Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/Kazy.mekml.1 gefunden (https://www.trojaner-board.de/98169-tr-kazy-mekml-1-gefunden.html)

Tobin 26.04.2011 10:37
TR/Kazy.mekml.1 gefunden
 
Hallo,
ich bin neu hier im Forum und habe ein Problem: Wie bei vielen anderen Usern hat auch mein PC den Virus TR/Kazy.mekml.1 gefunden. :headbang:

Mein Hintergrundbild wird Schwarz und alle Icons auf dem Desktop verschwinden. Die OTL- und Malwarebyte-Logs poste Ich gleich noch.

LG-Tobin

OTL.Txt:OTL Logfile:
Code:
OTL logfile created on: 26.04.2011 11:41:32 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453,34 Gb Total Space | 392,76 Gb Free Space | 86,64% Space Free | Partition Type: NTFS
Drive D: | 12,42 Gb Total Space | 1,72 Gb Free Space | 13,84% Space Free | Partition Type: NTFS
Drive E: | 7,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\41803528.exe ()
PRC - C:\ProgramData\vKECjCxHfiQS.exe (WinTrust)
PRC - C:\WINDOWS\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\WerFault.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wsqmcons.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Programme\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (LiveUpdate) -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ezSharedSvc) -- C:\WINDOWS\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avmeject) -- C:\WINDOWS\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (fwlanusbn) -- C:\WINDOWS\System32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (atikmdag) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (SymIM) -- C:\WINDOWS\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Presario&pf=cndt
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Presario&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [vKECjCxHfiQS] C:\ProgramData\vKECjCxHfiQS.exe (WinTrust)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.23 06:38:41 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.05.25 06:16:57 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{63410d67-6cdb-11e0-b27d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{63410d67-6cdb-11e0-b27d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2010.05.25 06:16:57 | 002,505,256 | ---- | M] ()
O33 - MountPoints2\{7b4d905d-6cdc-11e0-9550-0023546094f3}\Shell - "" = AutoRun
O33 - MountPoints2\{7b4d905d-6cdc-11e0-9550-0023546094f3}\Shell\AutoRun\command - "" = J:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.26 11:40:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.04.25 18:02:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Avira
[2011.04.25 17:38:24 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.25 17:28:20 | 000,565,248 | -H-- | C] (WinTrust) -- C:\ProgramData\vKECjCxHfiQS.exe
[2011.04.22 21:52:16 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011.04.22 21:37:48 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\StarCraft II
[2011.04.22 21:37:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011.04.22 21:37:48 | 000,000,000 | -H-D | C] -- C:\Programme\Common Files\Blizzard Entertainment
[2011.04.22 21:37:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Blizzard Entertainment
[2011.04.22 21:37:10 | 000,000,000 | -H-D | C] -- C:\Users\***\Games
[2011.04.22 19:33:31 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio
[2011.04.22 19:04:53 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011.04.22 19:04:53 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011.04.22 19:04:53 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011.04.22 17:57:16 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.04.22 17:27:03 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\WindowsUpdate
[2011.04.22 17:07:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.04.22 17:03:40 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011.04.22 17:03:39 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011.04.22 17:03:38 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011.04.22 17:03:38 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011.04.22 17:03:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011.04.22 17:03:36 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011.04.22 16:58:05 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011.04.22 16:58:02 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011.04.22 16:55:37 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011.04.22 16:55:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011.04.22 16:53:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.04.22 16:53:44 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.04.22 16:53:44 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.04.22 16:53:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.04.22 16:53:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.04.22 16:53:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.04.22 16:53:42 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.04.22 16:53:42 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.04.22 16:53:42 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.04.22 16:53:42 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.04.22 16:53:42 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.04.22 16:53:37 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.04.22 16:53:37 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.04.22 16:53:37 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.04.22 16:53:36 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.04.22 16:53:36 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011.04.22 16:50:38 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011.04.22 16:50:38 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011.04.22 16:50:38 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011.04.22 16:50:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011.04.22 16:50:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011.04.22 16:50:38 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011.04.22 16:50:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011.04.22 16:50:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011.04.22 16:49:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.04.22 16:48:29 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011.04.22 16:48:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011.04.22 16:48:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011.04.22 16:48:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011.04.22 16:48:27 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011.04.22 16:47:34 | 002,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.04.22 16:47:33 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011.04.22 16:47:33 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011.04.22 16:47:32 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011.04.22 16:46:41 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011.04.22 16:46:38 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011.04.22 16:42:06 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011.04.22 16:41:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011.04.22 16:41:55 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011.04.22 16:41:51 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011.04.22 16:41:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.04.22 16:38:14 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011.04.22 16:38:13 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011.04.22 16:38:13 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011.04.22 16:38:13 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011.04.22 16:38:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2011.04.22 16:38:02 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011.04.22 16:38:01 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.22 16:38:01 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.22 16:38:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2011.04.22 16:38:00 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011.04.22 16:38:00 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011.04.22 