![]() |
|
Log-Analyse und Auswertung: BKA Trojaner 3.04 Systemwiederherstellung aktiviert noch Reste vom Trojaner vorhanden ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() BKA Trojaner 3.04 Systemwiederherstellung aktiviert noch Reste vom Trojaner vorhanden ? Hallo zusammen, mich hat es auch mit dem BKA Trojaner erwischt. Angefangen hat es das am 29.3 C:\Users\Mike\AppData\Local\Temp\cgs8h0.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Ransom.EJ.3' [trojan] Das waren mehrere Dateien wurden allen gelöscht der Desktop war nicht gesperrt ein Suchlauf mit AntiVir hat nichts mehr gefunden keine weiteren Probleme. Gestern dann war mein Desktop gesperrt BKA Trojaner 3.04. Im abgesicherten Modus wurde mit AntiVir mehrere Viren gefunden und gelöscht nach einem Neustart bin ich selbst in den abgesicherten Modus nicht mehr gekommen. Hab dann einen Systemwiederherstellungspunkt aktiviert und das System zurück gesetzt konnte dann wieder auf den Desktop zugreifen. Der Punkt liegt allerdings nach dem 29.3. AnitVir Guard hat dann wieder Alarm gegeben Die Datei 'C:\Users\Mike\AppData\Local\Temp\cgs8h1.exe' enthielt einen Virus oder unerwünschtes Programm 'BDS/Simda.A.323' [backdoor]. Datei wurde wieder gelöscht. Was ich bereits gemacht habe. -Ccleaner drüber laufen lassen temporärer Dateien entfernt diese cgs8h1.exe sind keine mehr vorhanden. -Java Deinstalliert -Suchlauf mit Antivir Code:
ATTFilter Avira AntiVir Personal Erstellungsdatum der Reportdatei: Samstag, 7. April 2012 14:09 Es wird nach 3597466 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : Mike Computername : MIKE-PC Versionsinformationen: BUILD.DAT : 10.2.0.707 36070 Bytes 25.01.2012 12:53:00 AVSCAN.EXE : 10.3.0.7 484008 Bytes 21.07.2011 10:08:11 AVSCAN.DLL : 10.0.5.0 57192 Bytes 21.07.2011 10:10:57 LUKE.DLL : 10.3.0.5 45416 Bytes 21.07.2011 10:09:32 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 12:22:40 AVSCPLR.DLL : 10.3.0.7 119656 Bytes 21.07.2011 10:08:11 AVREG.DLL : 10.3.0.9 90472 Bytes 21.07.2011 10:08:05 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 10:49:21 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 05:52:59 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:59:55 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:28:34 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 12:53:30 VBASE005.VDF : 7.11.26.45 2048 Bytes 28.03.2012 12:53:30 VBASE006.VDF : 7.11.26.46 2048 Bytes 28.03.2012 12:53:31 VBASE007.VDF : 7.11.26.47 2048 Bytes 28.03.2012 12:53:31 VBASE008.VDF : 7.11.26.48 2048 Bytes 28.03.2012 12:53:33 VBASE009.VDF : 7.11.26.49 2048 Bytes 28.03.2012 12:53:33 VBASE010.VDF : 7.11.26.50 2048 Bytes 28.03.2012 12:53:33 VBASE011.VDF : 7.11.26.51 2048 Bytes 28.03.2012 12:53:33 VBASE012.VDF : 7.11.26.52 2048 Bytes 28.03.2012 12:53:33 VBASE013.VDF : 7.11.26.53 2048 Bytes 28.03.2012 12:53:34 VBASE014.VDF : 7.11.26.107 221696 Bytes 30.03.2012 09:41:37 VBASE015.VDF : 7.11.26.179 224768 Bytes 02.04.2012 12:23:35 VBASE016.VDF : 7.11.26.241 142336 Bytes 04.04.2012 12:34:02 VBASE017.VDF : 7.11.26.242 2048 Bytes 04.04.2012 12:34:02 VBASE018.VDF : 7.11.26.243 2048 Bytes 04.04.2012 12:34:02 VBASE019.VDF : 7.11.26.244 2048 Bytes 04.04.2012 12:34:03 VBASE020.VDF : 7.11.26.245 2048 Bytes 04.04.2012 12:34:03 VBASE021.VDF : 7.11.26.246 2048 Bytes 04.04.2012 12:34:03 VBASE022.VDF : 7.11.26.247 2048 Bytes 04.04.2012 12:34:03 VBASE023.VDF : 7.11.26.248 2048 Bytes 04.04.2012 12:34:03 VBASE024.VDF : 7.11.26.249 2048 Bytes 04.04.2012 12:34:03 VBASE025.VDF : 7.11.26.250 2048 Bytes 04.04.2012 12:34:03 VBASE026.VDF : 7.11.26.251 2048 Bytes 04.04.2012 12:34:03 VBASE027.VDF : 7.11.26.252 2048 Bytes 04.04.2012 12:34:03 VBASE028.VDF : 7.11.26.253 2048 Bytes 04.04.2012 12:34:04 VBASE029.VDF : 7.11.26.254 2048 Bytes 04.04.2012 12:34:04 VBASE030.VDF : 7.11.26.255 2048 Bytes 04.04.2012 12:34:04 VBASE031.VDF : 7.11.27.38 201216 Bytes 06.04.2012 23:02:16 Engineversion : 8.2.10.38 AEVDF.DLL : 8.1.2.2 106868 Bytes 26.10.2011 01:07:16 AESCRIPT.DLL : 8.1.4.16 446842 Bytes 05.04.2012 12:34:39 AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 13:51:45 AESBX.DLL : 8.2.5.5 606579 Bytes 14.03.2012 13:26:15 AERDL.DLL : 8.1.9.15 639348 Bytes 11.09.2011 12:55:55 AEPACK.DLL : 8.2.16.9 807287 Bytes 01.04.2012 09:41:43 AEOFFICE.DLL : 8.1.2.27 201082 Bytes 05.04.2012 12:34:36 AEHEUR.DLL : 8.1.4.12 4604278 Bytes 05.04.2012 12:34:35 AEHELP.DLL : 8.1.19.1 254327 Bytes 03.04.2012 12:23:36 AEGEN.DLL : 8.1.5.23 409973 Bytes 08.03.2012 13:45:03 AEEXP.DLL : 8.1.0.28 82292 Bytes 05.04.2012 12:34:41 AEEMU.DLL : 8.1.3.0 393589 Bytes 21.04.2011 05:52:17 AECORE.DLL : 8.1.25.6 201078 Bytes 15.03.2012 14:34:57 AEBB.DLL : 8.1.1.0 53618 Bytes 21.04.2011 05:52:16 AVWINLL.DLL : 10.0.0.0 19304 Bytes 21.04.2011 05:52:39 AVPREF.DLL : 10.0.3.2 44904 Bytes 21.07.2011 10:08:05 AVREP.DLL : 10.0.0.10 174120 Bytes 21.07.2011 10:08:06 AVARKT.DLL : 10.0.26.1 255336 Bytes 21.07.2011 10:07:41 AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 21.07.2011 10:07:59 SQLITE3.DLL : 3.6.19.0 355688 Bytes 21.07.2011 13:12:30 AVSMTP.DLL : 10.0.0.17 63848 Bytes 21.04.2011 05:52:38 NETNT.DLL : 10.0.0.0 11624 Bytes 21.04.2011 05:52:50 RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 21.07.2011 10:11:03 RCTEXT.DLL : 10.0.64.0 98664 Bytes 21.07.2011 10:11:03 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: F:\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: quarantäne Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, E:, F:, G:, H:, I:, J:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Optimierter Suchlauf..................: ein Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Auszulassende Dateien.................: G:\Program Files (x86)\OriginGames, Abweichende Gefahrenkategorien........: +PCK,+PFS,+SPR, Beginn des Suchlaufs: Samstag, 7. April 2012 14:09 Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '109' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '111' Modul(e) wurden durchsucht Durchsuche Prozess 'daemonu.