Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: trojaner eingefangen , malware auswertung :)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 15.04.2011, 10:00   #1
chaaali
 
trojaner eingefangen , malware auswertung :) - Standard

trojaner eingefangen , malware auswertung :)



Heyy ich glaub hab mir wieder ein trojaner eingefangen, ist dass sicher ein trojaner oder was :S

könnt ihr mir tipps zum bereinigen geben :S

lg

hier die malware auswertung



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6346

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.04.2011 10:58:08
mbam-log-2011-04-15 (10-57-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (D:\|)
Durchsuchte Objekte: 224802
Laufzeit: 22 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
d:\programme\frilo\frilo.aktuell\deu\flgrfcolorext104_deu.scr (Trojan.Dropper) -> No action taken.



und hier die HijackThis auswertung:

logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:58:03, on 15.04.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
D:\Programme\TUNEUputilies\TuneUpUtilitiesApp32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
D:\Programme\Nero\Nero BackItUp\NBAgent.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Programme\hotspot shield\bin\openvpntray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Opera\opera.exe
C:\Users\Charlie\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NBAgent] "D:\Programme\Nero\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - D:\Programme\hotspot shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - D:\Programme\hotspot shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - D:\Programme\hotspot shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - D:\Programme\hotspot shield\bin\hsswd.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @D:\Programme\TUNEUputilies\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - D:\Programme\TUNEUputilies\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Programme\TUNEUputilies\TuneUpUtilitiesService32.exe

--
End of file - 8340 bytes

Alt 15.04.2011, 10:08   #2
markusg
/// Malware-holic
 
trojaner eingefangen , malware auswertung :) - Standard

trojaner eingefangen , malware auswertung :)



das sieht nach fehlalarm aus, kennst du das programm?
frilo
__________________

__________________

Alt 15.04.2011, 10:10   #3
chaaali
 
trojaner eingefangen , malware auswertung :) - Standard

trojaner eingefangen , malware auswertung :)



wieso denn nach fehlalarm,wie erkenns du das, ja kenne es schon... aber mein pc ist letztens auch etwas langsam...

aber das problem kam nicht sofort nach der instalation, also das problem dass der pc langsam ist??
__________________

Alt 15.04.2011, 10:17   #4
markusg
/// Malware-holic
 
trojaner eingefangen , malware auswertung :) - Standard

trojaner eingefangen , malware auswertung :)



naja dies ist ein legitimes programm, wir können ja noch folgendes machen:
VirusTotal - Free Online Virus, Malware and URL Scanner
d:\programme\frilo\frilo.aktuell\deu\flgrfcolorext104_deu.scr
prüfen, ergebnisslink posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.04.2011, 10:27   #5
chaaali
 
trojaner eingefangen , malware auswertung :) - Standard

trojaner eingefangen , malware auswertung :)



das kam dabei raus also nichts negatives, wenn ich das jetzt richtig gemacht habe

Antivirus Version Last Update Result
AhnLab-V3 2011.03.06.02 2011.03.06 -
AntiVir 7.11.4.84 2011.03.06 -
Antiy-AVL 2.0.3.7 2011.03.06 -
Avast 4.8.1351.0 2011.02.23 -
Avast5 5.0.677.0 2011.03.06 -
AVG 10.0.0.1190 2011.03.06 -
BitDefender 7.2 2011.03.06 -
CAT-QuickHeal 11.00 2011.03.06 -
ClamAV 0.96.4.0 2011.03.05 -
Commtouch 5.2.11.5 2011.03.05 -
Comodo 7894 2011.03.06 -
DrWeb 5.0.2.03300 2011.03.06 -
Emsisoft 5.1.0.2 2011.03.06 -
eSafe 7.0.17.0 2011.03.06 -
eTrust-Vet 36.1.8198 2011.03.04 -
F-Prot 4.6.2.117 2011.03.05 -
F-Secure 9.0.16440.0 2011.03.06 -
Fortinet 4.2.254.0 2011.03.06 -
GData 21 2011.03.06 -
Ikarus T3.1.1.97.0 2011.03.06 -
Jiangmin 13.0.900 2011.03.06 -
K7AntiVirus 9.92.4032 2011.03.05 -
Kaspersky 7.0.0.125 2011.03.06 -
McAfee 5.400.0.1158 2011.03.06 -
McAfee-GW-Edition 2010.1C 2011.03.06 -
Microsoft 1.6603 2011.03.06 -
NOD32 5931 2011.03.06 -
Norman 6.07.03 2011.03.06 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.06 -
PCTools 7.0.3.5 2011.03.06 -
Prevx 3.0 2011.03.06 -
Rising 23.47.06.03 2011.03.06 -
Sophos 4.63.0 2011.03.06 -
SUPERAntiSpyware 4.40.0.1006 2011.03.06 -
Symantec 20101.3.0.103 2011.03.06 -
TheHacker 6.7.0.1.145 2011.03.06 -
TrendMicro 9.200.0.1012 2011.03.06 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.06 -
VBA32 3.12.14.3 2011.03.04 -
VIPRE 8619 2011.03.06 -
ViRobot 2011.3.6.4343 2011.03.06 -
VirusBuster 13.6.237.0 2011.03.06 -
Additional information
Show all
MD5 : 4164dde60d6103cf210beb56fa3120d4
SHA1 : 85a09e8f09f18c25ccc7a93d229a0819d29596d1
SHA256: e9085934b9cc472e3442c931062b5221bedec444b3cce1019a067189f1af2edb


