Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   tr/kazy.mekml.1, ebenfalls (https://www.trojaner-board.de/97728-tr-kazy-mekml-1-ebenfalls.html)

nasänder 19.04.2011 21:49
tr/kazy.mekml.1, ebenfalls
 
tr/kazy.mekml.1


Guten Tag,
Ich habe auf meinem Computer scheinbar den selben Virus, wie etliche andere Nutzer dieses Forums ebenfalls.
-Antivir zeigt den Fund von TR/Kazy.mekml.1
-Meldungen dass Festplatte beschädigt ist.
-kein Zugriff auf Dateien
-und schwarzer Hintergrund.

Aufgrund der Regel 1 "Jede Infizierung bedarf individuelle Behandlung" poste ich td mal meine logfiles und hoffe dass ich niemanden langweile ;)

Vielen Dank im Voraus



OTL Logfile:
Code:
OTL logfile created on: 19.04.2011 21:39:12 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Alex
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 44,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,93 Gb Total Space | 409,04 Gb Free Space | 89,91% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-VAIO | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Alex\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\PFmPbJoHGuT.exe (BitSprx)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Sony\VAIO Care\VCSpt.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\attrib.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Alex\OTL.exe (OldTimer Tools)
MOD - c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (SpfService) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.13 14:05:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.03.15 21:26:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.04.19 19:35:54 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20110123230745.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} -  File not found
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -  File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110123230745.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [PFmPbJoHGuT] C:\ProgramData\PFmPbJoHGuT.exe (BitSprx)
O4 - HKCU..\Run: [Stisaq] C:\Users\Alex\AppData\Local\iduqadun.dll (Dritek System Inc.)
O4 - HKCU..\Run: [Tjezesecoqafarip] C:\Users\Alex\AppData\Local\psdrpami.dll (FileZilla Project)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.19 21:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.04.19 21:19:49 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Alex\OTL.exe
[2011.04.19 21:05:22 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011.04.18 11:53:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\ElevatedDiagnostics
[2011.04.18 10:46:43 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{BA61080E-314A-42BE-8C5C-1B7ABE2C72DB}
[2011.04.18 10:45:04 | 000,569,344 | -H-- | C] (BitSprx) -- C:\ProgramData\PFmPbJoHGuT.exe
[2011.04.16 23:39:06 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2011.04.16 23:34:53 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Roaming\DivX
[2011.04.16 23:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011.04.16 23:30:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\DivX
[2011.04.15 12:38:45 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.04.15 12:38:45 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.04.15 12:38:39 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.04.15 12:38:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.04.15 12:38:39 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.04.15 12:38:27 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011.04.15 12:38:27 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011.04.15 12:38:27 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.04.15 12:38:26 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.04.15 12:38:18 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.04.15 12:38:18 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.04.15 12:38:18 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.04.15 12:38:18 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.04.15 12:37:52 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.04.15 12:37:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.04.15 12:37:51 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.04.15 12:37:51 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.04.15 12:37:51 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.04.15 12:37:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.04.15 12:37:51 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.04.15 12:37:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.04.15 12:37:50 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.04.15 12:37:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.04.15 12:37:48 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.04.15 12:37:48 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.04.15 12:37:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.04.15 12:37:48 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.04.15 12:37:25 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011.04.15 12:37:25 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011.04.15 12:37:25 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011.04.15 12:37:25 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011.04.15 12:37:25 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011.04.15 12:37:25 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011.04.15 12:37:25 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011.04.15 12:37:16 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011.04.15 12:37:16 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011.04.15 12:37:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.04.15 12:37:14 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011.04.13 19:08:00 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2011.04.13 19:08:00 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2011.04.13 19:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011.04.13 19:07:23 | 000,000,000 | -H-D | C] -- C:\Users\Alex\Documents\Visual Studio 2010
