| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.FakeAlert entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.09.2010, 12:10
| #1 |
| |  Trojan.FakeAlert entfernen Hallo zusammen habe folgendes problem und zwar hab ich mit Malwarebytes einen Qick scan gemacht und da festgestellt das ich einen trojaner habe was ich auch so gemerkt habe da andauernd vom Internet explorer meldungen kamen das z.B. Google geschlossen werden muss wegen gefährlichen viren oder so. Aufjedenfall bekomme ich den Trojaner nicht gelöscht oder in Quarantäne deswegen wäre es echt nett wenn sich hier einer die mühe machen würde mir zu helfen diesen scheiß Trojaner zu löschen. |
|
09.09.2010, 12:12
| #2 |
| /// Malware-holic   | Trojan.FakeAlert entfernen 1. poste das Malwarebytes log, zu finden unter logdateien.
__________________2. ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide |
|
09.09.2010, 12:47
| #3 |
| | Trojan.FakeAlert entfernen Ja da gibt es nur ein Problem der wird nicht immer angezeigt aber ich schick dir mal nen älteren Mailwarebytes Log
__________________Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4172 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 22.08.2010 21:00:36 mbam-log-2010-08-22 (21-00-36).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 142102 Laufzeit: 7 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{64nx6v33-4606-g4ws-85ew-7drcjmy285ni} (Generic.Bot.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\System32\install\sv_chost.exe (Generic.Bot.H) -> Quarantined and deleted successfully. |
|
09.09.2010, 12:56
| #4 |
| | Trojan.FakeAlert entfernen was ich vielleicht noch erwähnen sollte ist das andauernd im Task-Manager sich Internet Explorer Prozesse Öffnen und man auch abundzu Klick geräusche hört. Und am Wochenende wurde im meinVZ eine rundmail von meinen namen aus geschrieben wurde wo auf ein angebliches neues foto von mir hingewiesen wurde mit einen Link dabei und wenn ich drauf klicke zeigt mein virenprogramm an Infizierte/gefährliche Seite |
|
09.09.2010, 13:17
| #5 |
| | Trojan.FakeAlert entfernen Hier der aktuelle Log ging wieder Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4172 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 09.09.2010 14:04:09 mbam-log-2010-09-09 (14-04-09).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 141948 Laufzeit: 6 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) OTL.TxtOTL Logfile: Code:
ATTFilter OTL logfile created on: 9/9/2010 2:06:38 PM - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\patrick\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free 6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 240.54 Gb Total Space | 76.11 Gb Free Space | 31.64% Space Free | Partition Type: NTFS Drive D: | 42.45 Gb Total Space | 42.36 Gb Free Space | 99.79% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: POLDY Current User Name: patrick Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\patrick\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\patrick\AppData\Local\Temp\Gj1.exe (ApexDC++ Development Team) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\srvany.exe () PRC - C:\Windows\KMService.exe () PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Program Files\QIP\qip.exe (The Author of QIP) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Windows\System32\Rezip.exe () PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\patrick\Desktop\OTL.exe (OldTimer Tools) MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (KMService) -- C:\Windows\System32\srvany.exe () SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (Rezip) -- C:\Windows\System32\Rezip.exe () SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV - (AgereSoftModem) -- C:\windows\System32\DRIVERS\AGRSM.sys File not found DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys () DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (SABI) -- C:\Windows\System32\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = QIP.RU: ?????, ?????, ???????, ??????????, ??????, ???? ? ??????????? IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = QIP: ????? ? ????????? IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = QIP: ????? ? ????????? IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = QIP: ????? ? ????????? IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\patrick\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "QIP Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1 FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:1.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4 FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/07/03 20:00:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/17 22:47:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/24 19:26:57 | 000,000,000 | ---D | M] [2010/06/06 14:55:43 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\mozilla\Extensions [2010/09/09 12:33:40 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\mozilla\Firefox\Profiles\4is1d6up.default\extensions [2010/06/06 15:02:56 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\patrick\AppData\Roaming\mozilla\Firefox\Profiles\4is1d6up.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89} [2010/08/27 14:01:12 | 000,000,000 | ---D | M] (Destroy the Web) -- C:\Users\patrick\AppData\Roaming\mozilla\Firefox\Profiles\4is1d6up.default\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532} [2010/08/16 14:28:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\patrick\AppData\Roaming\mozilla\Firefox\Profiles\4is1d6up.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/08/04 10:02:49 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\patrick\AppData\Roaming\mozilla\Firefox\Profiles\4is1d6up.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} [2010/08/19 14:06:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\patrick\AppData\Roaming\mozilla\Firefox\Profiles\4is1d6up.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/08/01 17:09:18 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\patrick\AppData\Roaming\mozilla\Firefox\Profiles\4is1d6up.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010/08/29 18:00:12 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\mozilla\Firefox\Profiles\4is1d6up.default\extensions\vshare@toolbar [2010/08/29 18:00:21 | 000,001,583 | ---- | M] () -- C:\Users\patrick\AppData\Roaming\Mozilla\FireFox\Profiles\4is1d6up.default\searchplugins\web-search.xml [2010/09/09 12:33:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/08/19 14:12:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/06/28 16:35:43 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010/06/28 16:35:43 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010/06/28 16:35:43 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010/06/28 16:35:43 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010/06/28 16:35:43 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010/09/09 12:25:08 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\mskapbho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\patrick\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000..\Run: [XBV6RD5SZF] C:\Users\patrick\AppData\Local\Temp\Gj1.exe (ApexDC++ Development Team) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\windows\system32\install\sv_chost.