| |
| |||||||
Log-Analyse und Auswertung: Schwarzer Bildschirm bei win7 start mit Feld "Bezahlen und runterladen"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.01.2012, 22:31
| #1 |
| |  Schwarzer Bildschirm bei win7 start mit Feld "Bezahlen und runterladen" Hallo, jetzt hat's mich auch erwischt. Ich surfe heute abend im Internet und clicke auf einen Link, dann ein Bildschirm mit Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. Durch das Besuchen von Seiten mit infizierten und pornografischen Inhalten ist das Computersystem an eine kritische Grenze angekommen....usw. und ein Feld "Bezahlen und runterladen" Ich habe den Rechner mit Ctrl-Alt-Del runtergefahren (was anderes ging nicht, sehe ja nichts). Beim Neustart als gleicher User war der schwarze Bildschirm mit der Warnung und der "Bezahlen"-Aufforderung nach ca. 1-2sec Pause wieder da. Ich habe da natürlich nicht draufgeklickt. Dann habe ich mich als Admin angemeldet und konnte dann ins Netz und euren Anweisungen folgen. Bitte, bitte helft mir möglichst bald. Ohne Rechner bin ich aufgeschmissen  habe Defogger ausgeführt und OTL.exe (hier habe ich noch scanne alle user angekreuzt, da ich ja Admin bin und der Bildschirm bei anderem "normalem" user auftrat) hier OTL.txt : OTL logfile created on: 10.01.2012 21:57:02 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 60,89% Memory free 7,98 Gb Paging File | 5,85 Gb Available in Paging File | 73,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,53 Gb Total Space | 28,60 Gb Free Space | 48,04% Space Free | Partition Type: NTFS Drive D: | 833,85 Gb Total Space | 564,05 Gb Free Space | 67,64% Space Free | Partition Type: NTFS Drive F: | 9,77 Gb Total Space | 4,22 Gb Free Space | 43,18% Space Free | Partition Type: NTFS Drive G: | 218,74 Mb Total Space | 218,71 Mb Free Space | 99,99% Space Free | Partition Type: FAT32 Drive H: | 48,98 Gb Total Space | 46,06 Gb Free Space | 94,03% Space Free | Partition Type: NTFS Drive I: | 20,21 Gb Total Space | 5,08 Gb Free Space | 25,14% Space Free | Partition Type: NTFS Drive J: | 20,28 Gb Total Space | 3,70 Gb Free Space | 18,26% Space Free | Partition Type: FAT32 Drive K: | 30,20 Gb Total Space | 29,60 Gb Free Space | 98,00% Space Free | Partition Type: NTFS Drive L: | 11,74 Gb Total Space | 11,40 Gb Free Space | 97,10% Space Free | Partition Type: NTFS Drive M: | 1003,77 Mb Total Space | 942,19 Mb Free Space | 93,87% Space Free | Partition Type: FAT Drive N: | 1,27 Gb Total Space | 0,88 Gb Free Space | 69,71% Space Free | Partition Type: FAT32 Drive S: | 1,87 Gb Total Space | 0,40 Gb Free Space | 21,65% Space Free | Partition Type: FAT Drive Z: | 97,66 Gb Total Space | 90,64 Gb Free Space | 92,81% Space Free | Partition Type: NTFS Computer Name: GIANT | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.10 21:11:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.12.16 12:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- D:\Apps\Convert Tools\PDF24\pdf24.exe PRC - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2011.12.13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2011.12.12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Desor\AppData\Local\Akamai\netsession_win.exe PRC - [2011.12.12 20:57:51 | 001,064,960 | ---- | M] () -- C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe PRC - [2011.08.30 17:42:15 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2011.08.07 13:06:34 | 000,132,608 | ---- | M] (Marx Softwareentwicklung - www.software4u.de) -- D:\Apps\Ipod Tools\iPhone Explorer2\Software4u.IPELauncher.exe PRC - [2011.08.03 14:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- D:\Apps\Homenet\TightVNC2.0.4\tvnserver.exe PRC - [2011.06.29 12:35:33 | 000,269,480 | ---- | M] (Avira GmbH) -- D:\Apps\SecurityTools\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.03 10:15:13 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2011.05.24 22:18:08 | 000,395,344 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011.05.24 22:17:06 | 005,587,608 | ---- | M] (Acronis) -- D:\Apps\BackupTools\True Image Home 2011\TrueImageMonitor.exe PRC - [2011.05.10 17:57:28 | 002,570,688 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe PRC - [2011.04.28 17:54:48 | 000,136,360 | ---- | M] (Avira GmbH) -- D:\Apps\SecurityTools\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- D:\Apps\MediaTools\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- D:\Apps\MediaTools\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.02.25 07:19:30 | 000,107,520 | ---- | M] (Xiph.Org) -- C:\Users\Desor\AppData\Roaming\Microsoft\dllhsts.exe PRC - [2010.11.03 18:25:19 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Apps\SecurityTools\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.06.28 22:39:02 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- D:\Apps\MediaTools\MP3Tools\Winamp558\winampa.exe PRC - [2010.06.25 06:21:46 | 003,768,832 | ---- | M] (H.D.S. Hungary) -- D:\Apps\HardwareTools\Hard Disk Sentinel\HDSentinel.exe PRC - [2010.05.14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.08.21 08:27:24 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe PRC - [2009.08.14 15:51:52 | 001,708,032 | ---- | M] (D-Link Corp.) -- D:\Apps\HardwareTools\D-Link\DWL-G122_DWA-110\AirGCFG.exe PRC - [2009.07.07 19:10:14 | 000,151,552 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe PRC - [2009.06.17 12:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- D:\Apps\VirtualTools\VirtualCloneDrive\VCDDaemon.exe PRC - [2009.06.04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.02.23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- D:\Apps\VirtualTools\MagicDisc\MagicDisc.exe PRC - [2008.10.28 13:01:02 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- D:\Apps\VideoTools\Total Media\TMMonitor.exe PRC - [2008.08.28 10:35:04 | 003,180,544 | ---- | M] () -- C:\Program Files (x86)\Hama\USB Multifunction Server\Control Center.exe PRC - [2006.11.03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7311\Monitor.exe PRC - [2004.06.03 16:30:34 | 000,631,808 | ---- | M] (Rob Decker) -- D:\Apps\BackupTools\EZBackitup\EZBkuptray.exe PRC - [2003.03.02 11:02:02 | 000,446,464 | ---- | M] ( ) -- D:\Apps\MenuTools\PowerPro\powerpro.exe PRC - [2001.02.19 16:51:32 | 000,192,512 | ---- | M] (Ziff-Davis Media, Inc.) -- D:\Apps\InterfaceTools\NetPerSec\NetPerSec.exe ========== Modules (No Company Name) ========== MOD - [2011.12.12 20:57:51 | 001,064,960 | ---- | M] () -- C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe MOD - [2011.09.10 10:01:26 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll MOD - [2011.09.10 10:01:21 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll MOD - [2011.09.10 10:01:04 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll MOD - [2011.09.10 10:00:59 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll MOD - [2011.09.10 10:00:53 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll MOD - [2011.08.30 17:42:15 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2011.08.07 13:06:32 | 000,211,968 | ---- | M] () -- D:\Apps\Ipod Tools\iPhone Explorer2\Software4u.IPhoneLib.