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'AlertHelper.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'AI Suite II.exe' - '93' Modul(e) wurden durchsucht Durchsuche Prozess 'EPUHelp.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'EC Simulator.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'pnSvc.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'V0700Mon.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorIcon.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'AiChargerPlus.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'AsShellProcess.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'AsRoutineController.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'VRMHelp.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'postgres.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'postgres.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'postgres.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'postgres.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'postgres.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'pg_ctl.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'mounter.exe' - '10' Modul(e) wurden durchsucht Durchsuche Prozess 'AsSysCtrlService.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'aaHMSvc.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'atkexComSvc.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'nvSCPAPISvr.exe' - '30' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'E:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'F:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'G:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'H:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'I:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'J:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '153' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' Beginne mit der Suche in 'E:\' <System 2> Beginne mit der Suche in 'F:\' <SSD> Beginne mit der Suche in 'G:\' <Programme> Das Verzeichnis 'G:\Program Files (x86)\OriginGames\' wurde von der Suche ausgenommen! Beginne mit der Suche in 'H:\' <Spiele> Beginne mit der Suche in 'I:\' <Musik/Filme> Beginne mit der Suche in 'J:\' <Sonstige Daten> Ende des Suchlaufs: Samstag, 7. April 2012 14:35 Benötigte Zeit: 26:03 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 21311 Verzeichnisse wurden überprüft 745444 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 745444 Dateien ohne Befall 19257 Archive wurden durchsucht 0 Warnungen 0 Hinweise 427188 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.04.07.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Mike :: MIKE-PC [Administrator] 07.04.2012 13:47:48 mbam-log-2012-04-07 (13-47-48).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 366452 Laufzeit: 9 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter I:\Videos\ICQ_Contact_Revealer_1.0_Setup.exe Win32/Adware.ADON Anwendung I:\Videos\SoftonicDownloader_fuer_pdfgrabber.exe Variante von Win32/SoftonicDownloader.A Anwendung OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.04.2012 14:39:31 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Mike\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,98 Gb Total Physical Memory | 13,54 Gb Available Physical Memory | 84,75% Memory free 15,99 Gb Paging File | 13,41 Gb Available in Paging File | 83,89% Paging File free Paging file location(s): f:\pagefile.sys 16 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 30,20 Gb Total Space | 1,11 Gb Free Space | 3,66% Space Free | Partition Type: NTFS Drive D: | 3,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 19,53 Gb Total Space | 19,44 Gb Free Space | 99,55% Space Free | Partition Type: NTFS Drive F: | 50,88 Gb Total Space | 34,52 Gb Free Space | 67,84% Space Free | Partition Type: NTFS Drive G: | 146,48 Gb Total Space | 128,68 Gb Free Space | 87,85% Space Free | Partition Type: NTFS Drive H: | 292,97 Gb Total Space | 270,23 Gb Free Space | 92,24% Space Free | Partition Type: NTFS Drive I: | 97,66 Gb Total Space | 77,52 Gb Free Space | 79,38% Space Free | Partition Type: NTFS Drive J: | 394,40 Gb Total Space | 195,90 Gb Free Space | 49,67% Space Free | Partition Type: NTFS Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.07 14:14:07 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe PRC - [2012.03.18 12:51:14 | 000,924,600 | ---- | M] (Mozilla Corporation) -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.01.20 15:29:23 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.08.22 08:48:12 | 000,028,672 