\DSETUP.dll
2011-05-25 16:41 . 2011-05-25 16:41 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9b66a6bd1cc1afa08\DXSETUP.exe
2011-05-25 16:41 . 2011-05-25 16:41 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9b66a6bd1cc1afa08\dsetup32.dll
2011-05-25 16:41 . 2011-05-25 16:41 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\982db6c91cc1afa07\DSETUP.dll
2011-05-25 16:41 . 2011-05-25 16:41 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\982db6c91cc1afa07\DXSETUP.exe
2011-05-25 16:41 . 2011-05-25 16:41 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\982db6c91cc1afa07\dsetup32.dll
2011-05-25 16:41 . 2011-05-25 16:41 6260088 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9445e6a51cc1afa06\Silverlight.4.0.exe
2011-05-25 16:40 . 2011-05-28 09:28 -------- d-----w- c:\users\***\AppData\Local\Windows Live
2011-05-25 13:49 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-19 21:08 . 2011-05-19 21:08 -------- d-----w- c:\users\***\AppData\Roaming\Gunther Wegner
2011-05-19 16:15 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-19 16:15 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-15 11:27 . 2011-05-15 11:27 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-15 11:27 . 2011-05-15 11:27 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-15 11:27 . 2011-05-15 11:27 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-15 11:27 . 2011-05-15 11:27 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-15 11:27 . 2011-05-15 11:27 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-15 11:27 . 2011-05-15 11:27 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-15 11:27 . 2011-05-15 11:27 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-15 11:27 . 2011-05-15 11:27 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-15 11:25 . 2011-06-04 22:07 -------- d-----w- c:\programdata\Skype Extras
2011-05-15 11:24 . 2011-05-15 11:24 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-05-11 18:02 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 18:02 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 18:02 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 18:02 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 18:02 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 18:02 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 18:02 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 18:02 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 18:02 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 18:02 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 16:44 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-06 14:26 . 2011-04-06 14:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:26 . 2011-04-06 14:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:26 . 2011-04-06 14:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-12 12:03 . 2011-04-28 11:54 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 11:31 . 2011-04-28 11:54 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:23 . 2011-04-28 11:54 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 06:23 . 2011-04-28 11:54 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:23 . 2011-04-28 11:54 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:23 . 2011-04-28 11:54 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:23 . 2011-04-28 11:54 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:22 . 2011-04-28 11:54 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:22 . 2011-04-28 11:54 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:19 . 2011-04-15 13:51 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:19 . 2011-04-15 13:51 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:18 . 2011-04-28 11:54 2566144 ----a-w- c:\windows\system32\esent.dll
2011-03-11 06:15 . 2011-04-28 11:54 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-03-11 05:40 . 2011-04-15 13:51 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-15 13:51 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:39 . 2011-04-28 11:54 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-11 05:37 . 2011-04-28 11:54 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-03-08 06:14 . 2011-04-15 13:50 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-15 13:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Steam"="d:\games\Steam\steam.exe" [2010-11-17 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-06 98304]
"Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2009-11-10 248320]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-26 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 40453365
*Deregistered* - 40453365
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-25 8084000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fngpov4j.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-921151585-607245503-3912755600-1001\Software\SecuROM\License information*]
"datasecu"=hex:eb,b9,be,1d,06,80,2f,78,21,26,2f,5d,2e,cf,1e,ef,f9,a8,69,73,d4,
b1,0c,9f,98,7d,a2,9a,dc,d5,8a,15,6e,42,85,a2,c1,df,5b,44,61,33,09,8b,c2,16,\
"rkeysecu"=hex:42,21,7a,7f,71,0d,90,f1,44,54,bc,b0,80,7a,fe,0d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-06-05 21:13:47
ComboFix-quarantined-files.txt 2011-06-05 19:13
.
Vor Suchlauf: 14 Verzeichnis(se), 28'429'639'680 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 32'404'160'512 Bytes frei
.