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.05.24 22:16:26 | 011,204,288 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll MOD - [2009.07.07 17:50:04 | 000,258,048 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll MOD - [2009.06.01 13:23:24 | 000,315,392 | ---- | M] () -- D:\Apps\HardwareTools\D-Link\DWL-G122_DWA-110\ANIOApi.dll MOD - [2009.06.01 13:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll MOD - [2008.11.26 15:59:32 | 000,131,584 | ---- | M] () -- D:\Apps\VideoTools\Total Media\AbilisWinUsb.dll MOD - [2008.10.22 15:01:00 | 000,200,704 | ---- | M] () -- D:\Apps\VideoTools\Total Media\VendorCmdRW.dll MOD - [2008.08.28 10:35:04 | 003,180,544 | ---- | M] () -- C:\Program Files (x86)\Hama\USB Multifunction Server\Control Center.exe MOD - [2007.04.19 08:33:00 | 000,035,584 | ---- | M] () -- D:\Apps\VideoTools\Total Media\uPiApi.dll MOD - [2003.03.02 11:02:02 | 000,071,680 | ---- | M] () -- D:\Apps\MenuTools\PowerPro\PPro.Dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.05.27 17:59:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2011.12.13 22:27:47 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai) SRV - [2011.08.03 14:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- D:\Apps\Homenet\TightVNC2.0.4\tvnserver.exe -- (tvnserver) SRV - [2011.06.29 12:35:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Apps\SecurityTools\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.03 10:15:13 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011.05.24 22:19:48 | 001,114,280 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.04.28 17:54:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Apps\SecurityTools\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- D:\Apps\MediaTools\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.02.27 18:26:00 | 004,010,312 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2010.07.16 16:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- D:\Apps\Homenet\Samsung_PC_Share_Manager\WiselinkPro.exe -- (AllShare) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.07.14 02:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp) SRV - [2009.07.07 19:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.01.10 18:24:46 | 000,005,632 | ---- | M] (Logix4u) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\hwinterfacex64.sys -- (hwinterfacex64) DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.10.19 17:44:28 | 000,395,520 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF9035BDA.sys -- (AF9035BDA) DRV:64bit: - [2011.06.29 12:35:33 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.29 12:35:33 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.06.03 10:15:14 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2011.06.03 10:15:08 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) DRV:64bit: - [2011.06.03 10:15:06 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2011.06.03 10:15:04 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.07.13 13:33:42 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2010.07.13 13:33:36 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP) DRV:64bit: - [2010.07.13 13:33:36 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap) DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010.06.25 14:32:34 | 000,144,656 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2010.05.27 18:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.05.27 17:25:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.05.07 14:53:24 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.05.06 10:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.03.12 17:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl) DRV:64bit: - [2009.12.22 02:01:24 | 000,215,040 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA) DRV:64bit: - [2009.12.22 02:01:06 | 000,007,552 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA) DRV:64bit: - [2009.12.22 02:00:58 | 000,007,040 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emScan64.sys -- (ScanUSBEMPIA) DRV:64bit: - [2009.12.17 23:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009.09.16 23:03:24 | 000,034,304 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio) DRV:64bit: - [2009.09.02 09:45:38 | 000,254,464 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6) DRV:64bit: - [2009.08.09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.07.18 06:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.10 04:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.06.10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.22 15:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.06 17:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf) DRV:64bit: - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV:64bit: - [2009.01.16 10:49:40 | 000,645,152 | ---- | M] (TechnoTrend GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ttBudget2_amd64.sys -- (ttBudget2_NTAMD64) TechnoTrend BDA/DVB (BDA) DRV:64bit: - [2006.11.08 08:59:36 | 000,602,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PA707UCM.SYS -- (PAC7311) DRV - [2010.09.03 10:01:14 | 000,019,572 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\FNETDEVI.SYS -- (FNETDEVI) DRV - [2010.07.09 11:19:04 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- D:\Apps\SystemTools\PC Wizard 2010\pcwiz_x64.sys -- (cpuz134) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) DRV - [2004.12.30 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) DRV - [1999.08.26 09:02:00 | 000,216,304 | ---- | M] (Adaptec) [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\udfreadr.sys -- (UdfReadr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2230905493-2917029861-2900934860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2230905493-2917029861-2900934860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2230905493-2917029861-2900934860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2230905493-2917029861-2900934860-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2230905493-2917029861-2900934860-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2230905493-2917029861-2900934860-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C 3E F2 9E 2A 29 CC 01 [binary data] IE - HKU\S-1-5-21-2230905493-2917029861-2900934860-500\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-2230905493-2917029861-2900934860-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2230905493-2917029861-2900934860-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Apps\MediaTools\PDF XChange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Apps\MediaTools\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Apps\MediaTools\PDF XChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN) FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPGameWebStarter: C:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Apps\Internet\FireFox\components [2012.01.08 13:52:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Apps\Internet\FireFox\plugins [2011.11.10 07:42:40 | 000,000,000 | ---D | M] [2010.08.22 17:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2011.12.16 13:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\xdj3vqj5.default\extensions ========== Chrome ========== O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] D:\Apps\SecurityTools\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Control Center] C:\Program Files (x86)\Hama\USB Multifunction Server\Control Center.exe () O4 - HKLM..