| mac miller | 28.04.2011 00:03 |
die OTL logfile: Code:
OTL logfile created on: 27.04.2011 19:04:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = E:\Dokumente und Einstellungen\michis 89\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme
Drive C: | 9,77 Gb Total Space | 9,29 Gb Free Space | 95,08% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 97,13 Gb Free Space | 99,46% Space Free | Partition Type: NTFS
Drive E: | 125,46 Gb Total Space | 80,65 Gb Free Space | 64,28% Space Free | Partition Type: NTFS
Computer Name: GGG-L2BQ9QO5YI8 | User Name: michis 89 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - E:\Dokumente und Einstellungen\michis 89\Desktop\OTL.exe (OldTimer Tools)
PRC - E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tPaGgPbDdnkYyE.exe ()
PRC - E:\Dokumente und Einstellungen\michis 89\Lokale Einstellungen\Temp\csrss.exe ()
PRC - E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Microsoft\conhost.exe ()
PRC - E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\dwm.exe ()
PRC - E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - E:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - E:\Programme\QIP\qip.exe (The Author of QIP)
PRC - E:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - E:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - E:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - E:\Dokumente und Einstellungen\michis 89\Desktop\OTL.exe (OldTimer Tools)
MOD - E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (SSHNAS) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (NMSAccess) -- E:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirService) -- E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ose) -- E:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (sptd) -- E:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ati2mtag) -- E:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (avgntflt) -- E:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (StarOpen) -- E:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- E:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- E:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (ssmdrv) -- E:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- E:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- E:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (rt2870) -- E:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (Ambfilt) -- E:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (FWLANUSB) -- E:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (Monfilt) -- E:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214440339-1500820517-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.qip.ru
IE - HKU\S-1-5-21-1214440339-1500820517-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKU\S-1-5-21-1214440339-1500820517-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKU\S-1-5-21-1214440339-1500820517-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1214440339-1500820517-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKU\S-1-5-21-1214440339-1500820517-839522115-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1214440339-1500820517-839522115-1004\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1214440339-1500820517-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1214440339-1500820517-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62848
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Games Bar 1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0521
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.50
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="
FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: E:\WINDOWS\system32\5015 [2011.04.22 20:03:38 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: E:\Programme\Mozilla Firefox\components [2011.03.25 18:46:02 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2011.03.24 15:35:04 | 000,000,000 | -H-D | M]
[2010.02.14 14:34:04 | 000,000,000 | -H-D | M] (No name found) -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Mozilla\Extensions
[2011.04.26 19:19:39 | 000,000,000 | -H-D | M] (No name found) -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Mozilla\Firefox\Profiles\rupwj7zs.default\extensions
[2010.05.19 18:29:45 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Mozilla\Firefox\Profiles\rupwj7zs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.02 21:44:31 | 000,000,000 | -H-D | M] (AIM Toolbar) -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Mozilla\Firefox\Profiles\rupwj7zs.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010.05.29 19:37:35 | 000,000,000 | -H-D | M] ("CoolPreviews") -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Mozilla\Firefox\Profiles\rupwj7zs.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010.11.03 12:15:25 | 000,000,000 | -H-D | M] ("BitDefender QuickScan") -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Mozilla\Firefox\Profiles\rupwj7zs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.04.02 22:04:07 | 000,002,267 | -H-- | M] () -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Mozilla\Firefox\Profiles\rupwj7zs.default\searchplugins\aim-search.xml
[2010.02.20 00:56:04 | 000,000,925 | -H-- | M] () -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Mozilla\Firefox\Profiles\rupwj7zs.default\searchplugins\conduit.xml
[2011.04.25 02:16:17 | 000,000,950 | -H-- | M] () -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Mozilla\Firefox\Profiles\rupwj7zs.default\searchplugins\icqplugin-1.xml
[2010.03.01 03:39:29 | 000,000,944 | -H-- | M] () -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Mozilla\Firefox\Profiles\rupwj7zs.default\searchplugins\icqplugin.xml
[2010.02.14 20:52:45 | 000,002,061 | -H-- | M] () -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Mozilla\Firefox\Profiles\rupwj7zs.default\searchplugins\qipsearch.xml
[2011.04.26 19:19:39 | 000,000,000 | -H-D | M] (No name found) -- E:\Programme\Mozilla Firefox\extensions
[2010.05.18 22:21:26 | 000,000,000 | -H-D | M] (Java Quick Starter) -- E:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.04.22 20:03:38 | 000,000,000 | -H-D | M] (Java String Helper) -- E:\WINDOWS\SYSTEM32\5015