[2011.04.13 19:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011.04.13 19:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2011.04.13 19:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2011.04.13 19:03:09 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2011.04.13 19:03:08 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 10.0
[2011.04.13 19:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2011.04.13 19:03:07 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Help Viewer
[2011.04.07 20:14:47 | 022,229,776 | -H-- | C] (DVDVideoSoft Limited.                                      ) -- C:\Users\Alex\Desktop\FreeYouTubeToMp3Converter.exe
[2011.03.26 01:44:48 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Roaming\FreeOrion
[2009.07.14 00:24:58 | 000,369,664 | -H-- | C] (Dritek System Inc.) -- C:\Users\Alex\AppData\Local\iduqadun.dll
[2009.07.14 00:24:58 | 000,097,280 | -H-- | C] (FileZilla Project) -- C:\Users\Alex\AppData\Local\psdrpami.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.19 21:43:53 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.19 21:43:53 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.19 21:34:18 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.19 21:33:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.19 21:33:40 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.19 21:29:02 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.19 21:19:49 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Alex\OTL.exe
[2011.04.19 21:17:23 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011.04.19 21:15:23 | 000,018,958 | -H-- | M] () -- C:\Users\Alex\Desktop\41759176_ronaldinho_al300.jpg
[2011.04.19 21:12:08 | 000,487,424 | -H-- | M] () -- C:\ProgramData\44490504.exe
[2011.04.19 20:51:02 | 000,000,000 | -H-- | M] () -- C:\Users\Alex\AppData\Local\Upuhep.bin
[2011.04.18 10:46:45 | 000,000,120 | -H-- | M] () -- C:\Users\Alex\AppData\Local\Aqaruqecuz.dat
[2011.04.18 10:45:03 | 000,569,344 | -H-- | M] (BitSprx) -- C:\ProgramData\PFmPbJoHGuT.exe
[2011.04.16 20:21:42 | 000,240,659 | ---- | M] () -- C:\test.xml
[2011.04.16 11:44:59 | 000,322,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.16 01:00:32 | 001,577,472 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.16 01:00:32 | 000,692,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.16 01:00:32 | 000,648,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.16 01:00:32 | 000,145,708 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.16 01:00:32 | 000,119,246 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.16 01:00:15 | 001,577,420 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.07 23:00:42 | 000,033,810 | -HS- | M] () -- C:\Users\Alex\Desktop\Folder.jpg
[2011.04.07 23:00:42 | 000,006,432 | -HS- | M] () -- C:\Users\Alex\Desktop\AlbumArtSmall.jpg
[2011.04.07 20:16:07 | 000,001,243 | -H-- | M] () -- C:\Users\Alex\Desktop\DVDVideoSoft Free Studio.lnk
[2011.04.07 20:15:36 | 000,001,402 | -H-- | M] () -- C:\Users\Alex\Desktop\Free YouTube to MP3 Converter.lnk
[2011.04.07 20:14:47 | 022,229,776 | -H-- | M] (DVDVideoSoft Limited.                                      ) -- C:\Users\Alex\Desktop\FreeYouTubeToMp3Converter.exe
[2011.03.27 20:27:08 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.03.27 00:23:56 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.19 21:15:33 | 000,018,958 | -H-- | C] () -- C:\Users\Alex\Desktop\41759176_ronaldinho_al300.jpg
[2011.04.19 21:12:08 | 000,487,424 | -H-- | C] () -- C:\ProgramData\44490504.exe
[2011.04.18 10:46:45 | 000,000,120 | -H-- | C] () -- C:\Users\Alex\AppData\Local\Aqaruqecuz.dat
[2011.04.18 10:46:45 | 000,000,000 | -H-- | C] () -- C:\Users\Alex\AppData\Local\Upuhep.bin
[2011.04.13 19:26:01 | 000,002,485 | -H-- | C] () -- C:\Users\Alex\Desktop\AlexanderSpitzer.cs
[2011.04.07 23:00:42 | 000,033,810 | -HS- | C] () -- C:\Users\Alex\Desktop\Folder.jpg
[2011.04.07 23:00:42 | 000,006,432 | -HS- | C] () -- C:\Users\Alex\Desktop\AlbumArtSmall.jpg
[2011.04.07 20:15:54 | 000,001,243 | -H-- | C] () -- C:\Users\Alex\Desktop\DVDVideoSoft Free Studio.lnk
[2011.03.27 00:23:56 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011.03.13 13:58:25 | 000,233,541 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011.02.01 21:07:24 | 001,577,472 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.12 18:30:23 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.10.12 18:30:22 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.10.12 18:30:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.10.12 18:30:21 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.10.12 18:30:20 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.10.12 18:30:13 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2010.10.12 18:30:13 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2010.10.12 18:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.04.01 00:39:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.03.18 15:54:38 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Auslogics
[2011.01.25 18:24:29 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.26 17:13:01 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\FreeOrion
[2011.04.19 19:36:25 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
[2011.04.19 19:36:25 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\SoftGrid Client
[2011.02.01 21:08:34 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\TP
[2011.03.22 20:23:00 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---




