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] D:\Apps\HardwareTools\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDFPrint] D:\Apps\Convert Tools\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Apps\BackupTools\True Image Home 2011\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [tvncontrol] D:\Apps\Homenet\TightVNC2.0.4\tvnserver.exe (GlavSoft LLC.) O4 - HKLM..\Run: [VirtualCloneDrive] D:\Apps\VirtualTools\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [WinampAgent] D:\Apps\MediaTools\MP3Tools\Winamp558\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [WZCSLDR2] D:\Apps\HardwareTools\D-Link\DWL-G122_DWA-110\WZCSLDR2.exe File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2230905493-2917029861-2900934860-1000..\Run: [{B36A51B7-968E-11DF-96FE-806E6F6E6963}] C:\Users\Desor\AppData\Roaming\Microsoft\dllhsts.exe (Xiph.Org) O4 - HKU\S-1-5-21-2230905493-2917029861-2900934860-1000..\Run: [Akamai NetSession Interface] C:\Users\Desor\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-21-2230905493-2917029861-2900934860-1000..\Run: [EZBack-it-up Tray Scheduler] D:\Apps\BackupTools\EZBackitup\EZBkuptray.exe (Rob Decker) O4 - HKU\S-1-5-21-2230905493-2917029861-2900934860-1000..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-21-2230905493-2917029861-2900934860-1000..\Run: [TomTomHOME.exe] D:\Apps\MediaTools\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-21-2230905493-2917029861-2900934860-500..\Run: [iPhone Explorer Launcher] D:\Apps\Ipod Tools\iPhone Explorer2\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de) O4 - HKU\S-1-5-21-2230905493-2917029861-2900934860-500..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) O4 - HKU\S-1-5-21-2230905493-2917029861-2900934860-500..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-2230905493-2917029861-2900934860-500..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-21-2230905493-2917029861-2900934860-500..\Run: [TomTomHOME.exe] D:\Apps\MediaTools\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-21-2230905493-2917029861-2900934860-500..\Run: [TVPlanet] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = D:\Apps\VirtualTools\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\powerpro - Verknüpfung.lnk = D:\Apps\MenuTools\PowerPro\powerpro.exe ( ) O4 - Startup: C:\Users\Desor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDSentinel.exe - Verknüpfung.lnk = D:\Apps\HardwareTools\Hard Disk Sentinel\HDSentinel.exe (H.D.S. Hungary) O4 - Startup: C:\Users\Desor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPerSec.exe - Verknüpfung.lnk = D:\Apps\InterfaceTools\NetPerSec\NetPerSec.exe (Ziff-Davis Media, Inc.) O4 - Startup: C:\Users\Desor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\powerpro.exe - Verknüpfung.lnk = D:\Apps\MenuTools\PowerPro\powerpro.exe ( ) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKU\S-1-5-21-2230905493-2917029861-2900934860-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33882BBB-80AA-4275-AE15-1254C291B35C}: NameServer = 192.168.0.99,208.67.222.220,62.109.123.197 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E4978F5-780A-47BA-B669-79DF30BEB909}: NameServer = 192.168.0.99,194.25.2.129,62.225.253.9 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9637B8B-88DB-452B-9D0C-86C714A7C73E}: NameServer = 192.168.0.99 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.12.11 16:47:51 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.09.01 18:08:46 | 000,000,359 | ---- | M] () - M:\AUTOEXEC.BAT -- [ FAT ] O32 - AutoRun File - [2004.11.30 22:49:42 | 000,000,157 | ---- | M] () - N:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.10 21:55:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2012.01.10 21:01:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2012.01.10 21:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.10 21:01:23 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.01.10 21:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.01.10 21:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.10 20:39:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Avira [2012.01.02 23:07:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ArcSoft [2012.01.01 16:25:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PixiePack Codec Pack [2012.01.01 16:24:39 | 000,046,112 | ---- | C] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\tbhsd.sys [2012.01.01 16:23:29 | 000,037,480 | ---- | C] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\rrnetcap.sys [2012.01.01 16:04:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.01.01 15:08:08 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\Windows\SysNative\CamCodec.dll [2011.12.16 13:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2011.12.16 13:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2011.12.16 13:15:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2011.12.16 13:15:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar [2011.12.16 13:14:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\pdfforge [2011.12.16 13:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2011.12.12 23:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon [2011.12.12 23:05:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Vindictus EU [2011.12.12 23:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon [2011.12.12 23:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1 [2011.12.12 23:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU [2011.12.12 20:57:10 | 000,000,000 | ---D | C] -- C:\Nexon [2011.12.12 20:57:09 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2011.12.12 11:47:16 | 000,230,920 | ---- | C] (WEBZEN, INC.) -- C:\Windows\SysWow64\EPWZCmnCtrl.dll [2011.12.12 11:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBZEN [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.10 21:53:58 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\defogger_reenable [2012.01.10 21:51:41 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.10 21:51:41 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.10 21:50:59 | 