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\windows\system32\install\sv_chost.exe File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\windows\System32\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ac2a5ec8-72d8-11df-839d-0024541354f5}\Shell - "" = AutoRun O33 - MountPoints2\{ac2a5ec8-72d8-11df-839d-0024541354f5}\Shell\AutoRun\command - "" = F:\SaboteurLauncher.exe -- File not found O33 - MountPoints2\{ebe7d070-7c58-11df-a92d-0024541354f5}\Shell - "" = AutoRun O33 - MountPoints2\{ebe7d070-7c58-11df-a92d-0024541354f5}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found O33 - MountPoints2\{ebe7d070-7c58-11df-a92d-0024541354f5}\Shell\setup\command - "" = G:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/09/09 13:29:23 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\patrick\Desktop\OTL.exe [2010/09/01 19:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Serials World [2010/09/01 19:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2010/09/01 19:13:21 | 000,000,000 | ---D | C] -- C:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP [2010/08/24 23:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010/08/23 22:00:07 | 000,000,000 | ---D | C] -- C:\Users\patrick\AppData\Roaming\dvdcss [2010/08/22 13:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper [2010/08/22 13:29:51 | 000,000,000 | ---D | C] -- C:\Users\patrick\dwhelper [2010/08/20 14:51:45 | 000,000,000 | ---D | C] -- C:\Users\patrick\AppData\Local\Apple Computer [2010/08/19 14:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/08/19 14:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/08/19 14:12:47 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll [2010/08/19 14:12:47 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe [2010/08/19 14:12:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe [2010/08/19 14:12:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe [2010/08/19 14:07:45 | 000,000,000 | ---D | C] -- C:\windows\Sun [2010/08/18 21:49:44 | 000,000,000 | ---D | C] -- C:\Users\patrick\Documents\Trials 2 [2010/08/18 21:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL [2010/08/18 21:46:43 | 000,000,000 | ---D | C] -- C:\Users\patrick\AppData\Local\Redlynx [2010/08/18 21:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\RedLynx [2010/08/18 21:45:22 | 000,000,000 | ---D | C] -- C:\windows\System32\install [2010/08/17 22:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/08/17 22:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010/08/13 11:31:58 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\ir32_32.dll [2010/08/13 11:31:58 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll [2010/08/13 11:31:57 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rtutils.dll [2010/08/13 11:31:55 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2010/08/13 11:31:55 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2010/08/13 11:31:53 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll [2010/08/13 11:31:53 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2010/08/13 11:31:53 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2010/08/13 11:31:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2010/08/13 11:31:53 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2010/08/13 11:31:53 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2010/08/13 11:31:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe [2010/08/13 11:31:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2010/08/13 11:31:49 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2010/08/11 13:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010/08/11 13:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010/08/11 13:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/09/09 14:07:15 | 001,572,864 | -HS- | M] () -- C:\Users\patrick\NTUSER.DAT [2010/09/09 14:06:34 | 000,019,965 | ---- | M] () -- C:\windows\System32\Config.MPF [2010/09/09 13:50:25 | 000,000,294 | -H-- | M] () -- C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010/09/09 13:29:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\patrick\Desktop\OTL.exe [2010/09/09 12:28:59 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/09/09 12:28:59 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/09/09 12:21:32 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2010/09/09 12:21:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010/09/09 12:21:26 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys [2010/09/08 23:24:10 | 005,875,805 | -H-- | M] () -- C:\Users\patrick\AppData\Local\IconCache.db [2010/09/08 18:15:42 | 019,657,194 | ---- | M] () -- C:\Users\patrick\Documents\vlc-1.1.4-win32.exe [2010/08/26 15:18:08 | 001,674,388 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI [2010/08/26 15:18:08 | 000,714,040 | ---- | M] () -- C:\windows\System32\perfh007.dat [2010/08/26 15:18:08 | 000,665,620 | ---- | M] () -- C:\windows\System32\perfh009.dat [2010/08/26 15:18:08 | 000,154,376 | ---- | M] () -- C:\windows\System32\perfc007.dat [2010/08/26 15:18:08 | 000,124,754 | ---- | M] () -- C:\windows\System32\perfc009.dat [2010/08/23 00:08:06 | 000,059,555 | -H-- | M] () -- C:\Users\patrick\AppData\Roaming\patricklog.dat [2010/08/13 20:32:24 | 000,420,728 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/09/08 18:12:57 | 019,657,194 | ---- | C] () -- C:\Users\patrick\Documents\vlc-1.1.4-win32.exe [2010/08/22 11:08:37 | 000,000,294 | -H-- | C] () -- C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010/08/06 22:41:45 | 000,000,133 | ---- | C] () -- C:\Users\patrick\AppData\Roaming\default.rss [2010/07/10 15:02:35 | 000,004,767 | ---- | C] () -- C:\windows\Irremote.ini [2010/06/07 18:28:53 | 000,697,328 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys [2009/11/07 14:08:53 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2009/11/07 13:54:34 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/09/28 09:22:00 | 000,315,392 | ---- | C] () -- C:\windows\System32\drivers\yk62x86.sys [2009/09/17 00:05:01 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2009/09/17 00:04:01 | 000,000,110 | ---- | C] () -- C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log [2009/09/17 00:03:23 | 000,000,106 | ---- | C] () -- C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log [2009/09/17 00:01:06 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log [2009/09/17 00:00:04 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2009/09/16 23:59:39 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2005/04/08 04:16:43 | 000,059,555 | -H-- | C] () -- C:\Users\patrick\AppData\Roaming\patricklog.dat ========== LOP Check ========== [2010/06/30 20:12:33 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Atari [2010/06/07 18:45:39 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\DAEMON Tools Lite [2010/06/07 18:54:09 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\DAEMON Tools Pro [2010/06/12 14:02:19 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\TeamViewer [2010/06/08 00:09:36 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\TubeBox [2009/09/17 00:44:50 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job [2010/07/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job [2009/07/14 06:53:46 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/09/09 13:50:25 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job ========== Purity Check ========== < End of report > Extras.TxtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 9/9/2010 2:06:38 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\patrick\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 240.54 Gb Total Space | 76.11 Gb Free Space | 31.64% Space Free | Partition Type: NTFS
Drive D: | 42.45 Gb Total Space | 42.36 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: POLDY
Current User Name: patrick
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UACDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20AB57C7-FED7-4394-8166-A409DEA20253}" = TubeBox!