OTL Logfile:
Code:
OTL Extras logfile created on: 19.04.2011 21:39:12 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Alex
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 44,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,93 Gb Total Space | 409,04 Gb Free Space | 89,91% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-VAIO | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10E14C74-0638-4996-ABAD-BBF7A6CF1FAA}" = PMB VAIO Edition plug-in (Click to Disc)
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{1E37FC84-799E-481B-9462-3489861E36C9}" = PMB VAIO Edition plug-in (Click to Disc)
"{202B76AB-1B21-434E-A289-788D767D3A7C}" = Media Gallery
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4DABD2B3-B67A-41B0-86FE-C11AAF5D158A}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5AC18E2C-7EAB-4F9E-BEEC-07FD722B28E3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{E0156F98-8990-09B0-FCEC-1914C3281283}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01BA7349-0270-8D01-279E-0960D158B9B0}" = Catalyst Control Center Graphics Full Existing
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play mit PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{09BF3083-B76F-B5A0-2446-CDCA707F5918}" = CCC Help Russian
"{0D0F662B-EBEA-4075-819E-74798AD42CDE}" = VAIO Care
"{0F73537E-25F5-81B7-7CD8-517083B1F48D}" = CCC Help Chinese Traditional
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{16E107BF-24A3-28A5-91C9-556A0AA4875D}" = CCC Help Italian
"{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20536917-E2DF-45D9-B41F-9AC0CAFFE48A}" = Media Gallery
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2105804E-14A1-1B5C-DF13-FB04C4059972}" = CCC Help Thai
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23CFDAC8-5CCE-1A02-581A-753B0A6BEEE1}" = CCC Help Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{275EA703-F9BD-0F41-F004-DB89011ED5A7}" = CCC Help Dutch
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B72AF5B-EC2D-25BD-2A38-5F3C0A727DA8}" = CCC Help Greek
"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3B887224-2336-0699-917A-B38B5B99A254}" = CCC Help French
"{3DB5EA77-4A14-4EC9-8BFC-73BC848BDE73}" = Media Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{4F527211-4FDF-76EA-61A5-91EE3161980B}" = Catalyst Control Center Core Implementation
"{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5D279843-4635-85CA-9201-3BD9E179E749}" = CCC Help Chinese Standard
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65B138AE-F636-4D4C-BA5D-A06E21E47C53}" = Remote-Tastatur mit PlayStation 3
"{6B4E92B0-6691-E4A1-A86B-6600BD6972D4}" = CCC Help Turkish
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{734B6C6C-4740-476F-BB0C-F7AF469EDBB2}" = Remote Play with PlayStation 3
"{74B81E20-730A-F440-FB01-C7B3716CB80A}" = Catalyst Control Center Graphics Previews Common
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{77F38281-1BAC-80B3-D99E-AE11CE3A0924}" = Catalyst Control Center Graphics Full New
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7D793D3E-C37E-4C1D-4ACF-D05878F5D480}" = CCC Help Japanese