- - End Of File - - 82BD0E849AAD041EC0C851467E2A5A4A
|
|
05.06.2011, 20:38
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weitergehende Prüfung nach Windows Recovery Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Dirlook::
C:\32788R22FWJFW
c:\users\Default\AppData\Local\temp
c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
Filelook::
c:\windows\system32\poqexec.exe
c:\windows\SysWow64\poqexec.exe
Firefox::
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: keyword.URL - http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.06.2011, 20:53
| #9 |
| | Weitergehende Prüfung nach Windows Recovery Das geht ja mehr als fix hier, weiterhin danke =) Code:
ATTFilter ComboFix 11-06-05.02 - *** 05.06.2011 21:43:18.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.41.1031.18.4091.2384 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-05 bis 2011-06-05 ))))))))))))))))))))))))))))))
.
.
2011-06-05 19:46 . 2011-06-05 19:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-05 19:46 . 2011-06-05 19:46 -------- d-----w- c:\users\Anja\AppData\Local\temp
2011-06-05 16:51 . 2011-06-05 16:51 -------- d-----w- C:\_OTL
2011-06-05 12:19 . 2011-06-05 12:19 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-06-05 12:18 . 2011-06-05 12:18 -------- d-----w- c:\programdata\Malwarebytes
2011-06-05 12:18 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-05 12:18 . 2011-06-05 13:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-05 12:18 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 11:57 . 2011-06-05 12:01 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer
2011-06-03 08:47 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2A11372-E382-44B4-8A8D-CA74BCA9BF43}\mpengine.dll
2011-05-27 14:57 . 2011-05-27 15:05 -------- d-----w- c:\users\***\AppData\Roaming\Apple Computer
2011-05-27 14:57 . 2011-05-27 14:57 -------- d-----w- c:\users\***\AppData\Local\Apple Computer
2011-05-27 14:56 . 2011-05-27 14:56 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-27 14:56 . 2009-05-18 11:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-27 14:56 . 2008-04-17 10:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-05-27 14:56 . 2008-04-17 10:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-05-27 14:56 . 2011-05-27 14:56 -------- d-----w- c:\program files\iPod
2011-05-27 14:56 . 2011-05-27 14:56 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-05-27 14:56 . 2011-05-27 14:56 -------- d-----w- c:\program files\iTunes
2011-05-27 14:56 . 2011-05-27 14:56 -------- d-----w- c:\program files (x86)\iTunes
2011-05-27 14:52 . 2011-05-27 14:56 -------- d-----w- c:\programdata\Apple Computer
2011-05-27 14:52 . 2011-05-27 14:53 -------- d-----w- c:\program files (x86)\QuickTime
2011-05-27 14:52 . 2011-05-27 14:52 -------- d-----w- c:\users\***\AppData\Local\Apple
2011-05-27 14:52 . 2011-05-27 14:52 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-05-27 14:52 . 2011-05-27 14:52 -------- d-----w- c:\program files\Common Files\Apple
2011-05-27 14:52 . 2011-05-27 14:52 -------- d-----w- c:\program files\Bonjour
2011-05-27 14:52 . 2011-05-27 14:52 -------- d-----w- c:\program files (x86)\Bonjour
2011-05-27 14:52 . 2011-05-27 14:56 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-05-27 14:52 . 2011-05-27 14:52 -------- d-----w- c:\programdata\Apple
2011-05-25 16:46 . 2011-05-25 16:46 -------- d-----w- c:\windows\de
2011-05-25 16:45 . 2011-05-25 16:45 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-05-25 16:43 . 2011-05-27 11:53 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-05-25 16:42 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-05-25 16:42 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-05-25 16:42 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-05-25 16:42 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-05-25 16:41 . 2011-05-25 16:41 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9b66a6bd1cc1afa08\DSETUP.dll
2011-05-25 16:41 . 2011-05-25 16:41 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9b66a6bd1cc1afa08\DXSETUP.exe
2011-05-25 16:41 . 2011-05-25 16:41 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9b66a6bd1cc1afa08\dsetup32.dll
2011-05-25 16:41 . 2011-05-25 16:41 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\982db6c91cc1afa07\DSETUP.dll
2011-05-25 16:41 . 2011-05-25 16:41 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\982db6c91cc1afa07\DXSETUP.exe
2011-05-25 16:41 . 2011-05-25 16:41 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\982db6c91cc1afa07\dsetup32.dll