Alt 15.04.2011, 10:40   #6
markusg
/// Malware-holic
 
trojaner eingefangen , malware auswertung :) - Standard

trojaner eingefangen , malware auswertung :)



was ist an dem pc genau langsam?
__________________
--> trojaner eingefangen , malware auswertung :)

Alt 15.04.2011, 10:41   #7
chaaali
 
trojaner eingefangen , malware auswertung :) - Standard

trojaner eingefangen , malware auswertung :)



eigenltich das internet, kann natürlich auch an der verbindung liegen, aber vor einer woche oder so gings noch wunderbar..

danke für die mühe

Alt 15.04.2011, 11:24   #8
markusg
/// Malware-holic
 
trojaner eingefangen , malware auswertung :) - Standard

trojaner eingefangen , malware auswertung :)



schaun wir ma
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.04.2011, 11:52   #9
chaaali
 
trojaner eingefangen , malware auswertung :) - Standard

trojaner eingefangen , malware auswertung :)



olt.txt:OTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 15.04.2011 12:33:58 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Charlie\Documents
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 185,76 Gb Free Space | 79,77% Space Free | Partition Type: NTFS
Drive D: | 221,16 Gb Total Space | 194,94 Gb Free Space | 88,14% Space Free | Partition Type: NTFS
Drive E: | 296,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: CHAS-PC | User Name: Charlie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Charlie\Documents\OTL.exe (OldTimer Tools)
PRC - D:\Programme\hotspot shield\bin\openvpntray.exe ()
PRC - D:\Programme\hotspot shield\bin\openvpnas.exe ()
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - D:\Programme\hotspot shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - D:\Programme\hotspot shield\bin\hsswd.exe ()
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - D:\Programme\TUNEUputilies\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - D:\Programme\TUNEUputilies\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - D:\Programme\Nero\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Programme\Wireless Console 2\wcourier.exe ()
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Charlie\Documents\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll ()
SRV - (HssTrayService) -- D:\Programme\hotspot shield\bin\HssTrayService.exe ()
SRV - (hshld) -- D:\Programme\hotspot shield\bin\openvpnas.exe ()
SRV - (HssSrv) -- D:\Programme\hotspot shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- D:\Programme\TUNEUputilies\TuneUpDefragService.exe (TuneUp Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (HssWd) -- D:\Programme\hotspot shield\bin\hsswd.exe ()
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (TuneUp.UtilitiesSvc) -- D:\Programme\TUNEUputilies\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (ADSMService) -- C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (TuneUpUtilitiesDrv) -- D:\Programme\TUNEUputilies\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (GemCCID) -- C:\Windows\System32\drivers\GemCCID.sys (Gemalto)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ASUS)
DRV - (ASMMAP) -- C:\Programme\ATKGFNEX\ASMMAP.sys ()
DRV - (ZSMC302) -- C:\Windows\System32\drivers\usbvm302.sys (VM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2947023524-3392541412-3078226838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-2947023524-3392541412-3078226838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2947023524-3392541412-3078226838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2947023524-3392541412-3078226838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 FC 9C 39 D4 9B CB 01  [binary data]
IE - HKU\S-1-5-21-2947023524-3392541412-3078226838-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2947023524-3392541412-3078226838-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://vshare.toolbarhome.com/?hp=df"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.31 20:40:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.31 20:40:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.11 22:00:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.11 22:00:14 | 000,000,000 | ---D | M]
 