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = Saboteur™
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{b29df88e-9808-4f60-b884-60fcfd23d7be}" = Nero 9
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CE8F2625-8404-43AD-9D1E-969C0CA08431}" = Serials World 3.2.10.040
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"DivX Setup.divx.com" = DivX-Setup
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"JDownloader" = JDownloader
"Just Cause 2_is1" = Just Cause 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSC" = McAfee SecurityCenter
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Sniper Ghost Warrior Deutsch Patch 1.0" = Sniper Ghost Warrior Deutsch Patch 1.0
"Sniper Ghost Warrior_is1" = Sniper Ghost Warrior
"Steamless Counter Strike Source Pack" = Steamless Counter Strike Source Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/11/2010 4:01:47 PM | Computer Name = POLDY | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe brauchte
länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet. Thread-ID:
4612 (0x1204) Thread-Adresse: 0x76FC64F4 Thread-Nachricht: Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\PROGRAM FILES\SFT LOADER
2009 FINAL\leecher.exe by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 8/12/2010 10:07:16 AM | Computer Name = POLDY | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 8/12/2010 10:07:55 AM | Computer Name = POLDY | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 8/12/2010 10:12:42 AM | Computer Name = POLDY | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 8/12/2010 10:12:43 AM | Computer Name = POLDY | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 8/12/2010 10:14:46 AM | Computer Name = POLDY | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe brauchte
länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet. Thread-ID:
4776 (0x12a8) Thread-Adresse: 0x76F164F4 Thread-Nachricht: Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Program Files\DivX\DivX
Plus Player\DivX Plus Player.exe by C:\windows\system32\rundll32.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 8/13/2010 10:09:53 AM | Computer Name = POLDY | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe brauchte
länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet. Thread-ID:
3684 (0xe64) Thread-Adresse: 0x77D864F4 Thread-Nachricht: Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\windows\WinSxS\Temp\PendingRenames\c6fda6fdf03acb0110000000740a900c.x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16617_none_b9178597fb9fc5bd_win32k.sys_0d7a6fb3
by C:\windows\servicing\TrustedInstaller.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)
7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 8/13/2010 10:12:57 AM | Computer Name = POLDY | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe brauchte
länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet. Thread-ID:
1656 (0x678) Thread-Adresse: 0x77D864F4 Thread-Nachricht: Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Program Files\TeamViewer\Version5\uninstall.exe
by C:\windows\system32\MRT.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 8/13/2010 10:12:57 AM | Computer Name = POLDY | Source = McLogEvent | ID = 5019
Description = Ausnahme in McShield.Exe! Ausnahme-Details folgen: VSCORE.14.0.0.433
Exception
Code : 0XC0000005 Exception Address : 0X00408486 Exception Parameters :
2 Param 1 = 0X00000001 Param 2 = 0X00000014 More information : ScanRequest : NTName
is \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll.
ScanRequest
: NTName is \Device\HarddiskVolume3\Windows\System32\dot3api.dll.
Error - 8/13/2010 10:15:39 AM | Computer Name = POLDY | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe brauchte
länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet. Thread-ID:
5256 (0x1488) Thread-Adresse: 0x77D864F4 Thread-Nachricht: Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\windows\WinSxS\Temp\PendingRenames\a0a232ccf13acb0192010000740a900c.x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92_tcpip.sys_3339bd51
by C:\windows\servicing\TrustedInstaller.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)
7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
[ System Events ]
Error - 8/24/2010 12:18:50 PM | Computer Name = POLDY | Source = Service Control Manager | ID = 7034
Description = Dienst "McAfee Real-time Scanner" wurde unerwartet beendet. Dies ist
bereits 3 Mal passiert.
Error - 8/25/2010 12:56:48 PM | Computer Name = POLDY | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee Real-time Scanner" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 8/25/2010 1:12:25 PM | Computer Name = POLDY | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee Real-time Scanner" wurde unerwartet beendet. Dies
ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 8/25/2010 2:15:31 PM | Computer Name = POLDY | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst wuauserv erreicht.