2011-05-25 16:41 . 2011-05-25 16:41 6260088 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9445e6a51cc1afa06\Silverlight.4.0.exe
2011-05-25 16:40 . 2011-05-28 09:28 -------- d-----w- c:\users\***\AppData\Local\Windows Live
2011-05-25 13:49 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-19 21:08 . 2011-05-19 21:08 -------- d-----w- c:\users\***\AppData\Roaming\Gunther Wegner
2011-05-19 16:15 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-19 16:15 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-15 11:27 . 2011-05-15 11:27 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-15 11:27 . 2011-05-15 11:27 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-15 11:27 . 2011-05-15 11:27 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-15 11:27 . 2011-05-15 11:27 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-15 11:27 . 2011-05-15 11:27 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-15 11:27 . 2011-05-15 11:27 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-15 11:27 . 2011-05-15 11:27 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-15 11:27 . 2011-05-15 11:27 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-15 11:25 . 2011-06-04 22:07 -------- d-----w- c:\programdata\Skype Extras
2011-05-15 11:24 . 2011-05-15 11:24 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-05-11 18:02 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 18:02 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 18:02 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 18:02 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 18:02 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 18:02 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 18:02 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 18:02 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 18:02 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 18:02 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 16:44 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-06 14:26 . 2011-04-06 14:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:26 . 2011-04-06 14:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:26 . 2011-04-06 14:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-12 12:03 . 2011-04-28 11:54 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 11:31 . 2011-04-28 11:54 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:23 . 2011-04-28 11:54 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 06:23 . 2011-04-28 11:54 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:23 . 2011-04-28 11:54 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:23 . 2011-04-28 11:54 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:23 . 2011-04-28 11:54 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:22 . 2011-04-28 11:54 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:22 . 2011-04-28 11:54 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:19 . 2011-04-15 13:51 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:19 . 2011-04-15 13:51 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:18 . 2011-04-28 11:54 2566144 ----a-w- c:\windows\system32\esent.dll
2011-03-11 06:15 . 2011-04-28 11:54 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-03-11 05:40 . 2011-04-15 13:51 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-15 13:51 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:39 . 2011-04-28 11:54 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-11 05:37 . 2011-04-28 11:54 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-03-08 06:14 . 2011-04-15 13:50 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-15 13:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\poqexec.exe ---
Company: Microsoft Corporation
File Description: Ausführung der Warteschlange der Primitivvorgänge
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: poqexec.exe.mui
File size: 142336
Created time: 2011-05-19 16:15
Modified time: 2011-04-09 06:58
MD5: F28D6538F76DC6ECFABF6176DBDD2664
SHA1: CE9613EC38F4BA65315EC65A9582469809912B91
.
.
--- c:\windows\SysWow64\poqexec.exe ---
Company: Microsoft Corporation
File Description: Ausführung der Warteschlange der Primitivvorgänge
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: poqexec.exe.mui
File size: 123904
Created time: 2011-05-19 16:15
Modified time: 2011-04-09 05:56
MD5: 20104EA66332D24D7C65BBB087C56737
SHA1: 8881A6957132E2AAF54A5F2682B0EFC33FACB264
.
---- Directory of C:\32788R22FWJFW ----
.
.
---- Directory of c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001} ----
.