[2010.12.16 20:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlie\AppData\Roaming\mozilla\Extensions
[2011.04.15 12:28:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlie\AppData\Roaming\mozilla\Firefox\Profiles\t4uto6ah.default\extensions
[2011.02.20 16:25:15 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Charlie\AppData\Roaming\mozilla\Firefox\Profiles\t4uto6ah.default\extensions\firefox@tvunetworks.com
[2010.12.16 20:19:26 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Charlie\AppData\Roaming\mozilla\Firefox\Profiles\t4uto6ah.default\extensions\vshare@toolbar
[2010.12.16 20:19:34 | 000,001,583 | ---- | M] () -- C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\t4uto6ah.default\searchplugins\web-search.xml
[2011.03.30 23:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.12.17 00:27:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.30 23:42:11 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2011.01.31 20:40:58 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.01.31 20:40:58 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010.12.17 00:27:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.30 23:42:11 | 000,000,000 | ---D | M] (afurladvisor) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM
[2010.12.17 00:27:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.11 22:00:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.11 22:00:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.11 22:00:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.11 22:00:11 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.11 22:00:11 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ADSMTray] C:\Programme\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [NBAgent] D:\Programme\Nero\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.250
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.04.18 19:37:34 | 000,000,029 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{627af2c5-07be-11e0-8694-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{627af2c5-07be-11e0-8694-806e6f6e6963}\Shell\AutoRun\command - "" = E:\EPSetup.exe -- [2008.06.04 07:00:00 | 000,059,296 | R--- | M] (SEIKO EPSON CORPORATION)
O33 - MountPoints2\{f6230640-0ba3-11e0-b2f5-90e6ba12d5b9}\Shell - "" = AutoRun
O33 - MountPoints2\{f6230640-0ba3-11e0-b2f5-90e6ba12d5b9}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Programme\daemon tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivX Download Manager - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: EPSON SX510W Series - hkey= - key= -  File not found
MsConfig - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1274217F-5DF9-103D-D363-7C08956E4CF0} - Themes Setup
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2B1B49BF-4C80-8A0C-82D9-02BB69BC1F00} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {3DD1651F-A172-2F8E-37FD-0334B439081B} - Microsoft Windows Media Player
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6405F2E8-D2B9-E80C-9087-230333B691E8} - DirectX
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.15 12:32:32 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Charlie\Documents\OTL.exe
[2011.04.12 23:20:05 | 000,000,000 | ---D | C] -- C:\Users\Charlie\Desktop\Chipmunk - Transition
[2011.04.10 12:29:25 | 000,337,304 | ---- | C] (VideoSoft) -- C:\Windows\System32\VSPRINT7.OCX
[2011.04.10 12:29:24 | 001,248,768 | ---- | C] (Visual Components, Inc.) -- C:\Windows\System32\VCFI32.OCX
[2011.04.10 12:29:24 | 000,221,184 | ---- | C] (ComponenetOne) -- C:\Windows\System32\SIZERONE.OCX
[2011.04.10 12:29:24 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\THREED32.OCX
[2011.04.10 12:29:24 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2011.04.10 12:29:24 | 000,099,866 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DE.DLL
[2011.04.10 12:29:24 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
[2011.04.10 12:29:22 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVBVM50.DLL
[2011.04.10 12:29:22 | 001,064,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJET35.DLL
[2011.04.10 12:29:22 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl35.dll
[2011.04.10 12:29:22 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x35.dll
[2011.04.10 12:29:22 | 000,166,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msmask32.ocx
[2011.04.10 12:29:22 | 000,148,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJINT35.DLL
[2011.04.10 12:29:22 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJTER35.DLL
[2011.04.10 12:29:22 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msmskde.dll
[2011.04.10 12:29:21 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC42LOC.DLL
[2011.04.10 12:29:21 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC40LOC.DLL
[2011.04.10 12:29:21 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Flxgdde.dll
[2011.04.10 12:29:20 | 000,084,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Gapi32.dll
[2011.04.10 12:29:19 | 000,684,032 | ---- | C] (combit GmbH) -- C:\Windows\System32\Cm32l5.dll
[2011.04.10 12:29:19 | 000,255,488 | ---- | C] (combit GmbH) -- C:\Windows\System32\Cm32ct5.dll
[2011.04.10 12:29:19 | 000,185,856 | ---- | C] (combit GmbH) -- C:\Windows\System32\Cm32dw3.dll
[2011.04.10 12:29:19 | 000,168,448 | ---- | C] (combit GmbH) -- C:\Windows\System32\Cm32l500.lng
[2011.04.10 12:29:19 | 000,100,864 | ---- | C] (combit GmbH) -- C:\Windows\System32\Cm32ut4.dll
[2011.04.10 12:29:19 | 000,064,512 | ---- | C] (combit GmbH) -- C:\Windows\System32\Cm32cr2.dll
[2011.04.10 12:29:19 | 000,052,736 | ---- | C] (combit GmbH) -- C:\Windows\System32\Cm32l5o.ocx
[2011.04.08 15:33:58 | 000,000,000 | ---D | C] -- C:\Users\Charlie\Desktop\Rio Music From The Motion Picture
[2011.04.08 12:52:33 | 000,000,000 | ---D | C] -- C:\Users\Charlie\Desktop\Kool Savas - John Bello Story 3 (2010)
[2011.04.02 22:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.04.02 22:31:46 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2011.04.02 22:31:40 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2011.03.31 23:49:27 | 000,000,000 | ---D | C] -- C:\Users\Charlie\AppData\Roaming\frilo
[2011.03.31 17:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frilo
[2011.03.31 17:29:24 | 000,000,000 | ---D | C] -- C:\Users\Charlie\AppData\Local\Frilo
[2011.03.31 17:26:37 | 000,000,000 | ---D | C] -- C:\Programme\Frilo
[2011.03.31 17:25:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Crystal Decisions
[2011.03.31 00:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2011.03.30 23:47:47 | 000,000,000 | ---D | C] -- C:\Programme\Hotspot Shield
[2011.03.30 23:42:12 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2011.03.30 23:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2011.03.25 10:18:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.03.23 15:14:34 | 000,000,000 | ---D | C] -- C:\Users\Charlie\Documents\Verlauf
[2011.03.23 00:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4
[2011.03.23 00:29:22 | 000,000,000 | ---D | C] -- C:\Users\Charlie\AppData\Roaming\ICQ
[2011.03.18 16:34:21 | 000,000,000 | ---D | C] -- C:\Programme\Fingerprint Sensor
[2011.03.18 16:33:30 | 000,000,000 | ---D | C] -- C:\Medion
[2011.03.18 16:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueSuite
[2011.03.18 16:27:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\wocaffe
[2011.03.18 16:27:26 | 000,000,000 | ---D | C] -- C:\Programme\TrueSuite
[2011.03.18 16:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueSuite
[2011.03.18 16:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2011.03.17 14:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2010.12.14 22:34:21 | 000,196,608 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2010.12.14 22:26:12 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.15 12:32:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Charlie\Documents\OTL.exe
[2011.04.15 10:29:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.14 21:48:29 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.14 21:48:29 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.14 21:47:14 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2011.04.14 21:41:18 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2011.04.14 21:40:59 | 2415,394,816 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.13 13:45:37 | 417,674,085 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.12 18:39:29 | 000,691,532 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 18:39:29 | 000,647,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.12 18:39:29 | 000,145,098 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 18:39:29 | 000,118,636 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.10 12:29:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.04.10 12:29:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011.04.06 16:55:22 | 000,095,083 | ---- | M] () -- C:\Users\Charlie\Desktop\SAP_FS_Zahnmedizin_Bild_7.jpg
[2011.04.06 00:05:52 | 000,038,729 | ---- | M] () -- C:\Users\Charlie\Desktop\cafemadrid_04042011_61.JPG
[2011.03.31 18:03:03 | 040,762,692 | ---- | M] () -- C:\Users\Charlie\Desktop\HB_F_L.rar
[2011.03.31 17:30:17 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\FriloStart.lnk
[2011.03.31 17:30:17 | 000,000,907 | ---- | M] () -- C:\Users\Charlie\Documents\FriloStart.lnk
[2011.03.31 17:28:41 | 000,000,914 | ---- | M] () -- C:\Users\Charlie\Documents\FriloConfig.lnk
[2011.03.31 16:09:58 | 000,003,284 | ---- | M] () -- C:\Windows\checkip.dat
[2011.03.25 17:20:38 | 000,622,592 | ---- | M] () -- C:\Users\Charlie\Documents\Database1.accdb
[2011.03.18 16:27:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
[2011.03.17 15:07:12 | 000,488,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.17 01:35:40 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
 