Error - 8/25/2010 2:15:55 PM | Computer Name = POLDY | Source = DCOM | ID = 10010
Description =
Error - 8/25/2010 2:16:01 PM | Computer Name = POLDY | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst iphlpsvc erreicht.
Error - 8/25/2010 2:16:04 PM | Computer Name = POLDY | Source = Service Control Manager | ID = 7034
Description = Dienst "McAfee Real-time Scanner" wurde unerwartet beendet. Dies ist
bereits 3 Mal passiert.
Error - 8/26/2010 9:45:49 AM | Computer Name = POLDY | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee Real-time Scanner" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 8/26/2010 9:49:08 AM | Computer Name = POLDY | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee Real-time Scanner" wurde unerwartet beendet. Dies
ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 8/26/2010 9:53:40 AM | Computer Name = POLDY | Source = Service Control Manager | ID = 7034
Description = Dienst "McAfee Real-time Scanner" wurde unerwartet beendet. Dies ist
bereits 3 Mal passiert.
< End of report >
|
|
09.09.2010, 13:20
| #6 |
| | Trojan.FakeAlert entfernen Hier der aktuelle Log ging wieder Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4172 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 09.09.2010 14:04:09 mbam-log-2010-09-09 (14-04-09).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 141948 Laufzeit: 6 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) OTL.TxtOTL Logfile: Code:
ATTFilter OTL logfile created on: 9/9/2010 2:06:38 PM - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\patrick\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free 6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 240.54 Gb Total Space | 76.11 Gb Free Space | 31.64% Space Free | Partition Type: NTFS Drive D: | 42.45 Gb Total Space | 42.36 Gb Free Space | 99.79% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: POLDY Current User Name: patrick Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\patrick\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\patrick\AppData\Local\Temp\Gj1.exe (ApexDC++ Development Team) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\srvany.exe () PRC - C:\Windows\KMService.exe () PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Program Files\QIP\qip.exe (The Author of QIP) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Windows\System32\Rezip.exe () PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\patrick\Desktop\OTL.exe (OldTimer Tools) MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (KMService) -- C:\Windows\System32\srvany.exe () SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (Rezip) -- C:\Windows\System32\Rezip.exe () SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV - (AgereSoftModem) -- C:\windows\System32\DRIVERS\AGRSM.sys File not found DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys () DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (SABI) -- C:\Windows\System32\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = QIP.RU: ?????, ?????, ???????, ??????????, ??????, ???? ? ??????????? IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = QIP: ????? ? ????????? IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = QIP: ????? ? ????????? IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = QIP: ????? ? ????????? IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\patrick\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "QIP Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1 FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:1.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4 FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/07/03 20:00:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/17 22:47:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/24 19:26:57 | 000,000,000 | ---D | M] [2010/06/06 14:55:43 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\mozilla\Extensions [2010/09/09 12:33:40 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\mozilla\Firefox\Profiles\4is1d6up.default\extensions [2010/06/06 15:02:56 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\patrick\AppData\Roaming\mozilla\Firefox\Profiles\4is1d6up.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89} [2010/08/27 14:01:12 | 000,000,000 | ---D | M] (Destroy the Web) -- C:\Users\patrick\AppData\Roaming\mozilla\Firefox\Profiles\4is1d6up.default\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532} [2010/08/16 14:28:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\patrick\AppData\Roaming\mozilla\Firefox\Profiles\4is1d6up.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/08/04 10:02:49 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\patrick\AppData\Roaming\mozilla\Firefox\Profiles\4is1d6up.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} [2010/08/19 14:06:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\patrick\AppData\Roaming\mozilla\Firefox\Profiles\4is1d6up.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/08/01 17:09:18 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\patrick\AppData\Roaming\mozilla\Firefox\Profiles\4is1d6up.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010/08/29 18:00:12 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\mozilla\Firefox\Profiles\4is1d6up.default\extensions\vshare@toolbar [2010/08/29 18:00:21 | 000,001,583 | ---- | M] () -- C:\Users\patrick\AppData\Roaming\Mozilla\FireFox\Profiles\4is1d6up.default\searchplugins\web-search.xml [2010/09/09 12:33:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/08/19 14:12:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/06/28 16:35:43 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010/06/28 16:35:43 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010/06/28 16:35:43 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010/06/28 16:35:43 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010/06/28 16:35:43 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010/09/09 12:25:08 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\mskapbho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\patrick\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000..\Run: [XBV6RD5SZF] C:\Users\patrick\AppData\Local\Temp\Gj1.exe (ApexDC++ Development Team) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\windows\system32\install\sv_chost.