"{7FC454AE-6857-215B-33FF-D50835C32EF9}" = CCC Help Danish
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F2DAC3B-E040-1B90-D882-EEF8033AA0A5}" = Catalyst Control Center Graphics Previews Vista
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{919FBC0E-93A3-445A-2055-BCB23AED1641}" = Catalyst Control Center Localization All
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A20548C1-4B08-C41D-A3A8-FE8C933C2A00}" = Catalyst Control Center InstallProxy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B19E486A-59E8-5585-CB2F-4DCB1B230368}" = CCC Help Czech
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus
"{B945DDC0-3213-4850-8B20-F2DA67FDFE9E}" = CCC Help Norwegian
"{BA1CA03B-8F13-12C6-BCE6-46C422B357AE}" = CCC Help German
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBF0B71F-F8F3-70FD-B558-7835894F40A5}" = CCC Help Portuguese
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CFB66DB0-00AC-4CBC-B99D-99EFEB03743C}" = PMB VAIO Edition plug-in (Click to Disc)
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4CE65B8-23C1-A51B-6739-AE6686DD6C6D}" = CCC Help Korean
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7F08B1C-A956-3A0A-E891-83173A2F73BA}" = Catalyst Control Center Graphics Light
"{D8FF4505-5977-4116-8DE4-2AF7174E70AC}" = Media Gallery
"{D9D30D77-E0E2-6B2F-3C7B-0D8C9A82C8DB}" = CCC Help English
"{DBE88A57-BD7B-E315-C07D-D203E514BB58}" = CCC Help Finnish
"{DD256151-9EAC-9D83-8D60-A475F092CF03}" = CCC Help Hungarian
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E163BB62-2840-4C55-9A8E-5C5B9E9FF86C}" = Armageddon
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F572C0E3-90D1-CC46-C163-4C4E50D3C220}" = ccc-core-static
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F93A233E-59A6-CBD2-68D3-4446D710EDA5}" = CCC Help Polish
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB33CE0D-D26D-86C3-9BD5-F58631EAE3C2}" = CCC Help Swedish
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBB4411F-1328-4E36-A5B3-16AA8CFA8F9C}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Chrome" = Google Chrome
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = VAIO - PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"MSC" = McAfee Internet Security
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"RiseOfNations Trial 1.0" = Microsoft Rise Of Nations Trial
"splashtop" = VAIO Quick Web Access
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"VAIO screensaver" = VAIO screensaver
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.04.2011 18:07:10 | Computer Name = Alex-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
 Zeitstempel: 0x4d0c3535  Name des fehlerhaften Moduls: Flash64_10_3_162.ocx, Version:
 10.3.162.28, Zeitstempel: 0x4cd9fabd  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000001c0ff1
ID
 des fehlerhaften Prozesses: 0x1984  Startzeit der fehlerhaften Anwendung: 0x01cbf16c6db3be0b
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_10_3_162.ocx
Berichtskennung:
 8da4361a-5d75-11e0-a07a-889ffaddd900
 