========== Files Created - No Company Name ==========
 
[2011.04.13 13:46:00 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2011.04.10 12:29:07 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011.04.10 12:29:07 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011.04.06 16:55:22 | 000,095,083 | ---- | C] () -- C:\Users\Charlie\Desktop\SAP_FS_Zahnmedizin_Bild_7.jpg
[2011.04.06 00:05:48 | 000,038,729 | ---- | C] () -- C:\Users\Charlie\Desktop\cafemadrid_04042011_61.JPG
[2011.03.31 18:01:26 | 040,762,692 | ---- | C] () -- C:\Users\Charlie\Desktop\HB_F_L.rar
[2011.03.31 17:29:25 | 000,040,960 | ---- | C] () -- C:\ProgramData\UninstallFrilo.Exe
[2011.03.31 17:29:25 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\FriloStart.lnk
[2011.03.31 17:29:25 | 000,000,907 | ---- | C] () -- C:\Users\Charlie\Documents\FriloStart.lnk
[2011.03.31 17:28:41 | 000,000,914 | ---- | C] () -- C:\Users\Charlie\Documents\FriloConfig.lnk
[2011.03.31 16:07:24 | 000,003,284 | ---- | C] () -- C:\Windows\checkip.dat
[2011.03.25 14:46:18 | 000,622,592 | ---- | C] () -- C:\Users\Charlie\Documents\Database1.accdb
[2011.03.25 10:18:32 | 417,674,085 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.03.18 16:27:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
[2011.03.17 01:35:26 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2011.02.18 01:38:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.17 12:28:44 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.01.17 12:28:44 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.01.17 12:28:44 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.01.17 12:28:44 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.01.17 12:28:44 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.01.17 12:28:44 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.01.17 12:28:44 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.01.17 12:28:44 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.01.17 12:28:44 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.01.17 12:28:44 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.01.17 12:28:44 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.01.17 12:28:44 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.01.17 12:28:44 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.01.17 12:28:44 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.01.17 12:28:44 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.01.17 12:28:44 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.01.17 12:28:44 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.01.17 12:28:44 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.01.17 12:28:44 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.12.14 22:34:21 | 001,759,872 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010.12.14 22:34:21 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2010.12.14 22:34:21 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009.12.02 20:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009.07.14 10:47:43 | 000,691,532 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,145,098 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,488,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,647,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,118,636 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 01:15:05 | 000,668,160 | ---- | C] () -- C:\Windows\System32\autochk.exe
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.10.16 09:29:32 | 000,049,152 | ---- | C] () -- C:\Windows\amcap.exe
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2010.12.15 01:10:32 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Autodesk
[2010.12.19 21:19:43 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\DAEMON Tools Lite
[2011.03.31 23:49:27 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\frilo
[2011.01.07 19:56:21 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\GetRightToGo
[2011.03.24 22:50:20 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\ICQ
[2010.12.15 00:46:52 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Local
[2011.04.13 19:29:36 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Opera
[2011.03.10 22:28:44 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\ShareTV
[2010.12.15 01:17:14 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\TuneUp Software
[2011.02.15 01:30:40 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Unity
[2009.07.14 06:53:46 | 000,021,040 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.23 01:30:24 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Adobe
[2011.01.08 23:37:40 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Apple Computer
[2010.12.15 01:10:32 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Autodesk
[2010.12.19 21:19:43 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\DAEMON Tools Lite
[2011.01.29 00:39:13 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\DivX
[2011.03.31 23:49:27 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\frilo
[2011.01.07 19:56:21 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\GetRightToGo
[2011.03.24 22:50:20 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\ICQ
[2010.12.14 22:23:16 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Identities
[2010.12.14 22:36:10 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\InstallShield
[2010.12.15 00:46:52 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Local
[2010.12.14 23:03:11 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Macromedia
[2010.12.14 23:14:33 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Media Center Programs
[2011.03.25 16:03:41 | 000,000,000 | --SD | M] -- C:\Users\Charlie\AppData\Roaming\Microsoft
[2011.03.10 21:28:42 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Mozilla
[2011.01.07 23:50:06 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Nero
[2011.04.13 19:29:36 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Opera
[2011.03.10 22:28:44 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\ShareTV
[2011.04.04 21:13:35 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Skype
[2011.04.04 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\skypePM
[2010.12.15 01:17:14 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\TuneUp Software
[2011.02.15 01:30:40 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Unity
[2011.03.17 14:26:08 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\vlc
[2010.12.15 01:14:46 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.03.18 16:34:21 | 000,061,440 | R--- | M] (Macrovision Corporation) -- C:\Users\Charlie\AppData\Roaming\Microsoft\Installer\{E815FB81-995F-4F33-8E25-F16712123AB7}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.12.19 21:09:53 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >



extra.txt

OTL Extras logfile created on: 15.04.2011 12:33:58 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Charlie\Documents
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 185,76 Gb Free Space | 79,77% Space Free | Partition Type: NTFS
Drive D: | 221,16 Gb Total Space | 194,94 Gb Free Space | 88,14% Space Free | Partition Type: NTFS
Drive E: | 296,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: CHAS-PC | User Name: Charlie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-2947023524-3392541412-3078226838-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\videolan\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "D:\Programme\MediaMonkey\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "D:\Programme\MediaMonkey\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "D:\Programme\MediaMonkey\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "D:\Programme\videolan\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010DDDB8-C84B-4748-86D4-669D6D87842C}_is1" = Need for Speed(TM) Hot Pursuit Version 1.0
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{378317B3-D201-4BC0-BEC9-9451C9ACAEED}" = Alcor Micro USB Card Reader
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-9001-0407-0002-0060B0CE6BBA}" = AutoCAD 2011 - Deutsch
"{5783F2D7-9001-0407-1002-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - Deutsch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9B7A87BB-BB10-4991-A89C-E38660A76B05}" = Frilo Installation
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"AmUStor" = Alcor Micro USB Card Reader
"AutoCAD 2011 - Deutsch" = AutoCAD 2011 - Deutsch
"AutoCAD 2011 - Deutsch Version 2.1" = AutoCAD 2011 - Deutsch Version 2.1
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"DivX Setup.divx.com" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX510W_TX550W Benutzerhandbuch" = Epson Stylus SX510W_TX550W Handbuch
"EPSON SX510W Series" = EPSON SX510W Series Printer Uninstall
"Fallout New Vegas_is1" = Fallout New Vegas
"Frilo" = Frilo
"HotspotShield" = Hotspot Shield 1.57
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.2
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 11.01.1190" = Opera 11.01
"SopCast" = SopCast 3.3.2
"SqrSoftACF" = SqrSoft® Advanced Crossfading (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"Veetle TV" = Veetle TV 0.9.18
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.1.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2947023524-3392541412-3078226838-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.04.2011 20:17:08 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6099
 
Error - 14.04.2011 20:17:09 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.04.2011 20:17:09 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7098
 
Error - 14.04.2011 20:17:09 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7098
 
Error - 14.04.2011 20:17:10 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.04.2011 20:17:10 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8112
 
Error - 14.04.2011 20:17:10 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8112
 
Error - 14.04.2011 20:17:11 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.04.2011 20:17:11 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9110
 
Error - 14.04.2011 20:17:11 | Computer Name = ChaS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9110
 
[ System Events ]
Error - 15.04.2011 06:41:32 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 15.04.2011 06:41:32 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 15.04.2011 06:44:20 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus.
 
Error - 15.04.2011 06:44:20 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus.
 
Error - 15.04.2011 06:44:20 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 15.04.2011 06:44:37 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus.
 
Error - 15.04.2011 06:44:37 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus.
 