001,644,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.10 21:50:59 | 000,707,908 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.10 21:50:59 | 000,661,504 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.10 21:50:59 | 000,153,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.10 21:50:59 | 000,125,590 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.10 21:44:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.10 21:44:20 | 3214,184,448 | -HS- | M] () -- C:\hiberfil.sys [2012.01.10 21:11:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2012.01.10 18:24:46 | 000,005,632 | ---- | M] (Logix4u) -- C:\Windows\SysNative\drivers\hwinterfacex64.sys [2012.01.08 11:17:01 | 000,001,304 | ---- | M] () -- C:\Users\Administrator\Desktop\AVS4YOU Software Navigator.lnk [2012.01.01 16:47:21 | 000,277,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.01.01 15:57:07 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk [2011.12.16 14:17:23 | 000,000,758 | ---- | M] () -- C:\Users\Public\Desktop\Banking.lnk [2011.12.16 13:31:37 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2011.12.12 23:03:41 | 000,000,183 | ---- | M] () -- C:\Users\Public\Desktop\Vindictus EU.url [2011.12.12 20:57:10 | 000,000,235 | ---- | M] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2011.12.12 20:57:09 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.10 21:53:58 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\defogger_reenable [2012.01.01 15:57:07 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\aTube Catcher.lnk [2011.12.16 13:31:37 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2011.12.16 13:14:39 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll [2011.12.12 23:03:41 | 000,000,183 | ---- | C] () -- C:\Users\Public\Desktop\Vindictus EU.url [2011.12.12 20:57:10 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2011.08.31 07:09:44 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat [2011.08.26 19:36:57 | 001,607,018 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.26 18:14:55 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat [2011.06.22 13:59:48 | 002,093,106 | ---- | C] () -- C:\Windows\select.exe [2011.06.22 13:59:48 | 000,127,038 | ---- | C] () -- C:\Windows\Clement.exe [2011.06.22 13:59:48 | 000,036,864 | ---- | C] () -- C:\Windows\JPGL.DLL [2011.06.22 13:59:48 | 000,036,864 | ---- | C] () -- C:\Windows\CleanDev.exe [2011.06.22 13:59:48 | 000,032,768 | ---- | C] () -- C:\Windows\DIV_IYUV.DLL [2011.06.22 13:59:48 | 000,000,321 | ---- | C] () -- C:\Windows\DC2110a.ini [2011.06.12 19:21:34 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2011.05.31 07:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011.05.31 07:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.02.18 19:01:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\myAVR_WorkpadPLUS_Demo.cfg [2010.09.14 17:46:37 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\imgproc.dll [2010.09.08 17:28:47 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll [2010.09.08 17:28:47 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll [2010.09.03 15:26:44 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2010.08.22 17:27:14 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2010.08.22 17:16:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.08.14 11:44:18 | 000,290,904 | ---- | C] () -- C:\Windows\SysWow64\vc6-re200l.dll [2010.07.28 17:22:36 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ANIWConnService.exe [2010.07.28 17:22:27 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\wlanapp.dll [2010.07.28 17:22:27 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\aIPH.dll [2010.07.28 17:22:27 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AQCKGen.dll [2010.07.28 17:22:27 | 000,045,115 | ---- | C] () -- C:\Windows\SysWow64\ANICtl.dll [2010.07.28 17:22:16 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\ANIOApi.dll [2010.07.28 17:22:04 | 000,733,184 | ---- | C] () -- C:\Windows\SysWow64\ANIOWPS.dll [2010.07.28 17:22:04 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe [2010.07.28 17:22:04 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\ANIWPS.exe [2010.07.28 17:20:27 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\rt73.bin [2010.07.24 16:03:51 | 000,000,590 | ---- | C] () -- C:\Windows\videoimp.ini [2010.07.24 16:03:49 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2010.07.24 16:03:43 | 000,000,021 | ---- | C] () -- C:\Windows\VI_setup.ini [2010.07.24 13:50:10 | 000,002,430 | ---- | C] () -- C:\Windows\unvpeye.ini [2010.07.24 13:01:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.07.16 11:07:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.07.16 10:50:29 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.07.16 10:50:22 | 000,028,331 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2010.04.29 16:37:26 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2006.10.27 12:52:34 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP7311.ini [2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2002.05.28 02:52:36 | 000,106,496 | ---- | C] () -- C:\Windows\japi.dll [2001.06.24 10:32:44 | 000,172,032 | ---- | C] () -- C:\Windows\japi2.dll ========== LOP Check ========== [2010.10.30 14:43:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acronis [2011.10.04 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CadSoft [2010.09.03 15:45:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CocoonSoftware [2011.07.26 18:14:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DonationCoder [2011.06.03 10:15:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EDF76FB5-8129-4832-848A-728B777DC9B9 [2011.02.12 18:26:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo [2011.08.07 13:08:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gmpc [2011.01.05 23:14:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mirkes.de [2011.12.16 13:14:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\pdfforge [2011.06.12 19:21:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Shark007 [2011.08.09 18:52:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Software4u [2010.08.20 13:07:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\T-Online [2010.08.22 18:13:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wireshark [2011.10.04 18:20:15 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\CadSoft [2011.12.16 14:00:27 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\calibre [2010.09.04 13:23:41 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\CocoonSoftware [2011.04.07 20:08:55 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\FileZilla [2011.12.14 21:20:18 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\FreeFileSync [2010.10.30 16:09:12 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\GeoVid [2011.01.08 10:53:48 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\GlcdFontCreator [2011.08.08 20:15:14 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\gmpc [2011.08.12 21:09:33 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\gtk-2.0 [2011.04.19 19:37:55 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\IcoFX [2010.07.31 09:30:49 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\ImgBurn [2011.01.05 23:36:04 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\mirkes.de [2010.12.19 18:49:05 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\MP3 Joiner Splitter [2011.06.17 18:00:24 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\MP3 Splitter [2011.12.20 18:40:38 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\Mp3tag [2010.09.08 18:28:11 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\NCH Swift Sound [2011.08.09 18:54:06 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\Software4u [2011.08.06 17:55:35 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\SqueezePlay [2010.09.07 17:05:20 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\streamripper [2010.08.01 09:13:25 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\T-Online [2011.08.07 09:09:51 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\TagScanner [2011.09.05 17:16:47 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\TightVNC [2011.09.26 09:18:25 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\TomTom [2011.02.12 18:40:47 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\WindSolutions [2011.08.09 21:38:07 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\Wireshark [2011.02.09 18:39:36 | 000,000,000 | ---D | M] -- C:\Users\Desor\AppData\Roaming\Ximagic [2010.10.30 13:33:56 | 000,000,000 | ---D | M] -- C:\Users\Sensei\AppData\Roaming\Acronis [2011.06.15 14:36:47 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.08.17 17:34:38 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.07.16 11:04:59 | 000,000,000 | ---D | M] -- C:\ATI [2010.07.23 19:48:47 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.07.16 10:41:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.07.16 10:50:58 | 000,000,000 | ---D | M] -- C:\Intel [2011.12.12 20:57:10 | 000,000,000 | ---D | M] -- C:\Nexon [2011.06.14 19:30:55 | 000,000,000 | ---D | M] -- C:\NST [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.11.10 07:41:19 | 000,000,000 | R--D | M] -- C:\Program Files [2012.01.10 21:01:23 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.01.10 21:01:23 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.07.16 10:41:54 | 000,000,000 | -HSD | M] -- C:\Programme [2010.07.16 10:54:07 | 000,000,000 | ---D | M] -- C:\RaidTool [2010.07.16 10:41:54 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.06.15 00:23:24 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2012.01.10 21:58:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.08.17 17:34:35 | 000,000,000 | R--D | M] -- C:\Users [2011.12.14 20:59:22 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:39413AC3 < End of report > und hier Extra.txt : OTL Extras logfile created on: 10.01.2012 21:57:02 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 60,89% Memory free 7,98 Gb Paging File | 5,85 Gb Available in Paging File | 73,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,53 Gb Total Space | 28,60 Gb Free Space | 48,04% Space Free | Partition Type: NTFS Drive D: | 833,85 Gb Total Space | 564,05 Gb Free Space | 67,64% Space Free | Partition Type: NTFS Drive F: | 9,77 Gb Total Space | 4,22 Gb Free Space | 43,18% Space Free | Partition Type: NTFS Drive G: | 218,74 Mb Total Space | 218,71 Mb Free Space | 99,99% Space Free | Partition Type: FAT32 Drive H: | 48,98 Gb Total Space | 46,06 Gb Free Space | 94,03% Space Free | Partition Type: NTFS Drive I: | 20,21 Gb Total Space | 5,08 Gb Free Space | 25,14% Space Free | Partition Type: NTFS Drive J: | 20,28 Gb Total Space | 3,70 Gb Free Space | 18,26% Space Free | Partition Type: FAT32 Drive K: | 30,20 Gb Total Space | 29,60 Gb Free Space | 98,00% Space Free | Partition Type: NTFS Drive L: | 11,74 Gb Total Space | 11,40 Gb Free Space | 97,10% Space Free | Partition Type: NTFS Drive M: | 1003,77 Mb Total Space | 942,19 Mb Free Space | 93,87% Space Free | Partition Type: FAT Drive N: | 1,27 Gb Total Space | 0,88 Gb Free Space | 69,71% Space Free | Partition Type: FAT32 Drive S: | 1,87 Gb Total Space | 0,40 Gb Free Space | 21,65% Space Free | Partition Type: FAT Drive Z: | 97,66 Gb Total Space | 90,64 Gb Free Space | 92,81% Space Free | Partition Type: NTFS Computer Name: GIANT | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2230905493-2917029861-2900934860-1000\SOFTWARE\Classes\<extension>] .html [@ = Notepad++_file] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-2230905493-2917029861-2900934860-500\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Apps\Internet\FireFox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Apps\MediaTools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Apps\MediaTools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "D:\Apps\MediaTools\MP3Tools\Winamp558\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "D:\Apps\MediaTools\MP3Tools\Winamp558\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Apps\MediaTools\MP3Tools\Winamp558\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Apps\MediaTools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Apps\MediaTools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "D:\Apps\MediaTools\MP3Tools\Winamp558\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "D:\Apps\MediaTools\MP3Tools\Winamp558\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Apps\MediaTools\MP3Tools\Winamp558\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder "{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{30C92F6B-0104-44EA-901B-0CD7C9D51A1F}" = PDF-XChange Viewer "{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU "{4B55F339-396E-29A9-B6D0-24B6D251C90A}" = AMD Drag and Drop Transcoding "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4FBB2E98-1A3B-396A-A662-73E17009C076}" = ATI Catalyst Install Manager "{57019733-78E6-43DE-8E6D-55349F0FDE6F}" = inSSIDer 2.0 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes "{AB048BF4-6AD7-450B-9538-0DF2C9229840}" = Oracle VM VirtualBox 3.2.6 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU "{D7C307E7-96A7-4BEE-ACF8-D795007E7C16}" = 64 Bit HP CIO Components Installer "{ED066E02-C49A-D5D9-7ACD-1014EB7571D1}" = ccc-utility64 "{EF5948BA-589D-4BE7-B993-C45DC1A77E24}" = MobileMe Control Panel "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "FileMenu Tools_is1" = FileMenu Tools "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "ProgDVB" = ProgDVB "TeamSpeak 3 Client" = TeamSpeak 3 Client "x64 Components_is1" = x64 Components v2.9.