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\windows\system32\install\sv_chost.exe File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\windows\System32\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ac2a5ec8-72d8-11df-839d-0024541354f5}\Shell - "" = AutoRun O33 - MountPoints2\{ac2a5ec8-72d8-11df-839d-0024541354f5}\Shell\AutoRun\command - "" = F:\SaboteurLauncher.exe -- File not found O33 - MountPoints2\{ebe7d070-7c58-11df-a92d-0024541354f5}\Shell - "" = AutoRun O33 - MountPoints2\{ebe7d070-7c58-11df-a92d-0024541354f5}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found O33 - MountPoints2\{ebe7d070-7c58-11df-a92d-0024541354f5}\Shell\setup\command - "" = G:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/09/09 13:29:23 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\patrick\Desktop\OTL.exe [2010/09/01 19:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Serials World [2010/09/01 19:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2010/09/01 19:13:21 | 000,000,000 | ---D | C] -- C:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP [2010/08/24 23:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010/08/23 22:00:07 | 000,000,000 | ---D | C] -- C:\Users\patrick\AppData\Roaming\dvdcss [2010/08/22 13:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper [2010/08/22 13:29:51 | 000,000,000 | ---D | C] -- C:\Users\patrick\dwhelper [2010/08/20 14:51:45 | 000,000,000 | ---D | C] -- C:\Users\patrick\AppData\Local\Apple Computer [2010/08/19 14:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/08/19 14:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/08/19 14:12:47 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll [2010/08/19 14:12:47 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe [2010/08/19 14:12:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe [2010/08/19 14:12:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe [2010/08/19 14:07:45 | 000,000,000 | ---D | C] -- C:\windows\Sun [2010/08/18 21:49:44 | 000,000,000 | ---D | C] -- C:\Users\patrick\Documents\Trials 2 [2010/08/18 21:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL [2010/08/18 21:46:43 | 000,000,000 | ---D | C] -- C:\Users\patrick\AppData\Local\Redlynx [2010/08/18 21:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\RedLynx [2010/08/18 21:45:22 | 000,000,000 | ---D | C] -- C:\windows\System32\install [2010/08/17 22:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/08/17 22:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010/08/13 11:31:58 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\ir32_32.dll [2010/08/13 11:31:58 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll [2010/08/13 11:31:57 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rtutils.dll [2010/08/13 11:31:55 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2010/08/13 11:31:55 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2010/08/13 11:31:53 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll [2010/08/13 11:31:53 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2010/08/13 11:31:53 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2010/08/13 11:31:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2010/08/13 11:31:53 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2010/08/13 11:31:53 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2010/08/13 11:31:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe [2010/08/13 11:31:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2010/08/13 11:31:49 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2010/08/11 13:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010/08/11 13:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010/08/11 13:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/09/09 14:07:15 | 001,572,864 | -HS- | M] () -- C:\Users\patrick\NTUSER.DAT [2010/09/09 14:06:34 | 000,019,965 | ---- | M] () -- C:\windows\System32\Config.MPF [2010/09/09 13:50:25 | 000,000,294 | -H-- | M] () -- C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010/09/09 13:29:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\patrick\Desktop\OTL.exe [2010/09/09 12:28:59 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/09/09 12:28:59 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/09/09 12:21:32 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2010/09/09 12:21:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010/09/09 12:21:26 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys [2010/09/08 23:24:10 | 005,875,805 | -H-- | M] () -- C:\Users\patrick\AppData\Local\IconCache.db [2010/09/08 18:15:42 | 019,657,194 | ---- | M] () -- C:\Users\patrick\Documents\vlc-1.1.4-win32.exe [2010/08/26 15:18:08 | 001,674,388 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI [2010/08/26 15:18:08 | 000,714,040 | ---- | M] () -- C:\windows\System32\perfh007.dat [2010/08/26 15:18:08 | 000,665,620 | ---- | M] () -- C:\windows\System32\perfh009.dat [2010/08/26 15:18:08 | 000,154,376 | ---- | M] () -- C:\windows\System32\perfc007.dat [2010/08/26 15:18:08 | 000,124,754 | ---- | M] () -- C:\windows\System32\perfc009.dat [2010/08/23 00:08:06 | 000,059,555 | -H-- | M] () -- C:\Users\patrick\AppData\Roaming\patricklog.dat [2010/08/13 20:32:24 | 000,420,728 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/09/08 18:12:57 | 019,657,194 | ---- | C] () -- C:\Users\patrick\Documents\vlc-1.1.4-win32.exe [2010/08/22 11:08:37 | 000,000,294 | -H-- | C] () -- C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010/08/06 22:41:45 | 000,000,133 | ---- | C] () -- C:\Users\patrick\AppData\Roaming\default.rss [2010/07/10 15:02:35 | 000,004,767 | ---- | C] () -- C:\windows\Irremote.ini [2010/06/07 18:28:53 | 000,697,328 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys [2009/11/07 14:08:53 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2009/11/07 13:54:34 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/09/28 09:22:00 | 000,315,392 | ---- | C] () -- C:\windows\System32\drivers\yk62x86.sys [2009/09/17 00:05:01 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2009/09/17 00:04:01 | 000,000,110 | ---- | C] () -- C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log [2009/09/17 00:03:23 | 000,000,106 | ---- | C] () -- C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log [2009/09/17 00:01:06 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log [2009/09/17 00:00:04 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2009/09/16 23:59:39 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2005/04/08 04:16:43 | 000,059,555 | -H-- | C] () -- C:\Users\patrick\AppData\Roaming\patricklog.dat ========== LOP Check ========== [2010/06/30 20:12:33 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Atari [2010/06/07 18:45:39 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\DAEMON Tools Lite [2010/06/07 18:54:09 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\DAEMON Tools Pro [2010/06/12 14:02:19 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\TeamViewer [2010/06/08 00:09:36 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\TubeBox [2009/09/17 00:44:50 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job [2010/07/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job [2009/07/14 06:53:46 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/09/09 13:50:25 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job ========== Purity Check ========== < End of report > Extras.TxtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 9/9/2010 2:06:38 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\patrick\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 240.54 Gb Total Space | 76.11 Gb Free Space | 31.64% Space Free | Partition Type: NTFS
Drive D: | 42.45 Gb Total Space | 42.36 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: POLDY
Current User Name: patrick
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UACDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20AB57C7-FED7-4394-8166-A409DEA20253}" = TubeBox!