Error - 15.04.2011 06:44:37 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 15.04.2011 06:44:37 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 15.04.2011 06:44:37 | Computer Name = ChaS-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
 
< End of report >
         
--- --- ---

--- --- ---

Alt 15.04.2011, 14:12   #10
markusg
/// Malware-holic
 
trojaner eingefangen , malware auswertung :) - Standard

trojaner eingefangen , malware auswertung :)



lade den CCleaner slim:
Piriform - Builds
falls der CCleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.04.2011, 18:06   #11
chaaali
 
trojaner eingefangen , malware auswertung :) - Standard

trojaner eingefangen , malware auswertung :)



Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 19.02.2011 6,00MB 10.2.152.26 NOTWENDIG
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 18.01.2011 6,00MB 10.1.102.64 NOTWENDIG
Adobe Reader X - Deutsch Adobe Systems Incorporated 22.12.2010 115,1MB 10.0.0 NOTWENDIG
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 08.03.2011 11.5.9.620 NOTWENDIG
Akamai NetSession Interface 13.12.2010 uNBEKANNT
Alcor Micro USB Card Reader Alcor Micro Corp. 13.12.2010 2,80MB 1.4.1217.35202 UNBEKANNT/NICHT NOTWENDIG
Apple Application Support Apple Inc. 06.01.2011 52,8MB 1.4.1 UNBEÖTIGT
Apple Mobile Device Support Apple Inc. 06.01.2011 21,7MB 3.3.0.69 UNBENÖTIGT
Apple Software Update Apple Inc. 06.01.2011 2,26MB 2.1.2.120 UNBENÖTIGT
ASUS Data Security Manager ASUS 13.12.2010 15,1MB 1.00.0014 UNBEKANNT
ASUS LifeFrame3 ASUS 13.12.2010 27,7MB 3.0.20 UNNÖTIG
ASUS Live Update ASUS 13.12.2010 2.5.9 UNBEKANNT
ASUS MultiFrame ASUS 13.12.2010 1.0.0019 UNNÖTIG
ASUS Virtual Camera asus 13.12.2010 3,12MB 1.0.19 NOTWENDIG
ATK Generic Function Service ATK 13.12.2010 1.00.0008 UNBEKANNT
ATK Hotkey ASUS 13.12.2010 5,75MB 1.0.0053 UNBEKANNT
ATK Media ASUS 13.12.2010 0,20MB 2.0.0006 UNBEKANNT
ATKOSD2 ASUS 13.12.2010 6,53MB 7.0.0006 UNBEKANNT
AuthenTec Fingerprint Sensor Minimum Install AuthenTec 17.03.2011 2,33MB 7.9.2 UNNÖTIG
AuthenTec TrueSuite AuthenTec, Inc. 17.03.2011 6,54MB 2.0.0.57 NOTWENDIG
AutoCAD 2011 - Deutsch Autodesk 14.12.2010 18.1.49.0 NOTWENDIG
Autodesk Material Library 2011 Autodesk 13.12.2010 181,4MB 2.0.0.49 NOTWENDIG
Autodesk Material Library 2011 Base Image library Autodesk 13.12.2010 255MB 2.0.0.49 NOTWENDIG
avast! Free Antivirus Alwil Software 14.12.2010 5.0.677.0 NOTWENDIG
AviSynth 2.5 21.01.2011 UNBEKANNT
Bonjour Apple Inc. 06.01.2011 1,10MB 2.0.4.0 UNBEKANNT
CCleaner Piriform 14.04.2011 3.05
DivX Web Player DivX,Inc. 30.01.2011 1.5.0 NOTWENDIG
DivX-Setup DivX, LLC 25.12.2010 2.2.1.2 NOTWENDIG
Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 16.01.2011 2.1.0.0 NOTWEDNIG
EPSON Scan 16.01.2011 NOTWENDIG
Epson Stylus SX510W_TX550W Handbuch 16.01.2011 UNNÖTIG
EPSON SX510W Series Printer Uninstall SEIKO EPSON Corporation 16.01.2011 NOTWENDIG
EpsonNet Print SEIKO EPSON CORPORATION 16.01.2011 2.4i UNBEKANNT
EpsonNet Setup SEIKO EPSON CORPORATION 16.01.2011 3.1a UNBEKANNT
Fallout New Vegas Bethesda Softworks 08.01.2011 1.0 UNNÖTIG
FARO LS 1.1.406.58 FARO Scanner Production 13.12.2010 21,5MB 4.6.58.2 UNBEKANNT
Frilo 30.03.2011 NOTWNEDIG
Hotspot Shield 1.57 AnchorFree 29.03.2011 1.57 NOTWENDIG
IKEA Home Planner IKEA IT 06.03.2011 167,3MB 2.0.3 UNNÄTIG
iTunes Apple Inc. 06.01.2011 144,8MB 10.1.1.4 NOTWENDIG
Java(TM) 6 Update 23 Oracle 15.12.2010 95,0MB 6.0.230 NOTWENDIG
Malwarebytes' Anti-Malware Malwarebytes Corporation 21.12.2010 10,5MB NOTWENDIG
MediaMonkey 3.2 Ventis Media Inc. 19.12.2010 3.2 NOTWENDIG
Messenger Plus! Live Yuna Software 14.12.2010 4.90.0.392 NOTWEDNIG
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 13.01.2011 38,8MB 4.0.30319 UNBEK.