[2010.08.17 19:39:31 | 000,001,392 | -H-- | M] () -- E:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.17 19:39:31 | 000,002,344 | -H-- | M] () -- E:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.17 19:39:31 | 000,006,805 | -H-- | M] () -- E:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.17 19:39:31 | 000,001,178 | -H-- | M] () -- E:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.17 19:39:31 | 000,001,105 | -H-- | M] () -- E:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2003.04.02 14:00:00 | 000,000,820 | -H-- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {C689C99E-3A8C-4c87-A79C-C80DC9C81632} - E:\WINDOWS\system32\AcroIEHelpe028.dll (Adobe Systems, Incorporated)
O4 - HKLM..\Run: [avgnt] E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] E:\Programme\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [conhost] E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [DivXUpdate] E:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DrvIcon] File not found
O4 - HKLM..\Run: [StartCCC] E:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004..\Run: [Infium] File not found
O4 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004..\Run: [LClock] File not found
O4 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004..\Run: [MSMSGS] File not found
O4 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004..\Run: [RocketDock] File not found
O4 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004..\Run: [RSxWcWRakP] E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RSxWcWRakP.exe ()
O4 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004..\Run: [scIeDgaoTLYN] E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\scIeDgaoTLYN.exe ()
O4 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004..\Run: [Steam] E:\Programme\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004..\Run: [TOY5KNQ8OC] File not found
O4 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004..\Run: [tPaGgPbDdnkYyE] E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tPaGgPbDdnkYyE.exe ()
O4 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004..\Run: [UpdateMyDrivers] File not found
O4 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004..\Run: [ViOrb] File not found
O4 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004..\Run: [Vista Rainbar] File not found
O4 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004..\Run: [ViStart] File not found
O4 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004..\Run: [VisualTooltip] File not found
F3 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004 WinNT: Load - (E:\DOKUME~1\MICHIS~1\LOKALE~1\Temp\csrss.exe) - E:\Dokumente und Einstellungen\michis 89\Lokale Einstellungen\Temp\csrss.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O15 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004\..Trusted Domains: ([]msn in Arbeitsplatz)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\appconf32.exe) - E:\WINDOWS\system32\appconf32.exe ()
O20 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004 Winlogon: Shell - (explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1214440339-1500820517-839522115-1004 Winlogon: Shell - (E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\dwm.exe) - E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\dwm.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: E:\Dokumente und Einstellungen\michis 89\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Dokumente und Einstellungen\michis 89\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.14 00:46:24 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4c2143b6-69c6-11df-aebb-001d92e09d47}\Shell - "" = AutoRun
O33 - MountPoints2\{4c2143b6-69c6-11df-aebb-001d92e09d47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4c2143b6-69c6-11df-aebb-001d92e09d47}\Shell\AutoRun\command - "" = H:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - e:\WINDOWS\system32\Rundll32.exe e:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - E:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.l3acm - E:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - E:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - E:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - E:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - E:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.yv12 - E:\WINDOWS\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)
========== Files/Folders - Created Within 30 Days ==========
[2011.04.27 19:01:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- E:\Dokumente und Einstellungen\michis 89\Desktop\OTL.exe
[2011.04.27 14:21:52 | 000,000,000 | -HSD | C] -- E:\Dokumente und Einstellungen\michis 89\Recent
[2011.04.26 18:55:53 | 000,236,496 | -H-- | C] (Adobe Systems, Incorporated) -- E:\WINDOWS\System32\AcroIEHelpe028.dll
[2011.04.22 20:32:59 | 000,000,000 | -H-D | C] -- E:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2011.04.22 20:03:38 | 000,000,000 | -H-D | C] -- E:\WINDOWS\System32\5015
[2011.04.22 20:03:26 | 000,000,000 | -H-D | C] -- E:\WINDOWS\System32\xmldm
[2011.04.22 20:03:25 | 000,000,000 | -H-D | C] -- E:\WINDOWS\System32\kock
[2011.04.22 18:35:20 | 000,000,000 | -H-D | C] -- E:\Dokumente und Einstellungen\michis 89\Startmenü\Programme\Windows Recovery
[2011.04.22 18:16:19 | 000,004,224 | -H-- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\beep.sys
[2011.04.19 23:08:50 | 000,000,000 | -H-D | C] -- E:\Dokumente und Einstellungen\michis 89\Desktop\Gaga
[2011.04.16 19:57:32 | 000,000,000 | -H-D | C] -- E:\Programme\minecraft-1.0.17_02
[2011.04.06 22:51:16 | 000,000,000 | -H-D | C] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\.minecraft
[3 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\drivers\*.tmp files -> E:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.04.27 19:02:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\michis 89\Desktop\OTL.exe
[2011.04.27 18:59:58 | 000,067,551 | -H-- | M] () -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\490A.978
[2011.04.27 18:49:00 | 000,000,296 | -H-- | M] () -- E:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2011.04.27 18:09:00 | 000,000,248 | -H-- | M] () -- E:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011.04.27 15:28:08 | 000,573,440 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\scIeDgaoTLYN.exe
[2011.04.27 14:07:05 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2011.04.27 00:14:42 | 000,573,440 | -H-- | M] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RSxWcWRakP.exe
[2011.04.26 18:55:53 | 000,236,496 | -H-- | M] (Adobe Systems, Incorporated) -- E:\WINDOWS\System32\AcroIEHelpe028.dll