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0700Mon.exe PRC - [2011.07.21 12:08:11 | 000,484,008 | ---- | M] (Avira GmbH) -- F:\Avira\AntiVir Desktop\avscan.exe PRC - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- F:\Avira\AntiVir Desktop\avguard.exe PRC - [2011.07.21 12:07:48 | 000,400,040 | ---- | M] (Avira GmbH) -- F:\Avira\AntiVir Desktop\avcenter.exe PRC - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.04.30 00:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- F:\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- F:\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.04.13 15:15:22 | 001,116,800 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe PRC - [2011.03.23 15:08:12 | 001,426,048 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe PRC - [2011.01.17 15:38:20 | 000,702,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe PRC - [2011.01.11 16:21:14 | 001,214,080 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe PRC - [2011.01.10 14:49:20 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe PRC - [2010.12.02 04:15:14 | 000,915,584 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe PRC - [2010.11.26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe PRC - [2010.11.25 09:12:56 | 002,529,920 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe PRC - [2010.11.25 09:12:56 | 000,252,544 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe PRC - [2010.11.08 15:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe PRC - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe PRC - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe PRC - [2010.09.24 21:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe PRC - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe PRC - [2009.09.08 09:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe ========== Modules (No Company Name) ========== MOD - [2012.03.18 12:51:14 | 001,969,080 | ---- | M] () -- F:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.02.16 17:45:43 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\052deceb97582fe7bd7eefd13e0c590c\IAStorUtil.ni.dll MOD - [2012.02.16 15:45:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012.02.16 01:32:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012.02.16 01:32:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012.02.16 01:32:34 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll MOD - [2012.02.16 01:32:31 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012.02.16 01:32:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012.02.16 01:32:29 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2011.10.28 17:30:57 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33cecc66284ef59208b639ec72b0f565\IAStorCommon.ni.dll MOD - [2011.10.28 17:30:42 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.10.15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011.07.21 15:12:30 | 000,355,688 | ---- | M] () -- F:\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.04.07 17:33:18 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll MOD - [2011.03.23 15:05:04 | 000,964,608 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll MOD - [2011.02.24 10:19:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll MOD - [2011.02.09 09:02:28 | 000,873,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll MOD - [2011.01.19 21:23:40 | 001,655,296 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Bluetooth Go!\BluetoothGo.dll MOD - [2011.01.13 16:47:34 | 000,881,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll MOD - [2011.01.07 16:39:36 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll MOD - [2010.11.25 15:12:54 | 000,661,504 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\aaHMLib.dll MOD - [2010.11.25 15:12:54 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pngio.dll MOD - [2010.11.25 15:12:54 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\ImageHelper.dll MOD - [2010.11.25 15:12:54 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\AsNetlib.dll MOD - [2010.11.25 09:12:56 | 000,703,488 | R--- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\CpuFreq.dll MOD - [2010.11.25 09:12:56 | 000,661,504 | R--- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\aaHMLib.dll MOD - [2010.11.25 09:12:56 | 000,114,688 | R--- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AssistFunc.dll MOD - [2010.11.25 09:12:56 | 000,061,440 | R--- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsMultiLang.dll MOD - [2010.11.21 08:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.10.15 17:40:30 | 001,031,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll MOD - [2010.08.23 04:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll MOD - [2010.08.06 18:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll MOD - [2010.08.06 18:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll MOD - [2010.06.21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll MOD - [2010.06.21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll MOD - [2009.08.12 20:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.08.12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) SRV - [2012.04.07 13:20:27 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.20 15:29:23 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.10.12 