2011-05-27 14:56 . 2011-05-27 14:56 3672 ----a-w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DIFxInstallLog.txt
2009-06-03 07:32 . 2009-06-03 07:32 8430 ----a-w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\gearaspiwdmx64.cat
2009-05-18 11:48 . 2009-05-18 11:48 2763 ----a-w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\GEARAspiWDM.inf
2009-05-18 11:17 . 2009-05-18 11:17 34152 ----a-w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64\GEARAspiWDM.sys
2009-02-04 11:56 . 2009-02-04 11:56 86376 ----a-w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe
2008-04-17 10:12 . 2008-04-17 10:12 107368 ----a-w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64\GEARAspi.dll
2008-04-17 10:12 . 2008-04-17 10:12 126312 ----a-w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64\GEARAspi64.dll
2006-11-02 04:22 . 2006-11-02 04:22 525792 ----a-w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DIFxAPI.dll
.
---- Directory of c:\users\Default\AppData\Local\temp ----
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Steam"="d:\games\Steam\steam.exe" [2010-11-17 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-06 98304]
"Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2009-11-10 248320]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-26 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 40453365
*Deregistered* - 40453365
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-25 8084000]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fngpov4j.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-921151585-607245503-3912755600-1001\Software\SecuROM\License information*]
"datasecu"=hex:eb,b9,be,1d,06,80,2f,78,21,26,2f,5d,2e,cf,1e,ef,f9,a8,69,73,d4,
b1,0c,9f,98,7d,a2,9a,dc,d5,8a,15,6e,42,85,a2,c1,df,5b,44,61,33,09,8b,c2,16,\
"rkeysecu"=hex:42,21,7a,7f,71,0d,90,f1,44,54,bc,b0,80,7a,fe,0d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-06-05 21:47:24
ComboFix-quarantined-files.txt 2011-06-05 19:47
ComboFix2.txt 2011-06-05 19:13
.
Vor Suchlauf: 15 Verzeichnis(se), 32'451'272'704 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 32'400'384'000 Bytes frei
.
- - End Of File - - 6EA3E4BAE2215213FEBE011407CF74B4
|
|
05.06.2011, 21:02
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weitergehende Prüfung nach Windows Recovery Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.06.2011, 21:14
| #11 |
| | Weitergehende Prüfung nach Windows Recovery Wieder erledigt, ergibt folgendes: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: P55-UD3
Logical Drives Mask: 0x000003dc
Kernel Drivers (total 187):
0x02E61000 \SystemRoot\system32\ntoskrnl.exe
0x02E18000 \SystemRoot\system32\hal.dll
0x00BA2000 \SystemRoot\system32\kdcom.dll
0x00C1E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C62000 \SystemRoot\system32\PSHED.dll
0x00C76000 \SystemRoot\system32\CLFS.SYS
0x00CD4000 \SystemRoot\system32\CI.dll
0x00EA1000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F45000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F54000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FAB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FB4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FBE000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FCB000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E86000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E8D000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00D94000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DAE000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DB7000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00DE1000 \SystemRoot\system32\DRIVERS\jraid.sys
0x01095000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x010C4000 \SystemRoot\system32\drivers\amdxata.sys
0x010CF000 \SystemRoot\system32\drivers\fltmgr.sys
0x0111B000 \SystemRoot\system32\drivers\fileinfo.sys
0x01209000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0112F000 \SystemRoot\System32\Drivers\msrpc.sys
0x013AB000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0118D000 \SystemRoot\System32\Drivers\cng.sys
0x013C5000 \SystemRoot\System32\drivers\pcw.sys
0x013D6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0146C000 \SystemRoot\system32\drivers\ndis.sys
0x0155E000 \SystemRoot\system32\drivers\NETIO.SYS
0x015BE000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\System32\drivers\tcpip.sys
0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0144A000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0145A000 \SystemRoot\System32\Drivers\spldr.sys
0x0104C000 \SystemRoot\System32\drivers\rdyboost.sys
0x015E9000 \SystemRoot\System32\Drivers\mup.sys
0x01462000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0187E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x018B8000 \SystemRoot\system32\DRIVERS\disk.sys
0x018CE000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01934000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0195E000 \SystemRoot\System32\Drivers\Null.SYS
0x01967000 \SystemRoot\System32\Drivers\Beep.SYS
0x0196E000 \SystemRoot\System32\drivers\vga.sys
0x0197C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x019A1000 \SystemRoot\System32\drivers\watchdog.sys