[2011.04.26 18:52:33 | 000,002,422 | -H-- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2011.04.24 15:15:31 | 000,118,952 | -H-- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.22 20:49:49 | 000,000,000 | -H-- | M] () -- E:\Dokumente und Einstellungen\michis 89\null0.5605905604023994.exe
[2011.04.22 20:34:59 | 000,000,000 | -H-- | M] () -- E:\Dokumente und Einstellungen\michis 89\null0.038919709098624744.exe
[2011.04.22 18:36:39 | 000,000,136 | -H-- | M] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~16441140r
[2011.04.22 18:36:39 | 000,000,120 | -H-- | M] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~16441140
[2011.04.22 18:35:32 | 000,000,823 | -H-- | M] () -- E:\Dokumente und Einstellungen\michis 89\Desktop\Windows Recovery.lnk
[2011.04.22 18:35:11 | 000,000,336 | -H-- | M] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\16441140
[2011.04.22 18:35:06 | 000,487,424 | -H-- | M] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\16441140.exe
[2011.04.22 18:30:10 | 000,448,470 | -H-- | M] () -- E:\WINDOWS\System32\perfh007.dat
[2011.04.22 18:30:10 | 000,432,356 | -H-- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2011.04.22 18:30:10 | 000,080,104 | -H-- | M] () -- E:\WINDOWS\System32\perfc007.dat
[2011.04.22 18:30:10 | 000,067,312 | -H-- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2011.04.22 18:14:46 | 000,569,344 | -H-- | M] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tPaGgPbDdnkYyE.exe
[2011.04.16 19:57:21 | 032,709,290 | -H-- | M] () -- E:\Programme\minecraft-1.0.17_02.tar.gz
[2011.04.09 16:32:24 | 000,176,640 | -H-- | M] () -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\dwm.exe
[3 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\drivers\*.tmp files -> E:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.04.27 15:28:08 | 000,573,440 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\scIeDgaoTLYN.exe
[2011.04.26 20:52:58 | 000,573,440 | -H-- | C] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RSxWcWRakP.exe
[2011.04.22 20:49:49 | 000,000,000 | -H-- | C] () -- E:\Dokumente und Einstellungen\michis 89\null0.5605905604023994.exe
[2011.04.22 20:34:59 | 000,000,000 | -H-- | C] () -- E:\Dokumente und Einstellungen\michis 89\null0.038919709098624744.exe
[2011.04.22 18:36:39 | 000,000,136 | -H-- | C] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~16441140r
[2011.04.22 18:36:38 | 000,000,120 | -H-- | C] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~16441140
[2011.04.22 18:35:31 | 000,000,823 | -H-- | C] () -- E:\Dokumente und Einstellungen\michis 89\Desktop\Windows Recovery.lnk
[2011.04.22 18:35:11 | 000,000,336 | -H-- | C] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\16441140
[2011.04.22 18:35:06 | 000,487,424 | -H-- | C] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\16441140.exe
[2011.04.22 18:14:46 | 000,569,344 | -H-- | C] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tPaGgPbDdnkYyE.exe
[2011.04.16 19:57:08 | 032,709,290 | -H-- | C] () -- E:\Programme\minecraft-1.0.17_02.tar.gz
[2011.03.19 03:42:38 | 025,154,260 | -H-- | C] () -- E:\Programme\Darkfall_v1.0.43.rar
[2011.03.17 00:56:35 | 000,176,640 | -H-- | C] () -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\dwm.exe
[2011.03.06 23:00:38 | 000,067,551 | -H-- | C] () -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\490A.978
[2010.11.14 22:12:01 | 000,007,168 | -H-- | C] () -- E:\WINDOWS\System32\drivers\StarOpen.sys
[2010.10.07 21:41:55 | 000,008,704 | -H-- | C] () -- E:\WINDOWS\System32\CNMVS7J.DLL
[2010.07.14 16:36:43 | 000,015,312 | -H-- | C] () -- E:\WINDOWS\System32\RaCoInst.dat
[2010.05.27 21:30:32 | 000,097,312 | -H-- | C] () -- E:\WINDOWS\System32\drivers\Fwusb1b.bin
[2010.05.19 15:28:19 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\popcreg.dat
[2010.05.18 23:12:30 | 000,000,025 | -H-- | C] () -- E:\WINDOWS\popcinfot.dat
[2010.02.19 21:57:26 | 000,000,664 | -H-- | C] () -- E:\WINDOWS\System32\d3d9caps.dat
[2010.02.15 01:03:01 | 000,111,104 | -H-- | C] () -- E:\WINDOWS\System32\uharc.exe
[2010.02.15 01:03:01 | 000,008,636 | -H-- | C] () -- E:\WINDOWS\System32\modifype.exe
[2010.02.14 18:05:06 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\ativpsrm.bin
[2010.02.14 17:52:01 | 000,593,920 | -H-- | C] () -- E:\WINDOWS\System32\ati2sgag.exe
[2010.02.14 16:12:34 | 000,189,796 | -H-- | C] () -- E:\WINDOWS\System32\drivers\RTConvEQ.dat
[2010.02.14 16:12:34 | 000,001,112 | -H-- | C] () -- E:\WINDOWS\System32\drivers\RtHdatEx.dat
[2010.02.14 16:12:34 | 000,000,712 | -H-- | C] () -- E:\WINDOWS\System32\drivers\SamSfPa.dat
[2010.02.14 16:12:34 | 000,000,520 | -H-- | C] () -- E:\WINDOWS\System32\drivers\RTEQEX2.dat
[2010.02.14 16:12:34 | 000,000,520 | -H-- | C] () -- E:\WINDOWS\System32\drivers\RTEQEX1.dat
[2010.02.14 16:12:34 | 000,000,520 | -H-- | C] () -- E:\WINDOWS\System32\drivers\RTEQEX0.dat
[2010.02.14 16:12:34 | 000,000,008 | -H-- | C] () -- E:\WINDOWS\System32\drivers\rtkhdaud.dat
[2010.02.14 16:11:04 | 000,073,728 | -H-- | C] () -- E:\WINDOWS\System32\RtNicProp32.dll
[2010.02.14 16:01:58 | 000,004,940 | -H-- | C] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mtbjfghn.xbe
[2010.02.14 15:59:01 | 000,005,632 | -H-- | C] () -- E:\Dokumente und Einstellungen\michis 89\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.14 14:33:58 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\nsreg.dat
[2010.02.14 00:47:15 | 000,002,048 | --S- | C] () -- E:\WINDOWS\bootstat.dat
[2010.02.14 00:45:00 | 000,021,740 | -H-- | C] () -- E:\WINDOWS\System32\emptyregdb.dat
[2010.02.14 00:40:46 | 000,004,161 | -H-- | C] () -- E:\WINDOWS\ODBCINST.INI
[2010.02.14 00:40:06 | 000,118,952 | -H-- | C] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2008.12.09 17:23:13 | 000,047,840 | RHS- | C] () -- E:\WINDOWS\System32\appconf32.exe
[2008.10.29 03:40:41 | 003,107,788 | -H-- | C] () -- E:\WINDOWS\System32\ativvaxx.dat
[2008.10.29 03:40:41 | 000,887,724 | -H-- | C] () -- E:\WINDOWS\System32\ativva6x.dat
[2008.10.29 03:40:41 | 000,000,003 | -H-- | C] () -- E:\WINDOWS\System32\ativva5x.dat
[2008.10.21 18:40:00 | 000,294,912 | -H-- | C] () -- E:\WINDOWS\System32\ATIODE.exe
[2008.10.21 18:40:00 | 000,045,056 | -H-- | C] () -- E:\WINDOWS\System32\ATIODCLI.exe
[2008.08.14 19:42:21 | 000,197,982 | -H-- | C] () -- E:\WINDOWS\System32\atiicdxx.dat