16:36:41 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011.04.22 16:36:40 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011.04.22 16:36:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.22 16:36:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.22 16:36:05 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011.04.22 16:36:05 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011.04.22 16:36:05 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011.04.22 16:36:04 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011.04.22 16:36:04 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011.04.22 16:36:04 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011.04.22 16:36:04 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011.04.22 16:36:04 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011.04.22 16:36:04 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011.04.22 16:35:55 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011.04.22 16:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.04.22 16:29:37 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2011.04.22 16:28:58 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2011.04.22 16:28:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.04.22 16:28:39 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2011.04.22 16:00:19 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8
[2011.04.22 15:59:39 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Microsoft Help
[2011.04.22 15:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.04.22 15:59:14 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.04.22 15:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.04.22 15:40:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.04.22 15:40:26 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.04.22 15:40:26 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.04.22 15:40:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira
[2011.04.22 15:40:25 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.04.22 15:02:17 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011.04.22 15:02:17 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011.04.22 15:02:09 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011.04.22 15:02:09 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011.04.22 15:02:09 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011.04.22 15:02:05 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011.04.22 15:02:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011.04.22 15:01:49 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.04.22 15:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
[2011.04.22 15:00:37 | 000,000,000 | ---D | C] -- C:\Programme\avmwlanstick
[2011.04.22 15:00:27 | 000,004,352 | R--- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmeject.sys
[2011.04.22 14:42:33 | 000,077,824 | ---- | C] (AVM Berlin) -- C:\Windows\System32\fwusbnci.dll
[2011.04.22 14:42:32 | 000,440,832 | ---- | C] (AVM GmbH) -- C:\Windows\System32\drivers\fwlanusbn.sys
[2011.04.22 14:42:32 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver
[2011.04.22 14:42:29 | 000,000,000 | -H-D | C] -- C:\Users\***\AVM_Driver
[2011.04.22 14:38:48 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Hewlett-Packard
[2011.04.22 14:38:30 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\ATI
[2011.04.22 14:38:30 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\ATI
[2011.04.22 14:38:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Symantec
[2011.04.22 14:38:06 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.04.22 14:38:06 | 000,000,000 | RH-D | C] -- C:\Users\***\Searches
[2011.04.22 14:38:06 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.04.22 14:37:58 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Identities
[2011.04.22 14:37:55 | 000,000,000 | RH-D | C] -- C:\Users\***\Contacts
[2011.04.22 14:37:53 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2011.04.22 14:37:38 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2011.04.22 14:37:30 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2011.04.22 14:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2011.04.22 14:37:13 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works
[2011.04.22 14:36:38 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Hewlett-Packard
[2011.04.22 14:36:13 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Adobe
[2011.04.22 14:36:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Adobe
[2011.04.22 14:35:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2011.04.22 14:35:49 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2011.04.22 14:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Benutzerhandbücher
[2011.04.22 14:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Testen Sie Microsoft Office 2007 60 Tage lang
[2011.04.22 14:35:16 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2011.04.22 14:34:28 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Videos
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Saved Games
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Pictures
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Music
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Links
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Favorites
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Downloads
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Documents
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Desktop
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.04.22 14:34:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Temp
[2011.04.22 14:34:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Microsoft
[2011.04.22 14:34:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.04.22 14:34:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.04.22 14:28:25 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.04.22 14:26:22 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.26 11:40:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.04.26 11:29:25 | 000,623,030 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.26 11:29:25 | 000,591,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.26 11:29:25 | 000,125,172 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.26 11:29:25 | 000,102,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.26 11:22:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 11:22:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 11:22:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.26 11:22:09 | 3219,591,168 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.25 17:39:25 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~41803528r
[2011.04.25 17:39:25 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~41803528
[2011.04.25 17:38:24 | 000,000,589 | -H-- | M] () -- C:\Users\***\Desktop\Windows Recovery.lnk
[2011.04.25 17:38:19 | 000,000,344 | -H-- | M] () -- C:\ProgramData\41803528
[2011.04.25 17:38:18 | 000,487,424 | ---- | M] () -- C:\ProgramData\41803528.exe
[2011.04.25 17:28:19 | 000,565,248 | -H-- | M] (WinTrust) -- C:\ProgramData\vKECjCxHfiQS.exe
[2011.04.25 11:34:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.04.22 21:51:40 | 000,000,907 | -H-- | M] () -- C:\Users\***\Desktop\StarCraft II.lnk
[2011.04.22 19:50:52 | 000,409,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.22 18:50:13 | 000,262,144 | ---- | M] () -- C:\Windows\SPInstall.etl
[2011.04.22 17:22:45 | 000,000,680 | -H-- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2011.04.22 15:35:26 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll
[2011.04.22 14:37:50 | 000,000,044 | ---- | M] () -- C:\Windows\System\hpsysdrv.dat
[2011.04.22 14:35:42 | 000,001,853 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_CPC_FL314AA-ABD SR5634DE_YC_0Pres_Q3CR844_E84CEv3PrA1_49_INARRA3_SPEGATRON CORPORATION_V3.02_B5.17_T081009_WUH1_L407_M3070_J500_7AMD_8Phenom 8600 Triple-Core_92.3_#090224_N10DE03EF_Z_G10029598.MRK
[2011.04.22 14:33:06 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf
 