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{00277C92-28A4-4A4F-828C-3C7C15732E9E}" = Banking "{0082631F-BEA0-4346-8BBC-E9054300E73D}" = PC VGA Camera "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener "{0355F566-7DD0-42E7-A409-CE8EED1DC8BE}_is1" = RFM02_Eva V1.0.4 "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011 "{09B790E3-21E3-4D1A-8130-AAA9227C9785}_is1" = SqueezePlay 7.5.0 "{0C439E7E-DE2B-4AC0-8BEB-DAD70FAE2918}" = AvrTools "{1104E2E0-9378-455d-9E0E-6235A4E52DB0}_is1" = ArchLord "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{1296CAF3-F007-4813-A95F-AD153F978DF1}" = AVRStudio4 "{14F84065-1316-42C6-B619-1FE1880050E0}" = Xirrus Wi-Fi Inspector "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{26ED1160-22B1-4b19-8C21-42A1BACAAF75}" = pdfforge Toolbar v4.9 "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager "{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "{2CE77981-14DE-4773-8106-27C9C964720C}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools - DEU "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{42146C53-4D93-46EF-A221-734B08978E1B}" = calibre "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service "{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types "{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools "{5F753314-628E-4C13-B8AE-BFA7FD514CBE}" = D-Link Wireless G DWL-G122_DWA-110 "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher "{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{638AA518-6A32-33CC-B88F-BCD20B2DCF2E}" = Microsoft Visual Web Developer 2010 Express - DEU "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5 "{78CE3033-D786-4F5A-8975-115B49CE1AD8}" = Tunebite USB "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2 "{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8B681A3B-C924-23F9-AAD0-9FB1715C763A}" = Catalyst Control Center InstallProxy "{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95723791-2C44-454B-9220-C65D47D70E9C}" = WEBZEN Browser Extension "{96ED9087-7A6A-22A9-135F-901AF77474AC}" = ccc-core-static "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{998C9435-DAF8-4BDF-B9A5-F844B01D524C}_is1" = TCPEye 1.0 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack "{A9FC434F-9950-487C-82F1-E1515FA70DA4}" = ArcSoft ShowBiz DVD 2 "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C6E6B1D1-EC88-7270-3819-AA924908CFDA}" = Catalyst Control Center Graphics Previews Vista "{C7027BD9-C90F-79C7-8CFF-8F32E2806631}" = CCC Help English "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC399A03-4695-432E-AE6E-BB450DDE5248}_is1" = mirkes.de Tiny Hexer "{CFB75739-90E3-4D26-83B5-25CA8262A991}" = USB Video/Audio Device Driver "{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D1D2EDA6-949E-4D96-A174-E67E2AA6200F}" = Hama USB Multifunction Server "{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4 "{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU "{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial "{ED10343F-D30A-4200-9B00-665FC45F52B4}" = ArcSoft VideoImpression 1.6 "{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition) "{F8365857-3233-E29E-65C6-6C0AB4F99622}" = Catalyst Control Center Graphics Previews Common "{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.03.05.8039 "Adaptec DirectCD Reader" = Adaptec DirectCD Reader "Adsen Image Grab_is1" = Adsen Image Grab "Akamai" = Akamai NetSession Interface Service "Album Art Downloader XUI" = Album Art Downloader XUI 0.41 "Areca" = Areca "ARGO" = ARGO Online "aTube Catcher" = aTube Catcher "AutoGK" = Auto Gordian Knot 2.55 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AviSynth" = AviSynth 2.5 "AVS Media Player_is1" = AVS Media Player 4.1.2.65 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS Video Editor 4_is1" = AVS Video Editor 4 "AVS Video Recorder_is1" = AVS Video Recorder 2.4 "AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8 "BandiMPEG1" = Bandisoft MPEG-1 Decoder "CamStudio" = CamStudio "ChickVideoConverter_is1" = Chick Video Converter "DiffDaff_is1" = DiffDaff Version 1.0 "DVD Flick_is1" = DVD Flick 1.3.0.7 "EAGLE 5.11.0" = EAGLE 5.11.0 "EasyBCD" = EasyBCD 2.0 "F87A61F2-76B1-4D8B-BBE5-C23086BF8E95_is1" = MP3 Splitter 5.2.1 "FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer "FEMM_is1" = femm 4.2 01Oct2011 "FileZilla Client" = FileZilla Client 3.4.0 "flip.exe" = Flip 3.4.2 "FormatFactory" = FormatFactory 2.60 "Free Online TV Player_is1" = Free Online TV Player "FreeFileSync" = FreeFileSync v4.4 "Game Cam" = Game Cam 2.54.0.47 "gmpc" = Gnome Music Player Client "Hard Disk Sentinel_is1" = Hard Disk Sentinel PRO "IcoFX_is1" = IcoFX 1.6.4 "ImgBurn" = ImgBurn "InstallShield_{0082631F-BEA0-4346-8BBC-E9054300E73D}" = PC VGA Camera "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "IPCam Admin Utility_is1" = IPCam Admin v3.0.17 "IPCam Surveillance Software_is1" = IPCam Surveillance Software 3.0.2.5 "Kernel EML Viewer_is1" = Kernel EML Viewer ver 10.09.01 "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800 "MD Adressbuch 2011_is1" = MD Adressbuch 2011 "MEDUSA4_PERSONAL_V5_0_1" = MEDUSA4 PERSONAL V5.0.1 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU "Microsoft Visual Web Developer 2010 Express - DEU" = Microsoft Visual Web Developer 2010 Express - DEU "Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de) "Notepad++" = Notepad++ "PC Wizard 2010_is1" = PC Wizard 2010.1.96 "PolyRaster" = PolyRaster "Streamripper" = Streamripper (Remove only) "Syntext Serna Free 4.3.0_is1" = Syntext Serna Free 4.3.0 "TagScanner_is1" = TagScanner 5.1.598 "TightVNC" = TightVNC 2.0.4 "TomTom HOME" = TomTom HOME 2.8.2.2264 "TUGZip_is1" = TUGZip 3.5 "URLSnooper 2_is1" = URL Snooper v2.29.01 "Vindictus EU" = Vindictus EU "VirtualCloneDrive" = VirtualCloneDrive "VirtualDub Filter Pack_is1" = VirtualDub Filter Pack 1.1 "VLC media player" = VLC media player 1.1.11 "VobSub" = VobSub v2.23 (Remove Only) "Winamp" = Winamp "WinAVI Video Capture_is1" = WinAVI Video Capture 2.0 "WinAVR-20100110" = WinAVR 20100110 (remove only) "WinPcapInst" = WinPcap 4.1.2 "winscp3_is1" = WinSCP 4.2.8 "Wireshark" = Wireshark 1.2.10 "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2230905493-2917029861-2900934860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich. "GoldenVideos" = Golden Videos "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2230905493-2917029861-2900934860-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "NCsoft-AionPTS" = AionPTS "QUICKMEDIACONVERTER" = QMC "Winamp Detect" = Winamp Detector Plug-in ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > gmer habe ich wegen win7-64bit weggelassen. Bevor ich Defogger und OTL hab laufen lassen, hatte ich noch MalBytesWare installiert und über C: und teilweise D: laufen lassen, auch zwei infizierte Objekte gefunden und gelöscht, aber das war etwas andes und hat nichts gebracht. Danke schon mal! Rainer |
|
10.01.2012, 22:51
| #2 |
| |  Schwarzer Bildschirm bei win7 start mit Feld "Bezahlen und runterladen" P.S.