[2004.08.02 15:20:40 | 000,004,569 | -H-- | C] () -- E:\WINDOWS\System32\secupd.dat
[2003.04.02 14:00:00 | 013,107,200 | -H-- | C] () -- E:\WINDOWS\System32\oembios.bin
[2003.04.02 14:00:00 | 000,673,088 | -H-- | C] () -- E:\WINDOWS\System32\mlang.dat
[2003.04.02 14:00:00 | 000,448,470 | -H-- | C] () -- E:\WINDOWS\System32\perfh007.dat
[2003.04.02 14:00:00 | 000,432,356 | -H-- | C] () -- E:\WINDOWS\System32\perfh009.dat
[2003.04.02 14:00:00 | 000,272,128 | -H-- | C] () -- E:\WINDOWS\System32\perfi009.dat
[2003.04.02 14:00:00 | 000,269,480 | -H-- | C] () -- E:\WINDOWS\System32\perfi007.dat
[2003.04.02 14:00:00 | 000,218,003 | -H-- | C] () -- E:\WINDOWS\System32\dssec.dat
[2003.04.02 14:00:00 | 000,080,104 | -H-- | C] () -- E:\WINDOWS\System32\perfc007.dat
[2003.04.02 14:00:00 | 000,067,312 | -H-- | C] () -- E:\WINDOWS\System32\perfc009.dat
[2003.04.02 14:00:00 | 000,046,258 | -H-- | C] () -- E:\WINDOWS\System32\mib.bin
[2003.04.02 14:00:00 | 000,034,478 | -H-- | C] () -- E:\WINDOWS\System32\perfd007.dat
[2003.04.02 14:00:00 | 000,028,626 | -H-- | C] () -- E:\WINDOWS\System32\perfd009.dat
[2003.04.02 14:00:00 | 000,027,440 | -H-- | C] () -- E:\WINDOWS\System32\drivers\secdrv.sys
[2003.04.02 14:00:00 | 000,004,461 | -H-- | C] () -- E:\WINDOWS\System32\oembios.dat
[2003.04.02 14:00:00 | 000,001,788 | -H-- | C] () -- E:\WINDOWS\System32\dcache.bin
[2003.04.02 14:00:00 | 000,000,741 | -H-- | C] () -- E:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2010.04.02 21:44:19 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AIM
[2010.11.14 22:12:07 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.10.07 21:41:57 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010.05.19 14:57:10 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010.02.20 19:41:24 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2010.02.14 16:36:28 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010.05.18 23:15:25 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap Games
[2011.04.16 19:59:45 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\.minecraft
[2010.04.02 21:45:08 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\acccore
[2010.11.14 22:12:07 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Canneverbe Limited
[2010.05.19 15:16:54 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\DAEMON Tools Lite
[2010.02.20 19:31:06 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\GetRightToGo
[2010.02.14 20:48:18 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\ICQ
[2010.02.14 21:42:34 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\ICQLite
[2010.05.20 17:50:01 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\LucasArts
[2010.10.12 21:27:02 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Miranda
[2010.05.04 01:50:27 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Opera
[2010.10.11 21:25:55 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\QIP
[2010.11.18 23:44:04 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\QuickScan
[2010.02.15 01:11:22 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Styler
[2010.02.15 01:08:25 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\ViStart
[2011.04.27 18:09:00 | 000,000,248 | -H-- | M] () -- E:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011.04.27 18:49:00 | 000,000,296 | -H-- | M] () -- E:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.04.16 19:59:45 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\.minecraft
[2010.04.02 21:45:08 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\acccore
[2010.02.14 17:09:09 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Adobe
[2010.02.14 19:53:36 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\ATI
[2010.11.14 22:12:07 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Canneverbe Limited
[2010.05.19 15:16:54 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\DAEMON Tools Lite
[2011.03.07 03:34:45 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\DivX
[2010.02.20 19:31:06 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\GetRightToGo
[2010.07.22 21:14:03 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Google
[2010.02.14 20:48:18 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\ICQ
[2010.02.14 21:42:34 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\ICQLite
[2010.02.14 00:48:54 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Identities
[2010.07.14 16:36:27 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\InstallShield
[2010.05.20 17:50:01 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\LucasArts
[2010.02.14 17:09:09 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Macromedia
[2011.04.22 17:59:22 | 000,000,000 | --SD | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Microsoft
[2010.10.12 21:27:02 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Miranda
[2010.02.14 14:34:04 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Mozilla
[2010.02.14 13:53:55 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\MSN6
[2010.05.04 01:50:27 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Opera
[2010.10.11 21:25:55 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\QIP
[2010.11.18 23:44:04 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\QuickScan
[2010.02.15 01:11:22 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Styler
[2010.05.18 22:21:01 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Sun
[2010.02.15 01:08:25 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\ViStart
[2010.02.14 17:46:49 | 000,000,000 | -H-D | M] -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\WinRAR
< %APPDATA%\*.exe /s >
[2011.04.09 16:32:24 | 000,176,640 | -H-- | M] () -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\dwm.exe
[2011.04.22 17:06:44 | 000,168,448 | -H-- | M] () -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Microsoft\conhost.exe
[2010.02.14 16:23:07 | 000,010,134 | RH-- | M] () -- E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Microsoft\Installer\{71CFE572-6C01-96C4-F90E-36C147C98123}\ARPPRODUCTICON.exe
< %SYSTEMDRIVE%\*.exe >
[2004.12.14 12:24:24 | 362,331,961 | -H-- | M] (InstallShield Software Corporation) -- E:\GTA2.exe
< MD5 for: AGP440.SYS >