0x019B1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019BA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019C3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x019CC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x019D7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01800000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0181E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CEF000 \SystemRoot\system32\drivers\afd.sys
0x02D79000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02DBE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DC7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02C00000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02C16000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C25000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C40000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C54000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02CA5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02CB1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02CBC000 \SystemRoot\System32\drivers\discache.sys
0x04029000 \SystemRoot\system32\drivers\csc.sys
0x040AC000 \SystemRoot\System32\Drivers\dfsc.sys
0x040CA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x040DB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04101000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x048CC000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04F05000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04800000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04846000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0486A000 \SystemRoot\system32\drivers\usbuhci.sys
0x04117000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04877000 \SystemRoot\system32\drivers\usbehci.sys
0x04888000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0416D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0417A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0418A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x041A0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x041C4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x041D0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04000000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02CCB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0182B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0401B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x02DED000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x01845000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x048C6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x042CA000 \SystemRoot\system32\DRIVERS\ks.sys
0x0430D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0431F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04379000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0438E000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x043AF000 \SystemRoot\system32\drivers\portcls.sys
0x04200000 \SystemRoot\system32\drivers\drmk.sys
0x04222000 \SystemRoot\system32\drivers\ksthunk.sys
0x06404000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x000C0000 \SystemRoot\System32\win32k.sys
0x065E9000 \SystemRoot\System32\drivers\Dxapi.sys
0x04228000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x04245000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04253000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x065F5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x0425F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04272000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00540000 \SystemRoot\System32\TSDDD.dll
0x006E0000 \SystemRoot\System32\cdd.dll
0x04280000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x065FE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0429B000 \SystemRoot\system32\drivers\luafv.sys
0x01854000 \SystemRoot\system32\drivers\WudfPf.sys
0x018FE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x038EA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0393D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03950000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03968000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03985000 \SystemRoot\system32\drivers\Lachesis.sys
0x0398D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0399B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x039B4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x039BD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x039CA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03800000 \SystemRoot\system32\DRIVERS\Dr71WU.sys
0x046AB000 \SystemRoot\system32\drivers\HTTP.sys
0x04773000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04791000 \SystemRoot\System32\drivers\mpsdrv.sys
0x047A9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0464E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06887000 \SystemRoot\system32\drivers\peauth.sys
0x0692D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06938000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06965000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06977000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06A3C000 \SystemRoot\System32\DRIVERS\srv.sys
0x06AD1000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06B93000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77130000 \Windows\System32\ntdll.dll
0x47A20000 \Windows\System32\smss.exe
0xFF450000 \Windows\System32\apisetschema.dll
0xFF3B0000 \Windows\System32\autochk.exe