========== Files Created - No Company Name ==========
 
[2011.04.25 17:39:25 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~41803528r
[2011.04.25 17:39:25 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~41803528
[2011.04.25 17:38:24 | 000,000,589 | -H-- | C] () -- C:\Users\***\Desktop\Windows Recovery.lnk
[2011.04.25 17:38:19 | 000,000,344 | -H-- | C] () -- C:\ProgramData\41803528
[2011.04.25 17:38:17 | 000,487,424 | ---- | C] () -- C:\ProgramData\41803528.exe
[2011.04.25 11:34:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.04.22 21:37:48 | 000,000,907 | -H-- | C] () -- C:\Users\***\Desktop\StarCraft II.lnk
[2011.04.22 18:49:04 | 000,262,144 | ---- | C] () -- C:\Windows\SPInstall.etl
[2011.04.22 16:53:38 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.04.22 16:53:38 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.04.22 16:53:38 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.04.22 15:00:50 | 000,013,099 | R--- | C] () -- C:\Windows\instwcli.inf
[2011.04.22 14:50:29 | 000,000,680 | -H-- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2011.04.22 14:42:32 | 000,016,037 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2011.04.22 14:38:11 | 000,000,955 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.04.22 14:38:05 | 000,000,950 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011.04.22 14:37:55 | 000,000,921 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011.04.22 14:37:50 | 000,000,044 | ---- | C] () -- C:\Windows\System\hpsysdrv.dat
[2011.04.22 14:37:29 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk
[2011.04.22 14:36:08 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011.04.22 14:35:34 | 000,001,853 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_CPC_FL314AA-ABD SR5634DE_YC_0Pres_Q3CR844_E84CEv3PrA1_49_INARRA3_SPEGATRON CORPORATION_V3.02_B5.17_T081009_WUH1_L407_M3070_J500_7AMD_8Phenom 8600 Triple-Core_92.3_#090224_N10DE03EF_Z_G10029598.MRK
[2011.04.22 14:35:18 | 000,001,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk
[2011.04.22 14:35:14 | 000,002,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2011.04.22 14:35:14 | 000,001,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Für Kinder.lnk
[2011.04.22 14:34:28 | 000,001,258 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk
[2011.04.22 14:24:07 | 3219,591,168 | -HS- | C] () -- C:\hiberfil.sys
[2008.08.23 16:03:47 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.08.23 16:03:47 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.08.23 16:03:47 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.08.23 16:03:47 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.08.23 16:03:47 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008.08.23 16:03:47 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.08.23 15:50:47 | 000,623,030 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.08.23 15:50:47 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.08.23 15:50:47 | 000,125,172 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.08.23 15:50:47 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.08.23 06:55:13 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008.08.23 06:39:34 | 000,115,774 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008.08.23 06:13:49 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008.08.23 06:13:49 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008.08.23 06:08:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.01.21 04:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,409,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,591,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,102,996 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
 