[2004.08.04 02:10:00 | 018,782,319 | -H-- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.04 02:10:00 | 018,782,319 | -H-- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- E:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- E:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2003.04.02 14:00:00 | 010,180,476 | -H-- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.04 02:10:00 | 018,782,319 | -H-- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.04 02:10:00 | 018,782,319 | -H-- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2003.04.02 14:00:00 | 000,086,912 | -H-- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- E:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- E:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[2004.08.04 01:57:20 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- E:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004.08.04 01:57:20 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- E:\WINDOWS\system32\eventlog.dll
[2003.04.02 14:00:00 | 000,049,152 | -H-- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- E:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2003.04.02 14:00:00 | 001,007,104 | -H-- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- E:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- E:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe
[2004.08.04 01:57:54 | 000,977,920 | -H-- | M] (Microsoft Corporation) MD5=B233DD25CA5579DA6156B2CAE91EA5F9 -- E:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.04 01:57:54 | 001,425,920 | -H-- | M] (Microsoft Corporation) MD5=D1AF72FC219FA4E43319BD4E3C821771 -- E:\WINDOWS\explorer.exe
< MD5 for: NETLOGON.DLL >
[2008.04.14 04:22:19 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- E:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[2003.04.02 14:00:00 | 000,399,360 | -H-- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- E:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004.08.04 01:57:32 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- E:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004.08.04 01:57:32 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- E:\WINDOWS\system32\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- E:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- E:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 04:22:23 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- E:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[2004.08.04 01:57:34 | 000,186,880 | -H-- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- E:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004.08.04 01:57:34 | 000,186,880 | -H-- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- E:\WINDOWS\system32\scecli.dll
[2003.04.02 14:00:00 | 000,181,248 | -H-- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- E:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2004.08.04 01:57:38 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- E:\WINDOWS\ServicePackFiles\i386\user32.dll
[2004.08.04 01:57:38 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- E:\WINDOWS\system32\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- E:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll
[2003.04.02 14:00:00 | 000,561,664 | -H-- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- E:\WINDOWS\$NtServicePackUninstall$\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- E:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2003.04.02 14:00:00 | 000,022,528 | -H-- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- E:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004.08.04 01:58:18 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- E:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004.08.04 01:58:18 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- E:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.04 01:58:20 | 000,507,392 | -H-- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- E:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004.08.04 01:58:20 | 000,507,392 | -H-- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- E:\WINDOWS\system32\winlogon.exe
[2003.04.02 14:00:00 | 000,521,728 | -H-- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- E:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- E:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2003.04.02 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- E:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2003.04.02 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- E:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.05.19 14:57:28 | 000,691,696 | -H-- | M] () Unable to obtain MD5 -- E:\WINDOWS\system32\drivers\sptd.sys
[1 E:\WINDOWS\system32\drivers\*.tmp files -> E:\WINDOWS\system32\drivers\*.tmp -> ]
< %systemroot%\System32\config\*.sav >
[2010.02.14 01:39:14 | 000,094,208 | -H-- | M] () -- E:\WINDOWS\system32\config\default.sav
[2010.02.14 01:39:14 | 000,606,208 | -H-- | M] () -- E:\WINDOWS\system32\config\software.sav
[2010.02.14 01:39:14 | 000,405,504 | -H-- | M] () -- E:\WINDOWS\system32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[3 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ]
< End of report >
die OTL Extra logfile: Code:
OTL Extras logfile created on: 27.04.2011 19:04:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = E:\Dokumente und Einstellungen\michis 89\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme
Drive C: | 9,77 Gb Total Space | 9,29 Gb Free Space | 95,08% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 97,13 Gb Free Space | 99,46% Space Free | Partition Type: NTFS
Drive E: | 125,46 Gb Total Space | 80,65 Gb Free Space | 64,28% Space Free | Partition Type: NTFS
Computer Name: GGG-L2BQ9QO5YI8 | User Name: michis 89 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1214440339-1500820517-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Programme\Steam\Steam.exe" = E:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"E:\Programme\QIP\qip.exe" = E:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"E:\Programme\AIM\aim.exe" = E:\Programme\AIM\aim.exe:*:Enabled:AIM
"E:\Programme\Opera\opera.exe" = E:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"E:\Programme\Java\jre6\bin\javaw.exe" = E:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"E:\Programme\Silent Hunter 5\sh5.exe" = E:\Programme\Silent Hunter 5\sh5.exe:*:Enabled:Silent Hunter 5 -- (Ubisoft)
"E:\Programme\Silent Hunter 5\data\Browser\UPlayBrowser.exe" = E:\Programme\Silent Hunter 5\data\Browser\UPlayBrowser.exe:*:Disabled:UPlayBrowser Application -- (Ubisoft Entertainment)