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = Saboteur™
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{b29df88e-9808-4f60-b884-60fcfd23d7be}" = Nero 9
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CE8F2625-8404-43AD-9D1E-969C0CA08431}" = Serials World 3.2.10.040
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"DivX Setup.divx.com" = DivX-Setup
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"JDownloader" = JDownloader
"Just Cause 2_is1" = Just Cause 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSC" = McAfee SecurityCenter
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Sniper Ghost Warrior Deutsch Patch 1.0" = Sniper Ghost Warrior Deutsch Patch 1.0
"Sniper Ghost Warrior_is1" = Sniper Ghost Warrior
"Steamless Counter Strike Source Pack" = Steamless Counter Strike Source Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/11/2010 4:01:47 PM | Computer Name = POLDY | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe brauchte
länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet. Thread-ID:
4612 (0x1204) Thread-Adresse: 0x76FC64F4 Thread-Nachricht: Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\PROGRAM FILES\SFT LOADER
2009 FINAL\leecher.exe by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 8/12/2010 10:07:16 AM | Computer Name = POLDY | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 8/12/2010 10:07:55 AM | Computer Name = POLDY | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 8/12/2010 10:12:42 AM | Computer Name = POLDY | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 8/12/2010 10:12:43 AM | Computer Name = POLDY | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 8/12/2010 10:14:46 AM | Computer Name = POLDY | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe brauchte
länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet. Thread-ID:
4776 (0x12a8) Thread-Adresse: 0x76F164F4 Thread-Nachricht: Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Program Files\DivX\DivX
Plus Player\DivX Plus Player.exe by C:\windows\system32\rundll32.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 8/13/2010 10:09:53 AM | Computer Name = POLDY | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe brauchte
länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet. Thread-ID:
3684 (0xe64) Thread-Adresse: 0x77D864F4 Thread-Nachricht: Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\windows\WinSxS\Temp\PendingRenames\c6fda6fdf03acb0110000000740a900c.x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16617_none_b9178597fb9fc5bd_win32k.sys_0d7a6fb3
by C:\windows\servicing\TrustedInstaller.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)
7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 8/13/2010 10:12:57 AM | Computer Name = POLDY | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe brauchte
länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet. Thread-ID:
1656 (0x678) Thread-Adresse: 0x77D864F4 Thread-Nachricht: Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Program Files\TeamViewer\Version5\uninstall.exe
by C:\windows\system32\MRT.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 8/13/2010 10:12:57 AM | Computer Name = POLDY | Source = McLogEvent | ID = 5019
Description = Ausnahme in McShield.Exe! Ausnahme-Details folgen: VSCORE.14.0.0.433
Exception
Code : 0XC0000005 Exception Address : 0X00408486 Exception Parameters :
2 Param 1 = 0X00000001 Param 2 = 0X00000014 More information : ScanRequest : NTName
is \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll.
ScanRequest
: NTName is \Device\HarddiskVolume3\Windows\System32\dot3api.dll.
Error - 8/13/2010 10:15:39 AM | Computer Name = POLDY | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe brauchte
länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet. Thread-ID:
5256 (0x1488) Thread-Adresse: 0x77D864F4 Thread-Nachricht: Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\windows\WinSxS\Temp\PendingRenames\a0a232ccf13acb0192010000740a900c.x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92_tcpip.sys_3339bd51
by C:\windows\servicing\TrustedInstaller.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)
7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
[ System Events ]
Error - 8/24/2010 12:18:50 PM | Computer Name = POLDY | Source = Service Control Manager | ID = 7034
Description = Dienst "McAfee Real-time Scanner" wurde unerwartet beendet. Dies ist
bereits 3 Mal passiert.
Error - 8/25/2010 12:56:48 PM | Computer Name = POLDY | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee Real-time Scanner" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 8/25/2010 1:12:25 PM | Computer Name = POLDY | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee Real-time Scanner" wurde unerwartet beendet. Dies
ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 8/25/2010 2:15:31 PM | Computer Name = POLDY | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst wuauserv erreicht.
Error - 8/25/2010 2:15:55 PM | Computer Name = POLDY | Source = DCOM | ID = 10010
Description =
Error - 8/25/2010 2:16:01 PM | Computer Name = POLDY | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst iphlpsvc erreicht.
Error - 8/25/2010 2:16:04 PM | Computer Name = POLDY | Source = Service Control Manager | ID = 7034
Description = Dienst "McAfee Real-time Scanner" wurde unerwartet beendet. Dies ist
bereits 3 Mal passiert.
Error - 8/26/2010 9:45:49 AM | Computer Name = POLDY | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee Real-time Scanner" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 8/26/2010 9:49:08 AM | Computer Name = POLDY | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee Real-time Scanner" wurde unerwartet beendet. Dies
ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 8/26/2010 9:53:40 AM | Computer Name = POLDY | Source = Service Control Manager | ID = 7034
Description = Dienst "McAfee Real-time Scanner" wurde unerwartet beendet. Dies ist
bereits 3 Mal passiert.