Error - 02.04.2011 18:07:27 | Computer Name = Alex-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
 Zeitstempel: 0x4d0c3535  Name des fehlerhaften Moduls: Flash64_10_3_162.ocx, Version:
 10.3.162.28, Zeitstempel: 0x4cd9fabd  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000001c0ff1
ID
 des fehlerhaften Prozesses: 0x1e94  Startzeit der fehlerhaften Anwendung: 0x01cbf18253c3f40e
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_10_3_162.ocx
Berichtskennung:
 9807f86c-5d75-11e0-a07a-889ffaddd900
 
Error - 02.04.2011 18:08:10 | Computer Name = Alex-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
 Zeitstempel: 0x4d0c3535  Name des fehlerhaften Moduls: Flash64_10_3_162.ocx, Version:
 10.3.162.28, Zeitstempel: 0x4cd9fabd  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000001c0ff1
ID
 des fehlerhaften Prozesses: 0x414  Startzeit der fehlerhaften Anwendung: 0x01cbf1826ee4a01e
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_10_3_162.ocx
Berichtskennung:
 b1df7dda-5d75-11e0-a07a-889ffaddd900
 
Error - 02.04.2011 18:08:27 | Computer Name = Alex-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
 Zeitstempel: 0x4d0c3535  Name des fehlerhaften Moduls: Flash64_10_3_162.ocx, Version:
 10.3.162.28, Zeitstempel: 0x4cd9fabd  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000001c0ff1
ID
 des fehlerhaften Prozesses: 0x1e00  Startzeit der fehlerhaften Anwendung: 0x01cbf182793ca274
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_10_3_162.ocx
Berichtskennung:
 bbfcc044-5d75-11e0-a07a-889ffaddd900
 
Error - 13.04.2011 14:18:17 | Computer Name = Alex-VAIO | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 13.04.2011 14:18:17 | Computer Name = Alex-VAIO | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 13.04.2011 19:30:18 | Computer Name = Alex-VAIO | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 14.04.2011 12:13:18 | Computer Name = Alex-VAIO | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: Die Serververbindung wurde aufgrund eines
 Fehlers beendet.  ErrorCode: 14007(0x36b7).
 
Error - 14.04.2011 19:30:28 | Computer Name = Alex-VAIO | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: Die Serververbindung wurde aufgrund eines
 Fehlers beendet.  ErrorCode: 14007(0x36b7).
 
Error - 16.04.2011 18:37:40 | Computer Name = Alex-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivX Plus Player.exe, Version: 10.2.1.20,
 Zeitstempel: 0x4cdc8b7a  Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.5.0.0,
 Zeitstempel: 0x49a6280b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000e1b16  ID des fehlerhaften
 Prozesses: 0x644  Startzeit der fehlerhaften Anwendung: 0x01cbfc86d8a71e66  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus
Player.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\DivX
 Shared\Qt4.5\QtCore4.dll  Berichtskennung: 22602804-687a-11e0-85f9-889ffaddd900
 
[ Media Center Events ]
Error - 14.01.2011 10:15:01 | Computer Name = Alex-VAIO | Source = MCUpdate | ID = 0
Description = 15:15:01 - Fehler beim Herstellen der Internetverbindung.  15:15:01
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 14.01.2011 12:56:43 | Computer Name = Alex-VAIO | Source = MCUpdate | ID = 0
Description = 17:56:43 - Fehler beim Herstellen der Internetverbindung.  17:56:43
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 14.01.2011 16:54:04 | Computer Name = Alex-VAIO | Source = MCUpdate | ID = 0
Description = 21:54:04 - Fehler beim Herstellen der Internetverbindung.  21:54:04
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 14.01.2011 17:54:09 | Computer Name = Alex-VAIO | Source = MCUpdate | ID = 0
Description = 22:54:09 - Fehler beim Herstellen der Internetverbindung.  22:54:09
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 15.01.2011 18:54:20 | Computer Name = Alex-VAIO | Source = MCUpdate | ID = 0
Description = 23:54:20 - Fehler beim Herstellen der Internetverbindung.  23:54:20
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 18.01.2011 15:22:46 | Computer Name = Alex-VAIO | Source = MCUpdate | ID = 0
Description = 20:22:46 - Fehler beim Herstellen der Internetverbindung.  20:22:46
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 21.01.2011 12:32:32 | Computer Name = Alex-VAIO | Source = MCUpdate | ID = 0
Description = 17:32:32 - Fehler beim Herstellen der Internetverbindung.  17:32:32
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 23.01.2011 13:13:15 | Computer Name = Alex-VAIO | Source = MCUpdate | ID = 0
Description = 18:13:15 - Fehler beim Herstellen der Internetverbindung.  18:13:15
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 03.04.2011 15:18:56 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7038
Description = Der Dienst "HPSLPSVC" konnte sich nicht als "NT AUTHORITY\SYSTEM"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%50    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 03.04.2011 15:18:56 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Network Devices Support" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1069
 