"E:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = E:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
"E:\Programme\Tactical Ops\System\TacticalOps.exe" = E:\Programme\Tactical Ops\System\TacticalOps.exe:*:Enabled:TacticalOps -- ()
"E:\Programme\Steam\steamapps\h3711133\counter-strike\hl.exe" = E:\Programme\Steam\steamapps\h3711133\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"E:\Programme\Steam\steamapps\h3711133\zombie panic! source\hl2.exe" = E:\Programme\Steam\steamapps\h3711133\zombie panic! source\hl2.exe:*:Enabled:Zombie Panic Source -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E15D21-B68B-D7C4-574B-636E2D1ECEBE}" = Catalyst Control Center HydraVision Full
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{1170F665-2359-E439-5BC5-932B87423EF1}" = ccc-utility
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D74E81-5DED-C7EE-8807-91A8800212FA}" = ccc-core-preinstall
"{41C01225-45FD-7BCE-1EDA-F7E50945ADD7}" = Catalyst Control Center Core Implementation
"{5E8E1294-7951-6DA9-10F1-C877871346F3}" = Skins
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{71CFE572-6C01-96C4-F90E-36C147C98123}" = Catalyst Control Center InstallProxy
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{826F3B4F-C597-AF1D-4CB1-2F441BE8E2BF}" = ccc-core-static
"{87B20692-9E9D-FAE0-76C7-E75E3CC7B0D1}" = Catalyst Control Center Graphics Full Existing
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A816AE22-1878-CACA-7541-47C56F9A96F7}" = ATI Catalyst Install Manager
"{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29769BE-BEDF-DC9E-67A9-5E7AEFF039CF}" = CCC Help English
"{C740289B-FC90-D938-8317-1FFEBF7C04DB}" = Catalyst Control Center Graphics Previews Common
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F30A8BF7-288C-57C0-357E-6D67BB694682}" = Catalyst Control Center Graphics Full New
"{F30C2271-5D81-42DB-81C2-DD7853118F1E}" = W311U
"{F54543CF-EC73-D847-1780-84A6420EA229}" = Catalyst Control Center Graphics Light
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Elecard MPEG-2 Decoder&Streaming Plug-in for WMP 3.7.90209" = Elecard MPEG-2 Decoder&Streaming Plug-in for WMP
"JDownloader" = JDownloader
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Plants vs. Zombies" = Plants vs. Zombies
"ST6UNST #1" = BEWERBUNGSMASTER AZUBI
"ST6UNST #2" = BEWERBUNGSMASTER AZUBI (E:\Programme\BEWERBUNGSMASTER\)
"ST6UNST #3" = BEWERBUNGSMASTER AZUBI (E:\Programme\BEWERBUNGSMASTER\) #3
"Steam App 10" = Counter-Strike
"Steam App 17505" = Zombie Panic Source Dedicated Server
"Steam App 220" = Half-Life 2
"Tactical Ops" = Tactical Ops
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1214440339-1500820517-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8097
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
und die GMER logfile: Code:
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-27 19:35:57
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e SAMSUNG_HD252HJ rev.1AC01113
Running: g2m3e4r.exe; Driver: E:\DOKUME~1\MICHIS~1\LOKALE~1\Temp\pgloruog.sys
---- System - GMER 1.0.15 ----
SSDT BA6A52F6 ZwCreateKey
SSDT BA6A52EC ZwCreateThread
SSDT BA6A52FB ZwDeleteKey
SSDT BA6A5305 ZwDeleteValueKey
SSDT sppf.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT sppf.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT BA6A530A ZwLoadKey
SSDT sppf.sys ZwOpenKey [0xB9EB50C0]
SSDT BA6A52D8 ZwOpenProcess
SSDT BA6A52DD ZwOpenThread
SSDT sppf.sys ZwQueryKey [0xB9ECE20A]
SSDT sppf.sys ZwQueryValueKey [0xB9ECE08A]
SSDT BA6A5314 ZwReplaceKey
SSDT BA6A530F ZwRestoreKey
SSDT BA6A5300 ZwSetValueKey
SSDT BA6A52E7 ZwTerminateProcess
INT 0x62 ? 89D5FBF8
INT 0x73 ? 89BB8F00
INT 0x83 ? 89D5FBF8
INT 0xB4 ? 89BB8F00
---- Kernel code sections - GMER 1.0.15 ----
? sppf.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B950E62C 5 Bytes JMP 89BB84E0
.text E:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB8FEA000, 0x223937, 0xE8000020]
.text az14ewxy.SYS B8F9C386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text az14ewxy.SYS B8F9C3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text az14ewxy.SYS B8F9C3C4 3 Bytes [00, 80, 02]
.text az14ewxy.SYS B8F9C3C9 1 Byte [30]
.text az14ewxy.SYS B8F9C3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text E:\Programme\CDBurnerXP\NMSAccessU.exe[152] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 00720343
.text E:\Programme\CDBurnerXP\NMSAccessU.exe[152] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\Programme\Steam\steam.exe[164] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\WINDOWS\system32\ctfmon.exe[176] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 009D0343
.text E:\WINDOWS\system32\ctfmon.exe[176] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\WINDOWS\System32\svchost.exe[248] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tPaGgPbDdnkYyE.exe[732] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\WINDOWS\Explorer.EXE[796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 015B46DF
.text E:\WINDOWS\Explorer.EXE[796] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\dwm.exe[908] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\WINDOWS\system32\Ati2evxx.exe[1064] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 00DA0343
.text E:\WINDOWS\system32\Ati2evxx.exe[1064] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\WINDOWS\System32\svchost.exe[1204] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\WINDOWS\system32\Ati2evxx.exe[1264] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
? E:\DOKUME~1\MICHIS~1\LOKALE~1\Temp\csrss.exe[1596] number of sections mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dllunknown module: RASAPI32.dllunknown module: WINHTTP.dll
.tls E:\DOKUME~1\MICHIS~1\LOKALE~1\Temp\csrss.exe[1596] E:\DOKUME~1\MICHIS~1\LOKALE~1\Temp\csrss.exe unknown last section [0x0042C000, 0x40000, 0x40000040]
.text E:\WINDOWS\RTHDCPL.EXE[1612] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\Programme\Microsoft IntelliPoint\ipoint.exe[1648] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\Programme\Avira\AntiVir Desktop\avgnt.exe[1688] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\WINDOWS\system32\spoolsv.exe[1760] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\Programme\DivX\DivX Update\DivXUpdate.exe[1848] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\WINDOWS\System32\svchost.exe[1924] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 007D0343