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 13.01.2011 2,94MB 4.0.30319 UNBEK.
Microsoft .NET Framework 4 Extended Microsoft Corporation 13.01.2011 52,0MB 4.0.30319 UNBEK.
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 13.01.2011 10,7MB 4.0.30319 UNBEKA.
Microsoft Office Professional Plus 2010 Microsoft Corporation 18.12.2010 14.0.4763.1000 NOTWEDNIG
Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 06.01.2011 7,71MB 8.0.50727.42
Microsoft Silverlight Microsoft Corporation 16.02.2011 40,4MB 4.0.60129.0 UNBEKANNT
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 09.03.2011 2,70MB 8.0.59193 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 22.12.2010 0,23MB 9.0.30729 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 13.12.2010 0,58MB 9.0.30729.4148 UNBEKANNT
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 08.01.2011 11,0MB 10.0.30319 UNBEKANNT
Mozilla Firefox (3.6.15) Mozilla 10.03.2011 3.6.15 (de) NOTWEDNIG
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 08.01.2011 35,00KB 4.20.9870.0 UNBEKANNT
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 08.01.2011 1,33MB 4.20.9876.0 UNBEKANNT
Need for Speed(TM) Hot Pursuit Version 1.0 Zocky 23.12.2010 1.0 UNNÖTIG
Nero BackItUp 10 Nero AG 06.01.2011 107,6MB 5.4.11600.19.100 NOTWEDNIG
Nero Burning ROM 10 Nero AG 06.01.2011 162,3MB 10.0.11100.10.100 NOTWEDNIG
Nero BurnRights 10 Nero AG 06.01.2011 6,42MB 4.0.11000.12.100 NOTWEDNIG
Nero CoverDesigner 10 Nero AG 06.01.2011 77,1MB 5.0.10900.11.100 NOTWEDNIG
Nero DiscCopy Gadget 10 Nero AG 06.01.2011 35,4MB 3.0.10700.9.100 ALLE NERO WÜRDE ICH SAGEN NOTWENDIG
Nero DiscSpeed 10 Nero AG 06.01.2011 7,47MB 6.0.10800.7.100
Nero Express 10 Nero AG 06.01.2011 159,5MB 10.0.11000.10.100
Nero InfoTool 10 Nero AG 06.01.2011 8,07MB 7.0.10800.8.100
Nero MediaHub 10 Nero AG 06.01.2011 158,0MB 1.0.13400.11.100
Nero Multimedia Suite 10 Nero AG 06.01.2011 1.369MB 10.0.13100
Nero Recode 10 Nero AG 06.01.2011 80,0MB 4.6.10900.4.100
Nero RescueAgent 10 Nero AG 06.01.2011 6,83MB 3.0.10900.9.100
Nero SoundTrax 10 Nero AG 06.01.2011 95,6MB 4.6.10600.2.100
Nero StartSmart 10 Nero AG 06.01.2011 110,2MB 10.0.11200.12.100
Nero Update Nero AG 06.01.2011 1,41MB 1.0.0017
Nero Vision 10 Nero AG 06.01.2011 214MB 7.0.11100.8.100
Nero WaveEditor 10 Nero AG 06.01.2011 76,6MB 5.6.10600.2.100
NVIDIA Drivers NVIDIA Corporation 13.12.2010 1.8 UNBEKANNT
Opera 11.01 Opera Software ASA 26.01.2011 11.01.1190 NOTWEDNIG
QuickTime Apple Inc. 06.01.2011 73,7MB 7.69.80.9 NOTWEDNIG
Skype™ 5.1 Skype Technologies S.A. 01.04.2011 24,5MB 5.1.112 NOTWEDNIG
SopCast 3.3.2 www.sopcast.com 25.12.2010 3.3.2 NOTWEDNIG
SqrSoft® Advanced Crossfading (remove only) 30.12.2010 UNBEKANNT
Synaptics Pointing Device Driver Synaptics Incorporated 13.12.2010 14.0.1.1 UNBEKANNT
TuneUp Utilities TuneUp Software 14.12.2010 9.0.4400.15 NOTWEDNIG
Unity Web Player Unity Technologies ApS 14.02.2011 12,0MB
Veetle TV 0.9.18 Veetle, Inc 03.02.2011 0.9.18 NOTWEDNIG
Virtual DJ - Atomix Productions 19.12.2010 NOTWEDNIG
VLC media player 1.1.7 VideoLAN 16.03.2011 1.1.7 NOTWEDNIG
Windows Live Anmelde-Assistent Microsoft Corporation 13.12.2010 1,94MB 5.000.818.5 UNBEKANNT
Windows Live Essentials Microsoft Corporation 13.12.2010 14.0.8117.0416 UNBEKANNT
Windows Live OneCare safety scanner Microsoft Corporation 03.02.2011 UNBEKANNT
Windows Live-Uploadtool Microsoft Corporation 13.12.2010 0,22MB 14.0.8014.1029 UNBEKANNT
Windows Mobile-Gerätecenter Microsoft Corporation 13.01.2011 27,5MB 6.1.6965.0 UNBEKANNT
WinFlash ASUS 13.12.2010 1,29MB 2.29.0 UNBEKANNT
WinRAR 14.12.2010 NOTWEDNIG
Wireless Console 2 ATK 13.12.2010 2.0.10 UNBEKANNT