< End of report >
--- --- ---


Extras.Txt:OTL Logfile:
Code:
OTL Extras logfile created on: 26.04.2011 11:41:32 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453,34 Gb Total Space | 392,76 Gb Free Space | 86,64% Space Free | Partition Type: NTFS
Drive D: | 12,42 Gb Total Space | 1,72 Gb Free Space | 13,84% Space Free | Partition Type: NTFS
Drive E: | 7,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EC0FFA70-8BCB-48A7-8F83-2A06D5814D8E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A8A5F62-6AF7-45D6-A1B4-E1B25F70FE6F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4F7D1F98-8FE7-4F10-B988-EF6030B4B3B8}" = protocol=6 | dir=in | app=c:\users\***\games\starcraft ii\starcraft ii.exe |
"{BDB63345-54FD-41B4-B5AF-98035A9CCE2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E54B1383-3F05-4511-AFB4-BB8B20705669}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E73B444B-B70D-4170-BFE5-CEE8A26E7787}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F284BDF7-4184-4FB6-A8E0-C2400BBC0F8A}" = protocol=17 | dir=in | app=c:\users\***\games\starcraft ii\starcraft ii.exe |
"{FF447A34-4671-4658-A9EF-696B40774F37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{51BF56A0-A347-4FF5-84FA-CFF54C7FEE9B}C:\users\***\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\users\***\games\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{5A75A92F-E49C-4110-9C94-C79E4931B9C0}C:\users\***\games\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\users\***\games\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{04707055-B8D6-473B-A63D-EA6682052382}C:\users\***\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\users\***\games\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{CA98683A-1446-4AFD-8048-B046D25791F1}C:\users\***\games\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\users\***\games\starcraft ii\versions\base18092\sc2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0136FBFC-3519-4989-DB99-877B235CC2E0}" = Catalyst Control Center Localization Polish
"{01C8D40E-AED4-B5E8-D219-23647DB50D20}" = Catalyst Control Center Localization Turkish
"{03881930-4D06-344A-ED3C-8A586C499596}" = Catalyst Control Center Graphics Full Existing
"{08C8BF62-64E3-F94F-D3F7-F8D87C5561DF}" = CCC Help Russian
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{166BA127-8FF0-9292-03B1-6A2A820F89E1}" = ATI Catalyst Install Manager
"{19B87564-DE23-E660-0CF9-242584095D07}" = CCC Help English
"{1C158357-6B36-9CD5-58BE-F91F83348766}" = Skins
"{1CBC7616-8CD5-48A6-904B-9060ECBA8ABD}" = CCC Help Turkish
"{1D594C94-84C7-4153-DB02-C052AE52731F}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{21F41E5F-BC7E-DEBA-4055-22B647A4C1EF}" = Catalyst Control Center Localization Norwegian
"{22148913-F136-C621-CD3A-284C5AC009C0}" = Catalyst Control Center Localization Greek
"{22BB0F0F-6D99-22F5-FF0A-2361C7719C6A}" = CCC Help Chinese Traditional
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2379A8F5-BA36-C701-956B-D34530C61961}" = CCC Help Dutch
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26EC9601-D617-02AE-ABE1-F68B8560C408}" = Catalyst Control Center InstallProxy
"{2D3E5692-FE93-2920-9C6F-3AEBFA5359E8}" = CCC Help Japanese
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding
"{2FF0A015-DE51-BB1D-4CE3-6EDFC6E8A8E6}" = Catalyst Control Center Graphics Previews Common
"{303F26F5-FB3A-43BC-CE6D-3F08FE97B0D6}" = CCC Help Hungarian
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{393CC6C1-0390-99FD-1DA5-B831959BE347}" = Catalyst Control Center Localization Czech
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DCAC530-48B6-EADD-AB19-608E1FE7A7E5}" = CCC Help Swedish
"{3E08B2FA-0A22-FAED-136A-5EFD32A12D8B}" = Catalyst Control Center Localization German