__________________Sorry, hatte im Hintergrund noch einige Programme laufen, habe ich leider erst später gemerkt. Soll ich den Scan noch mal machen? Rainer |
|
11.01.2012, 12:03
| #3 |
| /// Malware-holic   | Schwarzer Bildschirm bei win7 start mit Feld "Bezahlen und runterladen" hi
__________________starte mal neu, drücke f8, wähle abgesicherter modus mit netzwerk, da kannst du erst mal in ruhe arbeiten. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKU\S-1-5-21-2230905493-2917029861-2900934860-1000..\Run: [{B36A51B7-968E-11DF-96FE-806E6F6E6963}] C:\Users\Desor\AppData\Roaming\Microsoft\dllhsts.exe
(Xiph.Org)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
:Files
C:\Users\Desor\AppData\Roaming\Microsoft\dllhsts.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch http://www.trojaner-board.de/54791-a...ner-board.html öffne malwarebytes, logdateien, poste alle berichte
__________________ |
|
11.01.2012, 12:32
| #4 |
| | Schwarzer Bildschirm bei win7 start mit Feld "Bezahlen und runterladen" Danke schon mal Markusg. Kann ich aber leider erst heute abend weitermachen. Vielleicht kannst du mir noch kurz mitteilen, ob dieser Schädling auf C:\ begrenzt ist und bleibt und ob ich weiter mit dem Rechner im Admin Account arbeiten kann, ohne etwas zu verschlechtern. Rainer |
|
11.01.2012, 15:28
| #5 |
| /// Malware-holic | Schwarzer Bildschirm bei win7 start mit Feld "Bezahlen und runterladen" kannst du, ich sehe bisher nichts gefährliches.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2012, 18:59
| #6 |
| | Schwarzer Bildschirm bei win7 start mit Feld "Bezahlen und runterladen" Hallo Markusg, hat soweit alles geklappt, komme wieder in den "befallenen" Account. Ich wollte die Log-Dateien hochladen und es stand da auch Datei1, Datei2, Datei3 empfangen, aber darunter stand Fehler, die Dateien konnten nicht hochgeladen werden. Jetzt weiß ich nicht was stimmt. Sag mir ob ich es nochmal versuchen soll. An den Logs ist mir jedoch nichts problematisches mehr aufgefallen, bis auf : Folders Detected: 1 C:\Program Files (x86)\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot. von MalwareByte und das habe ich hoffe ich durch reboot gelöscht :-) Ich werde nochmal einen Fullscan mit Malwarebytes durchführen. Sollen ich dabei auch die anderen Festplatten scannen oder nur C:\ ? Mit den anderen könnte es Stunden dauern. Jetzt schon mal ein Lob : tolles Forum und super Support : schnell und kompetent! Vielen Dank! |
|
11.01.2012, 19:31
| #7 |
| /// Malware-holic | Schwarzer Bildschirm bei win7 start mit Feld "Bezahlen und runterladen" 1. keine logs im upload channel hochladen sondern hier im forum. 2. upload hat nicht geklappt, aber in moved files ist eh nichts drinn, also poste die kompletten Malwarebytes logs hier.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2012, 20:15
| #8 |
| | Schwarzer Bildschirm bei win7 start mit Feld "Bezahlen und runterladen" Hier die Logs : Code:
ATTFilter 2012/01/11 07:37:46 +0100 GIANT Administrator MESSAGE Starting protection
2012/01/11 07:37:47 +0100 GIANT Administrator MESSAGE Protection started successfully
2012/01/11 07:37:50 +0100 GIANT Administrator MESSAGE Starting IP protection
2012/01/11 07:37:51 +0100 GIANT Administrator MESSAGE IP Protection started successfully
2012/01/11 07:39:05 +0100 GIANT Administrator MESSAGE Executing scheduled update: Daily
2012/01/11 07:39:11 +0100 GIANT Administrator MESSAGE Starting database refresh
2012/01/11 07:39:11 +0100 GIANT Administrator MESSAGE Scheduled update executed successfully: database updated from version v2012.01.10.05 to version v2012.01.11.03
2012/01/11 07:39:11 +0100 GIANT Administrator MESSAGE Stopping IP protection
2012/01/11 07:39:43 +0100 GIANT Administrator MESSAGE IP Protection stopped
2012/01/11 07:39:44 +0100 GIANT Administrator MESSAGE Database refreshed successfully
2012/01/11 07:39:44 +0100 GIANT Administrator MESSAGE Starting IP protection
2012/01/11 07:39:45 +0100 GIANT Administrator MESSAGE IP Protection started successfully
2012/01/11 07:42:03 +0100 GIANT Administrator DETECTION C:\Users\XX\AppData\Roaming\Microsoft\dllhsts.exe Backdoor.Agent QUARANTINE
2012/01/11 07:42:04 +0100 GIANT Administrator DETECTION c:\users\XX\appdata\roaming\microsoft\dllhsts.exe Backdoor.Agent DENY
2012/01/11 07:42:44 +0100 GIANT Administrator DETECTION c:\users\XX\appdata\roaming\microsoft\dllhsts.exe Backdoor.Agent DENY
2012/01/11 07:43:29 +0100 GIANT Administrator DETECTION c:\users\XX\appdata\roaming\microsoft\dllhsts.exe Backdoor.Agent DENY
2012/01/11 07:43:35 +0100 GIANT Administrator DETECTION c:\users\XX\appdata\roaming\microsoft\dllhsts.exe Backdoor.Agent DENY
2012/01/11 08:35:39 +0100 GIANT Administrator MESSAGE Stopping IP protection
2012/01/11 08:36:08 +0100 GIANT Administrator MESSAGE IP Protection stopped
2012/01/11 18:15:40 +0100 GIANT XX MESSAGE Starting protection
2012/01/11 18:15:41 +0100 GIANT XX MESSAGE Protection started successfully
2012/01/11 18:15:44 +0100 GIANT XX MESSAGE Starting IP protection
2012/01/11 18:15:45 +0100 GIANT XX MESSAGE IP Protection started successfully
2012/01/11 18:30:00 +0100 GIANT XX MESSAGE Starting protection
2012/01/11 18:30:02 +0100 GIANT XX MESSAGE Protection started successfully
2012/01/11 18:30:05 +0100 GIANT XX MESSAGE Starting IP protection
2012/01/11 18:30:05 +0100 GIANT XX MESSAGE IP Protection started successfully
2012/01/11 20:01:25 +0100 GIANT XX MESSAGE Starting protection