< End of report >
|
|
09.09.2010, 14:42
| #7 |
| /// Malware-holic | Trojan.FakeAlert entfernen bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
10.09.2010, 18:21
| #8 |
| | Trojan.FakeAlert entfernen Combofix Logfile: Code:
ATTFilter ComboFix 10-09-09.04 - patrick 10.09.2010 18:45:21.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3037.2068 [GMT 2:00]
ausgeführt von:: c:\users\patrick\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\FullRemove.exe
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Thumbs.db
c:\windows\SEC\Wallpapers\Thumbs.db
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-10 bis 2010-09-10 ))))))))))))))))))))))))))))))
.
2010-09-10 16:56 . 2010-09-10 16:56 -------- d-----w- c:\users\patrick\AppData\Local\temp
2010-09-10 16:56 . 2010-09-10 16:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-10 16:56 . 2010-09-10 16:56 -------- d-----w- c:\users\Gast\AppData\Local\temp
2010-09-09 10:30 . 2010-09-09 10:30 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-09 10:30 . 2010-09-09 10:23 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-09-09 10:30 . 2010-09-09 10:30 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-09-09 10:30 . 2010-09-09 10:30 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-09-09 10:30 . 2010-09-09 10:30 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-09-09 10:29 . 2010-09-09 10:29 84063 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-09-09 10:29 . 2010-09-09 10:29 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-09-01 17:37 . 2010-09-02 21:11 -------- d-----w- c:\program files\Serials World
2010-09-01 17:14 . 2010-09-01 17:14 -------- d-----w- c:\program files\Enigma Software Group
2010-09-01 17:13 . 2010-09-09 10:34 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-08-29 11:50 . 2010-09-09 10:23 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-25 13:34 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 21:52 . 2010-08-24 21:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-23 20:00 . 2010-08-23 20:00 -------- d-----w- c:\users\patrick\AppData\Roaming\dvdcss
2010-08-22 11:38 . 2010-08-22 11:38 -------- d-----w- c:\program files\ConvertHelper
2010-08-22 11:29 . 2010-08-22 12:00 -------- d-----w- c:\users\patrick\dwhelper
2010-08-20 12:51 . 2010-08-20 12:51 -------- d-----w- c:\users\patrick\AppData\Local\Apple Computer
2010-08-19 12:13 . 2010-08-19 12:13 -------- d-----w- c:\program files\Common Files\Java
2010-08-19 12:12 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-19 12:07 . 2010-08-19 12:07 -------- d-----w- c:\windows\Sun
2010-08-18 19:46 . 2010-08-18 19:46 -------- d-----w- c:\users\patrick\AppData\Local\Redlynx
2010-08-18 19:45 . 2010-08-18 19:45 -------- d-----w- c:\program files\RedLynx
2010-08-18 19:45 . 2010-08-22 19:00 -------- d-----w- c:\windows\system32\install
2010-08-17 20:47 . 2010-08-22 18:49 -------- d-----w- c:\program files\QuickTime
2010-08-17 20:47 . 2010-08-17 20:47 -------- d-----w- c:\programdata\Apple Computer
2010-08-13 09:32 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 10:33 . 2010-07-28 19:47 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-09 10:31 . 2009-09-16 21:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-09 10:30 . 2010-07-28 18:39 -------- d-----w- c:\program files\DivX
2010-09-09 10:30 . 2010-07-28 18:38 -------- d-----w- c:\programdata\DivX
2010-09-09 10:23 . 2010-07-28 19:10 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-09-09 10:23 . 2010-07-28 19:10 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-09-08 21:24 . 2010-06-06 13:57 -------- d-----w- c:\program files\SFT Loader 2009 Final
2010-09-08 19:26 . 2010-06-06 14:06 -------- d-----w- c:\users\patrick\AppData\Roaming\vlc
2010-09-02 21:02 . 2009-11-07 12:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-30 04:18 . 2010-07-27 22:22 -------- d-----w- c:\program files\Common Files\Microsoft Games
2010-08-29 17:38 . 2010-06-06 15:47 -------- d-----w- c:\program files\Steamless CounterStrikeSource Pack
2010-08-29 15:01 . 2010-08-11 11:23 -------- d-----w- c:\programdata\Norton
2010-08-26 13:18 . 2009-09-17 14:19 714040 ----a-w- c:\windows\system32\perfh007.dat
2010-08-26 13:18 . 2009-09-17 14:19 154376 ----a-w- c:\windows\system32\perfc007.dat
2010-08-22 22:08 . 2005-04-08 02:16 59555 ---ha-w- c:\users\patrick\AppData\Roaming\patricklog.dat
2010-08-19 12:12 . 2010-06-17 09:11 -------- d-----w- c:\program files\Java
2010-08-13 14:13 . 2009-11-07 11:57 -------- d-----w- c:\programdata\Microsoft Help
2010-08-11 11:23 . 2010-08-11 11:23 -------- d-----w- c:\programdata\Symantec
2010-08-11 11:23 . 2010-08-11 11:23 -------- d-----w- c:\programdata\NortonInstaller
2010-08-07 16:42 . 2010-08-07 16:42 113912 ----a-w- c:\users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-07 16:42 . 2010-08-07 16:42 -------- d-----w- c:\users\Gast\AppData\Roaming\ATI
2010-08-06 20:40 . 2010-07-28 19:10 -------- d-----w- c:\users\patrick\AppData\Roaming\DivX
2010-08-01 19:13 . 2010-08-01 15:07 -------- d-----w- c:\program files\WebWasher
2010-07-29 20:59 . 2010-07-29 20:59 -------- d-----w- c:\program files\City Interactive
2010-07-29 09:40 . 2010-07-29 09:19 -------- d-----w- c:\users\patrick\AppData\Roaming\Nero