"{3F00BB04-1FBF-5A1F-DC2D-14CF5F3267CA}" = Catalyst Control Center Localization Russian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{48BF4489-0C58-4E80-BB17-94A673CE310A}" = HP Demo
"{51566A36-1DD1-CA73-B66C-4A3362F32EA0}" = Catalyst Control Center Localization Japanese
"{5A134575-EE63-91E9-C6B0-60A6A95C8E28}" = CCC Help German
"{5B61CE81-E7A8-6B0A-8BF9-6D5DDDF32ABB}" = Catalyst Control Center Localization French
"{5CC09697-2668-2628-E55F-132FD5295061}" = Catalyst Control Center Graphics Previews Vista
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6C8B65B8-1804-033C-0DF2-0141ABC31AFC}" = ccc-utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7720C701-DCEA-8681-F19D-ABF8F71E71D6}" = CCC Help Greek
"{79A7C14F-87FB-D194-5206-3DE360BF6778}" = CCC Help Spanish
"{81FD3A08-36E9-FD60-D966-61E92BC28B1A}" = Catalyst Control Center Localization Thai
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{957DFC8D-C41C-7548-5E8A-A6D64310831C}" = Catalyst Control Center Localization Spanish
"{96F32F32-9869-37A1-9E6B-E09DBC6A167E}" = Catalyst Control Center Graphics Light
"{97993BF5-2EBA-B819-6887-249DF3C4516F}" = Catalyst Control Center Localization Swedish
"{983DEE06-316F-D636-78CD-C861B03369E7}" = Catalyst Control Center Localization Hungarian
"{9AD8869D-DC8A-8148-F9CA-C7E39B6B8B6F}" = Catalyst Control Center Localization Chinese Standard
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E3F7E39-9370-80D0-35BC-C082E07094F2}" = Catalyst Control Center Graphics Full New
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A51781E3-8F27-EBBC-CF3E-FFCFD5ADD131}" = CCC Help French
"{A5A042B2-7E3C-8933-5464-EFFE2DFA3592}" = CCC Help Polish
"{A7D36A5C-6E73-859C-9112-D046B2CEDCDB}" = Catalyst Control Center Localization Italian
"{AC3F7802-D1C9-0A33-A942-DC5E6F9D796E}" = Catalyst Control Center Localization Chinese Traditional
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AE140B16-AE8C-8BB0-D518-00ECB4CF7D03}" = CCC Help Thai
"{AE219DD8-1BBA-6EBE-D425-7C2C4D998FF1}" = ccc-core-static
"{AFC3D130-069B-12FE-83EF-1DADC765ECEA}" = CCC Help Chinese Standard
"{B11022C0-D0A5-3B00-DDA7-83C147EBB888}" = Catalyst Control Center Localization Portuguese
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{BB510D08-023C-31F2-0314-CD09ECBADA6F}" = CCC Help Finnish
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7724EFE-4992-F2F9-2B90-B567837C4FB0}" = Catalyst Control Center Localization Danish
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA4110E-F079-AE5C-37C6-D708BCAA9D8A}" = CCC Help Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D47C1EC7-3C98-06CA-5984-E80488024F20}" = Catalyst Control Center Localization Korean
"{D4A1A861-F3C5-569E-364F-CE63751CC266}" = Catalyst Control Center Core Implementation
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DAA19C88-9787-33FB-8931-50F727AB48D3}" = CCC Help Danish
"{E0CBCABF-1A89-2225-5030-B2477AE952D5}" = CCC Help Norwegian
"{E2DA8D90-592E-3DE6-2361-A869AB473101}" = CCC Help Italian
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EFA52078-2BB4-A3AA-27EB-171F84B64126}" = Catalyst Control Center Localization Dutch
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{F41C8F4B-E359-2FF3-4C72-AD86EA5C690D}" = CCC Help Korean
"{FD9A2359-5EFB-56D0-BA76-C2F88D6693A1}" = Catalyst Control Center Localization Finnish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Hardware Diagnose Tools
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"StarCraft II" = StarCraft II
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"WildTangent hp Master Uninstall" = My HP Games
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.04.2011 11:17:09 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 22.04.2011 11:21:54 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22.04.2011 11:24:13 | Computer Name = ***-PC | Source = VSS | ID = 8194
Description =
 