.text E:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\Dokumente und Einstellungen\michis 89\Anwendungsdaten\Microsoft\conhost.exe[1940] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\Programme\Java\jre6\bin\jqs.exe[2020] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\WINDOWS\system32\wuauclt.exe[2796] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\Dokumente und Einstellungen\michis 89\Desktop\g2m3e4r.exe[3336] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\Programme\Mozilla Firefox\firefox.exe[3376] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 004013F0 E:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text E:\Programme\Mozilla Firefox\firefox.exe[3376] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\Programme\Mozilla Firefox\firefox.exe[3376] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E79106
.text E:\Programme\Mozilla Firefox\firefox.exe[3376] wininet.dll!InternetOpenW 7718AEED 5 Bytes JMP 00E7859F
.text E:\Programme\Mozilla Firefox\firefox.exe[3376] wininet.dll!InternetConnectA 7719308A 5 Bytes JMP 00E783BE
.text E:\Programme\Mozilla Firefox\firefox.exe[3376] wininet.dll!InternetOpenA 7719573E 5 Bytes JMP 00E7858D
.text E:\Programme\Mozilla Firefox\firefox.exe[3376] wininet.dll!InternetCrackUrlA 77197519 5 Bytes JMP 00E782C4
.text E:\WINDOWS\system32\attrib.exe[3416] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
.text E:\WINDOWS\system32\wscntfy.exe[3592] kernel32.dll!VirtualFreeEx + 44 7C809B56 1 Byte [40]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89D5E1F8
Device \Driver\PCI_PNP3952 \Device\00000040 sppf.sys
Device \Driver\usbohci \Device\USBPDO-0 89C2D1F8
Device \Driver\usbehci \Device\USBPDO-1 89C291F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B3365361-6F81-43EC-BF84-8B27E1640709} 890291F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89DCF1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89DCF1F8
Device \Driver\Cdrom \Device\CdRom0 89BA21F8
Device \Driver\atapi \Device\Ide\IdePort0 89D5F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89D5F1F8
Device \Driver\atapi \Device\Ide\IdePort1 89D5F1F8
Device \Driver\atapi \Device\Ide\IdePort2 89D5F1F8
Device \Driver\atapi \Device\Ide\IdePort3 89D5F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 89D5F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 89DCF1F8
Device \Driver\Cdrom \Device\CdRom1 89BA21F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 890291F8
Device \Driver\NetBT \Device\NetbiosSmb 890291F8
Device \Driver\usbohci \Device\USBFDO-0 89C2D1F8
Device \Driver\usbehci \Device\USBFDO-1 89C291F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 890281F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 890281F8
Device \Driver\Ftdisk \Device\FtControl 89DCF1F8
Device \Driver\az14ewxy \Device\Scsi\az14ewxy1 89B09500
Device \Driver\az14ewxy \Device\Scsi\az14ewxy1Port4Path0Target0Lun0 89B09500
Device \Driver\sptd \Device\4214268952 sppf.sys
Device \FileSystem\Cdfs \Cdfs 89AA11F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 38073
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x76 0xAC 0x76 0x8F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA0 0x94 0x56 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x28 0xB7 0x3B 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpDomain localdomain
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 192.168.1.1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B51E15EE-3485-4859-BAC9-26FBC417987C}@NTEContextList 0x00000003?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B51E15EE-3485-4859-BAC9-26FBC417987C}@DhcpServer 192.168.1.1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B51E15EE-3485-4859-BAC9-26FBC417987C}@Lease 604800
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B51E15EE-3485-4859-BAC9-26FBC417987C}@LeaseObtainedTime 1303924863
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B51E15EE-3485-4859-BAC9-26FBC417987C}@T1 1304227263
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B51E15EE-3485-4859-BAC9-26FBC417987C}@T2 1304454063
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B51E15EE-3485-4859-BAC9-26FBC417987C}@LeaseTerminatesTime 1304529663
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B51E15EE-3485-4859-BAC9-26FBC417987C}@DhcpIPAddress 192.168.1.75
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B51E15EE-3485-4859-BAC9-26FBC417987C}@DhcpSubnetMask 255.255.255.0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B51E15EE-3485-4859-BAC9-26FBC417987C}@DhcpRetryTime 302397
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B51E15EE-3485-4859-BAC9-26FBC417987C}@DhcpRetryStatus 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B51E15EE-3485-4859-BAC9-26FBC417987C}@DhcpSubnetMaskOpt 255.255.255.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B51E15EE-3485-4859-BAC9-26FBC417987C}@DhcpDefaultGateway 192.168.1.1?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B51E15EE-3485-4859-BAC9-26FBC417987C}@DhcpDomain localdomain
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B51E15EE-3485-4859-BAC9-26FBC417987C}@DhcpNameServer 192.168.1.1
Reg HKLM\SYSTEM\CurrentControlSet\Services\{B51E15EE-3485-4859-BAC9-26FBC417987C}\Parameters\Tcpip@DhcpIPAddress 192.168.1.75
Reg HKLM\SYSTEM\CurrentControlSet\Services\{B51E15EE-3485-4859-BAC9-26FBC417987C}\Parameters\Tcpip@DhcpSubnetMask 255.255.255.0
Reg HKLM\SYSTEM\CurrentControlSet\Services\{B51E15EE-3485-4859-BAC9-26FBC417987C}\Parameters\Tcpip@DhcpServer 192.168.1.1
Reg HKLM\SYSTEM\CurrentControlSet\Services\{B51E15EE-3485-4859-BAC9-26FBC417987C}\Parameters\Tcpip@Lease 604800
Reg HKLM\SYSTEM\CurrentControlSet\Services\{B51E15EE-3485-4859-BAC9-26FBC417987C}\Parameters\Tcpip@LeaseObtainedTime 1303924863
Reg HKLM\SYSTEM\CurrentControlSet\Services\{B51E15EE-3485-4859-BAC9-26FBC417987C}\Parameters\Tcpip@T1 1304227263
Reg HKLM\SYSTEM\CurrentControlSet\Services\{B51E15EE-3485-4859-BAC9-26FBC417987C}\Parameters\Tcpip@T2 1304454063
Reg HKLM\SYSTEM\CurrentControlSet\Services\{B51E15EE-3485-4859-BAC9-26FBC417987C}\Parameters\Tcpip@LeaseTerminatesTime 1304529663
Reg HKLM\SYSTEM\CurrentControlSet\Services\{B51E15EE-3485-4859-BAC9-26FBC417987C}\Parameters\Tcpip@DhcpSubnetMaskOpt 255.255.255.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\{B51E15EE-3485-4859-BAC9-26FBC417987C}\Parameters\Tcpip@DhcpDefaultGateway 192.168.1.1?