Error - 03.04.2011 15:18:56 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%50    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 03.04.2011 15:18:56 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1069
 
Error - 03.04.2011 15:18:56 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Enumeratordienst für tragbare Geräte" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1115
 
Error - 03.04.2011 15:18:56 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Computerbrowser" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1115
 
Error - 06.04.2011 13:15:36 | Computer Name = Alex-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?04.?2011 um 18:13:11 unerwartet heruntergefahren.
 
Error - 08.04.2011 19:24:20 | Computer Name = Alex-VAIO | Source = DCOM | ID = 10010
Description =
 
Error - 16.04.2011 15:24:01 | Computer Name = Alex-VAIO | Source = DCOM | ID = 10016
Description =
 
Error - 18.04.2011 04:49:12 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
 nicht richtig heruntergefahren werden.
 
 
< End of report >
--- --- ---

markusg 20.04.2011 10:56
sehe es mir an.

markusg 20.04.2011 11:10
• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
PRC - C:\ProgramData\PFmPbJoHGuT.exe (BitSprx)
O4 - HKCU..\Run: [Tjezesecoqafarip] C:\Users\Alex\AppData\Local\psdrpami.dll (FileZilla Project)
O4 - HKCU..\Run: [Stisaq] C:\Users\Alex\AppData\Local\iduqadun.dll (Dritek System Inc.)
O4 - HKCU..\Run: [PFmPbJoHGuT] C:\ProgramData\PFmPbJoHGuT.exe (BitSprx)
:Files
C:\ProgramData\PFmPbJoHGuT.exe
C:\Users\Alex\AppData\Local\psdrpami.dll
C:\Users\Alex\AppData\Local\iduqadun.dll
C:\ProgramData\44490504.exe
C:\Users\Alex\AppData\Local\Upuhep.bin
C:\Users\Alex\AppData\Local\Aqaruqecuz.dat
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

öffne computer, öffne D: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
das archiv nach anleitung hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html

kira 20.04.2011 11:22
Von mir gelöscht, Thema wurde schon beantwortet!
Cf

nasänder 20.04.2011 12:55
hier das OTL Textdokument:







All processes killed
========== OTL ==========
No active process named PFmPbJoHGuT.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Tjezesecoqafarip deleted successfully.
C:\Users\Alex\AppData\Local\psdrpami.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Stisaq deleted successfully.
C:\Users\Alex\AppData\Local\iduqadun.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PFmPbJoHGuT deleted successfully.
C:\ProgramData\PFmPbJoHGuT.exe moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\PFmPbJoHGuT.exe not found.
File\Folder C:\Users\Alex\AppData\Local\psdrpami.dll not found.
File\Folder C:\Users\Alex\AppData\Local\iduqadun.dll not found.
C:\ProgramData\44490504.exe moved successfully.
C:\Users\Alex\AppData\Local\Upuhep.bin moved successfully.
C:\Users\Alex\AppData\Local\Aqaruqecuz.dat moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Alex
->Flash cache emptied: 98929 bytes

User: All Users

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Alex
->Temp folder emptied: 166922125 bytes
->Temporary Internet Files folder emptied: 493167394 bytes
->Java cache emptied: 204223 bytes
->Google Chrome cache emptied: 6810778 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20165964 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50367 bytes
RecycleBin emptied: 2351391081 bytes

Total Files Cleaned = 2.898,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04202011_124007