Error - 22.04.2011 11:33:40 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 22.04.2011 11:37:28 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22.04.2011 12:01:27 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22.04.2011 12:25:23 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22.04.2011 12:49:28 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 22.04.2011 13:02:49 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22.04.2011 13:16:42 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "" aus.
 
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "" aus.
 
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "" aus.
 
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "" aus.
 
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "" aus.
 
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "" aus.
 
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "" aus.
 
Error - 22.04.2011 14:10:01 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "C:" aus.
 
Error - 22.04.2011 14:10:37 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
 
Error - 22.04.2011 14:11:50 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---


Hier das Malwarebytes Logfile:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6447

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

26.04.2011 13:04:56
mbam-log-2011-04-26 (13-04-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 287195
Laufzeit: 49 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 8

Infizierte Speicherprozesse:
c:\programdata\vkecjcxhfiqs.exe (Trojan.FakeAlert) -> 3012 -> Unloaded process successfully.
c:\programdata\41803528.exe (Trojan.FakeAlert) -> 3276 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vKECjCxHfiQS (Trojan.FakeAlert) -> Value: vKECjCxHfiQS -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\vkecjcxhfiqs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\41803528.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\FNID4LBS\about[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\virtualized\C\Users\***\Desktop\null0.5308003643368937.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\Low\jar_cache45453.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

markusg 26.04.2011 18:10
• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
PRC - C:\ProgramData\41803528.exe ()
PRC - C:\ProgramData\vKECjCxHfiQS.exe (WinTrust)
O4 - HKCU..\Run: [vKECjCxHfiQS] C:\ProgramData\vKECjCxHfiQS.exe (WinTrust)
[2011.04.25 17:38:24 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.25 17:39:25 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~41803528r
[2011.04.25 17:39:25 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~41803528
[2011.04.25 17:38:19 | 000,000,344 | -H-- | M] () -- C:\ProgramData\41803528
[2011.04.25 17:38:18 | 000,487,424 | ---- | M] () -- C:\ProgramData\41803528.exe

:Files
C:\ProgramData\vKECjCxHfiQS.exe
C:\ProgramData\41803528.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar
öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html

Tobin 27.04.2011 08:54
Ok, danke schonmal für die Hilfe!
Hier das Textdokument:

All processes killed
========== OTL ==========
No active process named 41803528.exe was found!
No active process named vKECjCxHfiQS.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vKECjCxHfiQS not found.
File C:\ProgramData\vKECjCxHfiQS.exe not found.
Folder C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\ not found.
C:\ProgramData\~41803528r moved successfully.
C:\ProgramData\~41803528 moved successfully.
C:\ProgramData\41803528 moved successfully.
File C:\ProgramData\41803528.exe not found.
========== FILES ==========
File\Folder C:\ProgramData\vKECjCxHfiQS.exe not found.
File\Folder C:\ProgramData\41803528.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: ***
->Flash cache emptied: 2865 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ***
->Temp folder emptied: 20043681 bytes
->Temporary Internet Files folder emptied: 263276516 bytes
->Java cache emptied: 110155 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4206739 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 274,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04272011_094538

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

markusg 27.04.2011 09:31
upload hat geklappt.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Tobin 27.04.2011 09:56
Der Virus ist bei mir wieder aufgetaucht! ComboFix habe Ich noch nicht benutzt. Was soll Ich tun? Einfach nochmal OTL-Logs und Malwarebytes Logs posten?


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:29 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19