2012/01/11 20:01:26 +0100 GIANT XX MESSAGE Protection started successfully
2012/01/11 20:01:29 +0100 GIANT XX MESSAGE Starting IP protection
2012/01/11 20:01:30 +0100 GIANT XX MESSAGE IP Protection started successfully
Code:
ATTFilter 2012/01/10 21:02:02 +0100 GIANT Administrator MESSAGE Executing scheduled update: Daily
2012/01/10 21:02:02 +0100 GIANT Administrator MESSAGE Starting protection
2012/01/10 21:02:03 +0100 GIANT Administrator MESSAGE Database already up-to-date
2012/01/10 21:02:04 +0100 GIANT Administrator MESSAGE Protection started successfully
2012/01/10 21:02:07 +0100 GIANT Administrator MESSAGE Starting IP protection
2012/01/10 21:02:07 +0100 GIANT Administrator MESSAGE IP Protection started successfully
2012/01/10 21:46:39 +0100 GIANT XX MESSAGE Starting protection
2012/01/10 21:46:40 +0100 GIANT XX MESSAGE Protection started successfully
2012/01/10 21:46:43 +0100 GIANT XX MESSAGE Starting IP protection
2012/01/10 21:46:44 +0100 GIANT XX MESSAGE IP Protection started successfully
2012/01/10 22:40:42 +0100 GIANT Administrator MESSAGE Stopping IP protection
2012/01/10 22:41:14 +0100 GIANT Administrator MESSAGE IP Protection stopped
2012/01/10 23:18:54 +0100 GIANT Administrator DETECTION C:\Users\XX\AppData\Roaming\Microsoft\dllhsts.exe Backdoor.Agent ALLOW
Code:
ATTFilter Malwarebytes Anti-Malware (Trial) 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.11.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 XX :: GIANT [limited] Protection: Enabled 11.01.2012 19:06:25 mbam-log-2012-01-11 (19-06-25).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 538679 Time elapsed: 47 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Program Files (x86)\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot. Files Detected: 2 I:\backup_data\Data_on_D\Second_mydaten_on_Data(I)\D\Data\Daten\projects\Scheibengenerator\WindCalculator.exe (Spyware.Passwords) -> Quarantined and deleted successfully. J:\Programme\JoWooD\Gothic II\System\gothic2.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end) Code:
ATTFilter Malwarebytes Anti-Malware (Trial) 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.11.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 XX :: GIANT [limited] Protection: Enabled 11.01.2012 18:21:21 mbam-log-2012-01-11 (18-21-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 175762 Time elapsed: 1 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Program Files (x86)\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot. Files Detected: 0 (No malicious items detected) (end) |
|
11.01.2012, 20:38
| #9 |
| | Schwarzer Bildschirm bei win7 start mit Feld "Bezahlen und runterladen" Hmm...RelevantKnowledge (Spyware.MarketScore) werde ich durch reboot wohl nicht los : Malwarebytes Anti-Malware (Trial) 1.60.0.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Database version: v2012.01.11.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 XX :: GIANT [limited] Protection: Enabled 11.01.2012 20:35:44 mbam-log-2012-01-11 (20-35-44).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 175680 Time elapsed: 1 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Program Files (x86)\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot. Files Detected: 0 (No malicious items detected) (end) Was kann ich tun? Danke |
|
11.01.2012, 20:52
| #10 |
| /// Malware-holic | Schwarzer Bildschirm bei win7 start mit Feld "Bezahlen und runterladen" updaten, und mal nen vollständigen scan, nach neustart, bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.01.2012, 18:50
| #11 |
| | Schwarzer Bildschirm bei win7 start mit Feld "Bezahlen und runterladen" Hi, hier das malwarebyte log von heute : Malwarebytes Anti-Malware (Test) 1.60.0.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.01.12.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Administrator :: GIANT [Administrator] Schutz: Deaktiviert 12.01.2012 18:07:13 mbam-log-2012-01-12 (18-07-13).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 485525 Laufzeit: 37 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Der infected folder "RelevantKnowledge" ist weg, weil ich ihn per Hand gelöscht habe. Er war sowieso leer. MalwareByte hat es nicht gemacht denke, weil es, wenn es sich selbst startet, wenn man in einem normalen user account bootet, keine Adminrechte hat. Dummerweise startet es sich automatisch nach Installation per default und ich habe nicht darauf geachtet es erst zu beenden und als Admin neu zu starten. Soll ich lieber Antivir deinstallieren und dafür sowas wie AVAST installieren? Danke nochmal für die Hilfe! |
|
12.01.2012, 18:52
| #12 |
| /// Malware-holic | Schwarzer Bildschirm bei win7 start mit Feld "Bezahlen und runterladen" ok lade den CCleaner standard: CCleaner Download - CCleaner 3.14.1616 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Schwarzer Bildschirm bei win7 start mit Feld "Bezahlen und runterladen" |
| 7-zip, achtung, akamai, alternate, antivir, application/pdf, application/pdf:, avira, bezahlen und runterladen, bho, bildschirm, bonjour, converter, downloader, error, firefox, flash player, home, install.exe, internet, langs, logfile, mp3, pando media booster, pdfforge toolbar, plug-in, realtek, registry, required, scan, schwarze bildschirm, schwarzer, schwarzer bildschirm, security, shark, software, teamspeak, tracker, usb, vdeck.exe, version=1.0, video converter, virtualbox, visual studio, warnung, webcheck, win7-64bit, wurde ihr |
Linear-Darstellung