0xFF3D0000 \Windows\System32\gdi32.dll
0xFE640000 \Windows\System32\shell32.dll
0xFE4C0000 \Windows\System32\urlmon.dll
0xFE440000 \Windows\System32\difxapi.dll
0xFE3F0000 \Windows\System32\ws2_32.dll
0xFE3E0000 \Windows\System32\nsi.dll
0x77300000 \Windows\System32\psapi.dll
0xFE360000 \Windows\System32\shlwapi.dll
0xFE290000 \Windows\System32\usp10.dll
0xFE240000 \Windows\System32\Wldap32.dll
0xFDFE0000 \Windows\System32\iertutil.dll
0xFDE00000 \Windows\System32\setupapi.dll
0xFDD60000 \Windows\System32\clbcatq.dll
0xFDD40000 \Windows\System32\sechost.dll
0x772F0000 \Windows\System32\normaliz.dll
0xFDC60000 \Windows\System32\advapi32.dll
0xFDA50000 \Windows\System32\ole32.dll
0x77010000 \Windows\System32\kernel32.dll
0xFD940000 \Windows\System32\msctf.dll
0xFD810000 \Windows\System32\rpcrt4.dll
0xFD770000 \Windows\System32\comdlg32.dll
0xFD750000 \Windows\System32\imagehlp.dll
0x76F10000 \Windows\System32\user32.dll
0xFD620000 \Windows\System32\wininet.dll
0xFD610000 \Windows\System32\lpk.dll
0xFD530000 \Windows\System32\oleaut32.dll
0xFD500000 \Windows\System32\imm32.dll
0xFD460000 \Windows\System32\msvcrt.dll
0xFD420000 \Windows\System32\cfgmgr32.dll
0xFD380000 \Windows\System32\comctl32.dll
0xFD310000 \Windows\System32\KernelBase.dll
0xFD2F0000 \Windows\System32\devobj.dll
0xFD180000 \Windows\System32\crypt32.dll
0xFD140000 \Windows\System32\wintrust.dll
0xFD130000 \Windows\System32\msasn1.dll
0x75180000 \Windows\SysWOW64\normaliz.dll
Processes (total 64):
0 System Idle Process
4 System
308 C:\Windows\System32\smss.exe
432 csrss.exe
488 C:\Windows\System32\wininit.exe
512 csrss.exe
544 C:\Windows\System32\services.exe
572 C:\Windows\System32\lsass.exe
580 C:\Windows\System32\lsm.exe
684 C:\Windows\System32\svchost.exe
764 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\winlogon.exe
848 C:\Windows\System32\atiesrxx.exe
900 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
624 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\atieclxx.exe
1432 C:\Windows\System32\spoolsv.exe
1460 C:\Windows\System32\svchost.exe
1548 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1580 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
1604 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1640 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1704 C:\Windows\SysWOW64\PnkBstrA.exe
1728 C:\Windows\SysWOW64\PnkBstrB.exe
1756 C:\Windows\System32\svchost.exe
1780 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
1840 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1992 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2228 C:\Windows\System32\svchost.exe
2272 WUDFHost.exe
2752 C:\Windows\System32\taskhost.exe
2884 C:\Windows\System32\dwm.exe
2920 C:\Windows\explorer.exe
3016 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1096 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
2376 C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
2332 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2168 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2116 C:\Program Files (x86)\Razer\Lachesis\OSD.exe
2452 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2968 C:\Program Files (x86)\Razer\Lachesis\razertra.exe
1308 WmiPrvSE.exe
3096 C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
3180 C:\Windows\System32\svchost.exe
3724 C:\Program Files\iPod\bin\iPodService.exe
3824 C:\Windows\System32\SearchIndexer.exe
3156 C:\Windows\System32\svchost.exe
4064 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
4212 C:\Program Files\Windows Media Player\wmpnetwk.exe
1284 C:\Windows\System32\wuauclt.exe
4676 C:\Windows\System32\notepad.exe
240 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3424 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2940 C:\Windows\System32\audiodg.exe
3492 C:\Windows\System32\notepad.exe
1824 C:\Windows\System32\SearchProtocolHost.exe
4224 C:\Windows\System32\SearchFilterHost.exe
4524 MpCmdRun.exe
2104 C:\Users\***\Desktop\MBRCheck.exe
3480 C:\Windows\System32\conhost.exe
3576 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c900000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`76900000 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ100E4
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
|
|
05.06.2011, 21:18
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weitergehende Prüfung nach Windows Recovery Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.06.2011, 01:47
| #13 |
| | Weitergehende Prüfung nach Windows Recovery Weiterhin vielen Dank, das ging alles wirklich sehr fix! Also, die geforderten logfiles: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6777
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
05.06.2011 23:05:19
mbam-log-2011-06-05 (23-05-19).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 450979
Laufzeit: 38 Minute(n), 51 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/06/2011 at 01:20 AM
Application Version : 4.53.1000
Core Rules Database Version : 7205
Trace Rules Database Version: 5017
Scan type : Complete Scan
Total Scan Time : 01:55:38
Memory items scanned : 582
Memory threats detected : 0
Registry items scanned : 13748
Registry threats detected : 0
File items scanned : 275370
File threats detected : 30
Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@serving-sys[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@paypal.112.2o7[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adtech[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ads.intergi[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atdmt.combing[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@apmebf[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@fastclick[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adfarm1.adition[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tradedoubler[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@smartadserver[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atdmt[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@server.cpmstar[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@bs.serving-sys[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@mediaplex[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@msnportal.112.2o7[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adserver.devaki[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@bluestreak[2].txt
broadcast.piximedia.fr [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NY6G4F8V ]
cdn4.specificclick.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NY6G4F8V ]
cdn5.specificclick.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NY6G4F8V ]
ds.serving-sys.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NY6G4F8V ]
inwmedia.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NY6G4F8V ]
media.ign.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NY6G4F8V ]
media.kompolt.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NY6G4F8V ]
media.mtvnservices.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NY6G4F8V ]
media.spicynodes.org [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NY6G4F8V ]
secure-it.imrworldwide.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NY6G4F8V ]
secure-uk.imrworldwide.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NY6G4F8V ]
"C:\Program konnte nicht gefunden werden. Stellen Sie sicher, dass Sie den Namen richtig eingegeben haben und starten Sie den vorgang erneut." Werde dann morgen den Scan nochmals neu versuchen, aber jetzt ist mal genug und ich geh mal schlafen. |
|
06.06.2011, 11:44
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weitergehende Prüfung nach Windows Recovery Du hast ein 64-Bit-Win, das Log sollte hier dann sein: Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.06.2011, 12:35
| #15 |
| | Weitergehende Prüfung nach Windows Recovery Habs nochmals mit dem internetexplorer gemacht, dieses mal am Ende keine zusätzliche Meldung wegen Installation oder ähnlichem. - Log genau dort gefunden, danke: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=6a221d1a6779414e9f5741ad85294f8d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-06 12:36:58
# local_time=2011-06-06 02:36:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 225781 58946467 0 0
# compatibility_mode=8192 67108863 100 0 111 111 0 0
# scanned=288390
# found=9
# cleaned=0
# scan_time=4001
C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\7161991e-6dd5daf6 Java/TrojanDownloader.OpenStream.NBV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-11978887 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-307a45f5 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-554925d7 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-57002e60 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-777dbe9d a variant of Java/TrojanDownloader.OpenStream.NCE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-7a226669 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\trojankiller2095-setup.exe a variant of Win32/1AntiVirus application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=6a221d1a6779414e9f5741ad85294f8d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-06 11:28:17
# local_time=2011-06-06 01:28:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 264924 58985610 0 0
# compatibility_mode=8192 67108863 100 0 39254 39254 0 0
# scanned=288586
# found=9
# cleaned=0
# scan_time=3937
C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\7161991e-6dd5daf6 Java/TrojanDownloader.OpenStream.NBV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-11978887 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-307a45f5 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-554925d7 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-57002e60 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-777dbe9d a variant of Java/TrojanDownloader.OpenStream.NCE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-7a226669 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\trojankiller2095-setup.exe a variant of Win32/1AntiVirus application (unable to clean) 00000000000000000000000000000000 I
|
|
| Themen zu Weitergehende Prüfung nach Windows Recovery |
| adobe, bearbeitung, bho, black, bonjour, browser, c:\windows\system32\rundll32.exe, call of duty, curse, einstellungen, error, excel, explorer, firefox, format, helper, install.exe, kaspersky, logfile, microsoft office word, object, office 2007, oldtimer, photoshop, plug-in, problem, realtek, recover, registry, required, rundll, scan, searchplugins, security, security scan, security update, shortcut, software, sptd.sys, start menu, syswow64, teamspeak, updates, webcheck, windows, ändern, {dfefcdee-cf1a-4fc8-88ad-48514e463b27} |
Linear-Darstellung