2010-07-29 06:30 . 2010-08-13 09:31 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-13 09:31 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-28 19:10 . 2010-07-28 19:10 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-28 19:10 . 2010-07-28 19:10 57609 ----a-w- c:\programdata\DivX\MFComponents\Uninstaller.exe
2010-07-28 19:10 . 2010-07-28 19:10 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-28 19:10 . 2010-07-28 19:10 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-07-28 19:10 . 2010-07-28 19:10 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-28 19:10 . 2010-07-28 19:10 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-28 19:10 . 2010-07-28 19:10 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-07-28 19:10 . 2010-07-28 19:10 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-28 19:10 . 2010-07-28 19:10 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-07-28 19:10 . 2010-07-28 19:10 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-28 19:10 . 2010-07-28 19:10 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-07-28 19:10 . 2010-07-28 19:10 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-28 19:09 . 2010-07-28 19:09 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-07-28 19:09 . 2010-07-28 19:09 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-28 19:09 . 2010-07-28 19:09 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-07-28 16:01 . 2010-07-28 16:01 -------- d-----w- c:\program files\Common Files\Apple
2010-07-28 16:01 . 2010-07-28 16:01 -------- d-----w- c:\program files\Apple Software Update
2010-07-28 16:01 . 2010-07-28 16:01 -------- d-----w- c:\programdata\Apple
2010-07-28 13:50 . 2010-06-17 09:12 -------- d-----w- c:\program files\JDownloader
2010-07-27 22:25 . 2010-07-27 22:25 -------- d-----w- c:\programdata\Age of Empires 3
2010-07-17 13:51 . 2009-11-07 11:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-15 15:14 . 2009-09-16 21:59 -------- d-----w- c:\programdata\CyberLink
2010-07-10 09:10 . 2010-07-10 09:10 10134 ----a-r- c:\users\patrick\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-07-07 08:17 . 2010-07-07 08:17 9662 ----a-r- c:\users\patrick\AppData\Roaming\Microsoft\Installer\{20AB57C7-FED7-4394-8166-A409DEA20253}\_6FEFF9B68218417F98F549.exe
2010-07-07 08:17 . 2010-07-07 08:17 355574 ----a-r- c:\users\patrick\AppData\Roaming\Microsoft\Installer\{20AB57C7-FED7-4394-8166-A409DEA20253}\_FD16FB707C97B681CE3586.exe
2010-07-07 08:17 . 2010-07-07 08:17 355574 ----a-r- c:\users\patrick\AppData\Roaming\Microsoft\Installer\{20AB57C7-FED7-4394-8166-A409DEA20253}\_D0CACB2DEDB677B81D19FE.exe
2010-07-07 08:17 . 2010-07-07 08:17 25214 ----a-r- c:\users\patrick\AppData\Roaming\Microsoft\Installer\{20AB57C7-FED7-4394-8166-A409DEA20253}\_CF21A7E464043C42ED6C28.exe
2010-07-07 08:17 . 2010-07-07 08:17 10134 ----a-r- c:\users\patrick\AppData\Roaming\Microsoft\Installer\{20AB57C7-FED7-4394-8166-A409DEA20253}\_31A93269CEE5A678B80674.exe
2010-06-30 06:25 . 2010-08-13 09:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 05:29 . 2010-06-22 05:31 8192 ----a-w- c:\windows\system32\srvany.exe
2010-06-22 05:29 . 2010-06-22 05:31 151552 ----a-w- c:\windows\KMService.exe
2010-06-22 02:47 . 2010-08-13 09:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-13 09:31 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-13 09:31 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-21 03:38 . 2009-11-07 12:01 113912 ----a-w- c:\users\patrick\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-19 06:33 . 2010-08-13 09:31 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-13 09:31 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-13 09:31 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-13 09:31 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-13 09:31 224256 ----a-w- c:\windows\system32\schannel.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-01 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-07 697328]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-02 172032]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-06-22 8192]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2009-08-10 237696]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
.
Inhalt des "geplante Tasks" Ordners
2009-09-16 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-16 23:57]
2010-06-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-16 23:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\users\patrick\AppData\Roaming\Mozilla\Firefox\Profiles\4is1d6up.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Toolbar-Locked - (no file)
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-09-10 18:59:01
ComboFix-quarantined-files.txt 2010-09-10 16:59
Vor Suchlauf: 6 Verzeichnis(se), 80.831.840.256 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 83.439.403.008 Bytes frei
- - End Of File - - E4F211EFA16176C5D0169816E481FA86
|
|
10.09.2010, 18:29
| #9 |
| /// Malware-holic | Trojan.FakeAlert entfernen deinstaliere Enigma Software Group (esgiguard) dann berichte mal wie der pc jetzt läuft. |
|
| Themen zu Trojan.FakeAlert entfernen |
| entfernen, explorer, festgestellt, folge, folgendes, gefährliche, gelöscht, geschlossen, google, hallo zusammen, interne, internet, internet explorer, löschen, malwarebytes, meldungen, problem, quarantäne, scan, scheiß, trojan.fakealert, trojaner, viren, würde, zusammen |
Linear-Darstellung