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x76 0xAC 0x76 0x8F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA0 0x94 0x56 0x88 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x28 0xB7 0x3B 0x46 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 33
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 29
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@FolderContentsInfoTip 1
---- EOF - GMER 1.0.15 ----
und zu guter letzt der Malwarebytes befund: Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6460
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
28.04.2011 01:33:43
mbam-log-2011-04-28 (01-33-43).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 134768
Laufzeit: 9 Minute(n), 25 Sekunde(n)
Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 11
Infizierte Registrierungswerte: 7
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 2
Infizierte Dateien: 30
Infizierte Speicherprozesse:
e:\dokumente und einstellungen\michis 89\anwendungsdaten\dwm.exe (Trojan.Downloader) -> 740 -> Unloaded process successfully.
e:\dokumente und einstellungen\michis 89\anwendungsdaten\microsoft\conhost.exe (Trojan.Agent.Gen) -> 1628 -> Unloaded process successfully.
e:\dokumente und einstellungen\all users\anwendungsdaten\tpaggpbddnkyye.exe (Trojan.FakeAlert) -> 1660 -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\linkrdr.AIEbho.1 (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\linkrdr.AIEbho (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent.Gen) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tPaGgPbDdnkYyE (Trojan.FakeAlert) -> Value: tPaGgPbDdnkYyE -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RSxWcWRakP (Trojan.FakeAlert) -> Value: RSxWcWRakP -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\scIeDgaoTLYN (Trojan.FakeAlert) -> Value: scIeDgaoTLYN -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TOY5KNQ8OC (Trojan.FakeAlert) -> Value: TOY5KNQ8OC -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent.Gen) -> Bad: (E:\DOKUME~1\MICHIS~1\LOKALE~1\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (E:\WINDOWS\system32\userinit.exe,E:\WINDOWS\system32\appconf32.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
e:\dokumente und einstellungen\michis 89\startmenü\programme\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.
e:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.
Infizierte Dateien:
e:\dokumente und einstellungen\michis 89\anwendungsdaten\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
e:\Dokumente und Einstellungen\michis 89\Lokale Einstellungen\Temp\csrss.exe (Trojan.Agent.Gen) -> Delete on reboot.
e:\dokumente und einstellungen\michis 89\anwendungsdaten\microsoft\conhost.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\all users\anwendungsdaten\tpaggpbddnkyye.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\all users\anwendungsdaten\rsxwcwrakp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\all users\anwendungsdaten\sciedgaotlyn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\all users\anwendungsdaten\16441140.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\WINDOWS\system32\drivers\1233E8.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\michis 89\lokale einstellungen\Temp\-213E8.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\michis 89\lokale einstellungen\Temp\2CD.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\michis 89\lokale einstellungen\Temp\ldr14e2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\michis 89\lokale einstellungen\Temp\jar_cache6428248106548606919.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\michis 89\lokale einstellungen\Temp\jar_cache670859998851048583.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\michis 89\lokale einstellungen\Temp\jar_cache7516404133432404939.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\michis 89\lokale einstellungen\Temp\2BA.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\michis 89\lokale einstellungen\Temp\2BE.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\michis 89\lokale einstellungen\Temp\2BF.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\michis 89\lokale einstellungen\Temp\2CE.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\michis 89\lokale einstellungen\Temp\2A7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\michis 89\lokale einstellungen\Temp\2B9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\michis 89\lokale einstellungen\Temp\2EA.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\michis 89\lokale einstellungen\Temp\jar_cache8688153551341411371.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\michis 89\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\michis 89\startmenü\programme\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
e:\dokumente und einstellungen\michis 89\startmenü\programme\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
e:\WINDOWS\system32\acroiehelpe028.dll (Trojan.Banker) -> Quarantined and deleted successfully.
e:\WINDOWS\system32\srvblck2.tmp (Malware.Trace) -> Quarantined and deleted successfully.
e:\WINDOWS\system32\acroiehelpe.txt (Malware.Trace) -> Quarantined and deleted successfully.
e:\WINDOWS\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
e:\WINDOWS\Tasks\{66ba574b-1e11-49b8-909c-8cc9e0e8e015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
|