Alt 15.04.2011, 18:13   #12
markusg
/// Malware-holic
 
trojaner eingefangen , malware auswertung :) - Standard

trojaner eingefangen , malware auswertung :)



öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus.
so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden.
unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken.
unter update, auf instalieren stellen.
klicke übernehmen /ok
deinstaliere.
ASUS alle außer die benötigten
AuthenTec Fingerprint Sensor
Bonjour
Fallout
IKEA
Mozilla öffne den firefox hilfe, update, version 4 ist draußen
deinstalire
Need for Speed
SqrSoft®
TuneUp soclhe programme können dir das system zerschießen, außerdem tunen sie nichts, das sind alles leere versprechnungen, am ende wird das system sogar noch langsamer, weg mit dem schrott
Windows Live alle 3
bereinige mit dem ccleaner
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.04.2011, 02:22   #13
chaaali
 
trojaner eingefangen , malware auswertung :) - Standard

trojaner eingefangen , malware auswertung :)



heyy danke hab das mal ales gemacht

lg

Alt 16.04.2011, 10:01   #14
markusg
/// Malware-holic
 
trojaner eingefangen , malware auswertung :) - Standard

trojaner eingefangen , malware auswertung :)



bitte besuche jetzt mal die avast homepage und hohl dir version 6
mache dann einen boot time scan.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.04.2011, 13:29   #15
chaaali
 
trojaner eingefangen , malware auswertung :) - Standard

trojaner eingefangen , malware auswertung :)



heyy

sorry komm nicht klar wo ich das machen kann,

ich habe avast antivirus free version... habs jetzt auf die version 6.0.0.1 geupdate aber kein plan wo ich da ein boot scan time machen kann

Antwort

Themen zu trojaner eingefangen , malware auswertung :)
adobe, antivirus, asus, avast, avast!, bho, bonjour, browser, computer, explorer, hijack, hijackthis, hotkey, hotspot, hotspot shield, logfile, malware, microsoft, nvidia, object, opera, plug-in, programme, rundll, security, senden, software, system, trojaner, trojaner eingefangen



Ähnliche Themen: trojaner eingefangen , malware auswertung :)


  1. Windows 7: Trojaner eingefangen, werde ihn nicht los (Crossbrowser, Mystartsearch, Malware-gen, Adware-gen usw.)
    Log-Analyse und Auswertung - 18.09.2015 (14)
  2. Habe mir Malware oder Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 05.12.2014 (10)
  3. BKA-Trojaner eingefangen - OTL und Malware Logfiles
    Log-Analyse und Auswertung - 01.11.2012 (10)
  4. Trojaner tr/injector.61440.22 und Malware eingefangen
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (6)
  5. Trojaner eingefangen - Sirefef-A/Sirefef-AHF/BitCoinMiner-U/Malware-gen
    Log-Analyse und Auswertung - 31.08.2012 (27)
  6. Malware EXP/JAVA.Ternub.Gen (GVU-Trojaner) auf Windows 7-PC eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (19)
  7. Logfile Auswertung nach Malware Protection
    Log-Analyse und Auswertung - 28.06.2011 (9)
  8. anti-malware log zur auswertung
    Log-Analyse und Auswertung - 30.10.2010 (27)
  9. Log-Auswertung (Malwarebytes' Anti-Malware)
    Log-Analyse und Auswertung - 11.02.2010 (1)
  10. Bitte um Hilfe, Trojaner eingefangen: Reports von Anti-Malware & Rsit
    Log-Analyse und Auswertung - 07.02.2010 (13)
  11. habe was eingefangen, trojaner od. malware / antiviruspremiumscanner
    Log-Analyse und Auswertung - 04.12.2008 (0)
  12. Trojaner Malware eingefangen!Menno...
    Log-Analyse und Auswertung - 05.11.2008 (2)
  13. Trojaner eingefangen, bitte um Auswertung des Logfiles
    Log-Analyse und Auswertung - 22.07.2008 (9)
  14. UPS Mail Trojaner eingefangen bitte um Auswertung des Logfiles...
    Log-Analyse und Auswertung - 22.07.2008 (1)
  15. HiJackThis Log - Bitte Auswertung meines Log-File! Viren/Trojaner eingefangen
    Mülltonne - 21.03.2008 (0)
  16. HiJackThis Log - Bitte Auswertung meines Log-File! Viren/Trojaner eingefangen
    Mülltonne - 21.03.2008 (0)
  17. laut auswertung HAZZAR eingefangen wie werde ich den wieder los?
    Plagegeister aller Art und deren Bekämpfung - 25.09.2006 (4)

Zum Thema trojaner eingefangen , malware auswertung :) - Heyy ich glaub hab mir wieder ein trojaner eingefangen, ist dass sicher ein trojaner oder was :S könnt ihr mir tipps zum bereinigen geben :S lg hier die malware auswertung - trojaner eingefangen , malware auswertung :)...
Archiv
Du betrachtest: trojaner eingefangen , malware auswertung :) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.