Files\Folders moved on Reboot...
C:\Users\Alex\AppData\Local\Temp\9867.tmp moved successfully.
C:\Users\Alex\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Alex\AppData\Local\Temp\~DF0093C0E60617FB89.TMP not found!
File\Folder C:\Users\Alex\AppData\Local\Temp\~DF19B19922E248D13C.TMP not found!
File\Folder C:\Users\Alex\AppData\Local\Temp\~DF916318E84A73EA5F.TMP not found!
File\Folder C:\Users\Alex\AppData\Local\Temp\~DFA8D667FF49E9CB98.TMP not found!

Registry entries deleted on Reboot...

















movedfiles.rar hab ich hochgeladen.

markusg 20.04.2011 13:20
gut.
weiter gehts.
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

nasänder 20.04.2011 23:16
Hier das Malwarebytes Log:




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6406

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20.04.2011 23:11:46
mbam-log-2011-04-20 (23-11-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|Q:\|)
Durchsuchte Objekte: 314434
Laufzeit: 1 Stunde(n), 21 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Tjezesecoqafarip (Trojan.Agent.U) -> Value: Tjezesecoqafarip -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Stisaq (Trojan.Agent.U) -> Value: Stisaq -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Alex\AppData\Roaming\Adobe\plugs\kb3127383.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\04202011_124007\c_programdata\pfmpbjohgut.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\04202011_124007\C_Users\Alex\AppData\Local\psdrpami.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

markusg 21.04.2011 10:43
lade unhide.exe und führe es aus.
http://filepony.de/download-unhide/
dateien sollten nun alle sichtbar sein

nasänder 21.04.2011 13:07
Jawohl, alle Dateien sind sichtbar. Also waren sie davor auch schon, nur irgendwie durchsichtig :crazy:. Muss ich jetzt noch irgendwas machen?

nasänder 28.04.2011 23:14
Heute wurde auch noch der TR/Crypt.ZPACK.Gen von Antivir gefunden :(
Hast du auch hier eine Lösung für mich ??

markusg 29.04.2011 08:48
wo wurde was gefunden avira fundmeldung bitte posten

nasänder 29.04.2011 09:04
ANTIVIR
Objekt: iduqadun.dll Fund: TR/Podjot.A.290
O: 44490504.exe Fund: TR/Kazy.Mekml.1
O: tr700lqqcore.exe Fund: TR/Crypt.ZPACK.Gen



Hier ein Maylwarebytes Log mit 23 infizierten Datein:




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6467

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29.04.2011 09:56:04
mbam-log-2011-04-29 (09-55-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|Q:\|)
Durchsuchte Objekte: 307037
Laufzeit: 1 Stunde(n), 22 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 23

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Alex\AppData\Local\Temp\1DFC.tmp (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\err.log1254794 (Trojan.FakeAlert) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup1004886192.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup1122081132.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup1233519552.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup150378780.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup2165287600.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup2232913464.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup2241101932.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup2304534592.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup2581008892.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup2691066304.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup2794568888.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup3034211968.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup3669343784.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup3690624704.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup3744183448.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup3876947264.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup4028006300.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup4293272288.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup524091072.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup830991952.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Alex\AppData\Local\Temp\setup842726888.exe (Heuristics.Shuriken) -> No action taken.

nasänder 29.04.2011 09:23
jetzt, da ich die Funde von MB entfernt habe und keine Alarmierungen mehr auftauchen, habe ich den starken Verdacht das lag an dem TrojanFakeAlert:stirn:
Aber trotzdem vielen vielen Dank für die Hilfe va. bei meinem Problem mit dem TR/Kazy :party:

markusg 29.04.2011 10:06
machst du onlinebanking einkäufe oder sonst was wichtiges mit dem pc?

nasänder 29.04.2011 12:58
Nein, nichts übermäßig wichtiges, aber sollte ich mir Sorgen machen?


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:18 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131