16:11:48 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- G:\Program Files (x86)\Sanboxie\SbieSvc.exe -- (SbieSvc) SRV - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.13 10:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011.01.10 14:49:20 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter) SRV - [2010.12.02 04:15:14 | 000,915,584 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc) SRV - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc) SRV - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.09.06 18:00:02 | 000,393,920 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0700Vid.sys -- (V0700Vid) DRV:64bit: - [2011.07.21 12:11:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.21 12:11:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.06.19 16:35:09 | 000,196,704 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus) DRV:64bit: - [2011.04.26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.30 13:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2011.03.13 10:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.03.13 10:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.03.13 10:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.03.13 10:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.03.13 10:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.03.13 10:58:42 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2011.03.13 10:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.03.13 10:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.10 14:51:40 | 000,120,408 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\dokan.sys -- (Dokan) DRV:64bit: - [2010.12.08 18:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2010.12.08 18:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.08 14:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus) DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.09.21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R) DRV:64bit: - [2010.08.10 11:29:15 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011.10.12 16:11:44 | 000,157,824 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- G:\Program Files (x86)\Sanboxie\SbieDrv.sys -- (SbieDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 3C F5 F7 B2 14 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.3: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 12:51:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 12:51:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.27 21:58:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Extensions [2012.04.07 14:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\opdtbcxv.default\extensions () (No name found) -- C:\USERS\MIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OPDTBCXV.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI () (No name found) -- C:\USERS\MIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OPDTBCXV.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\MIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OPDTBCXV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - J:\java\bin\jp2ssv.dll File not found O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - J:\java\bin\jp2ssv.dll File not found O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [C:\Windows\system32\V0700Ext.ax] C:\Windows\SysNative\V0700Ext.ax (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [avgnt] F:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [C:\Windows\SysWOW64\V0700Ext.ax] C:\Windows\SysWOW64\V0700Ext.ax (Creative Technology Ltd.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [V0700Mon.exe] C:\Windows\V0700Mon.exe (Creative Technology Ltd.) O4 - HKCU..\Run: [SandboxieControl] G:\Program Files (x86)\Sanboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - G:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - G:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CF8D2BF-5048-4E52-B7DD-E803BD7C28FA}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC5D2243-154F-471D-9E00-4BFD610EBE5F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.11.21 10:06:07 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2012.01.23 21:29:58 | 000,000,000 | ---D | M] - J:\Auto -- [ NTFS ] O32 - AutoRun File - [2012.01.07 18:51:55 | 000,000,000 | ---D | M] - J:\Auto (ACER-61A6DBAC4E) -- [ NTFS ] O33 - MountPoints2\{02a84a2b-1367-11e1-b1e1-14dae90ea702}\Shell - "" = AutoRun O33 - MountPoints2\{02a84a2b-1367-11e1-b1e1-14dae90ea702}\Shell\AutoRun\command - "" = Y:\INSTALL.EXE O33 - MountPoints2\{06c67fcc-0157-11e1-b641-14dae90ea702}\Shell - "" = AutoRun O33 - MountPoints2\{06c67fcc-0157-11e1-b641-14dae90ea702}\Shell\AutoRun\command - "" = X:\autorun.exe O33 - MountPoints2\{06c67fd4-0157-11e1-b641-14dae90ea702}\Shell - "" = AutoRun O33 - MountPoints2\{06c67fd4-0157-11e1-b641-14dae90ea702}\Shell\AutoRun\command - "" = Y:\autorun.exe O33 - MountPoints2\{7a35409f-bf4d-11e0-a15d-14dae90ea702}\Shell - "" = AutoRun O33 - MountPoints2\{7a35409f-bf4d-11e0-a15d-14dae90ea702}\Shell\AutoRun\command - "" = X:\Autorun.exe O33 - MountPoints2\{7b45aa42-be7c-11e0-88e1-14dae90ea702}\Shell - "" = AutoRun O33 - MountPoints2\{7b45aa42-be7c-11e0-88e1-14dae90ea702}\Shell\AutoRun\command - "" = V:\Autorun.exe O33 - MountPoints2\{7b45aa58-be7c-11e0-88e1-14dae90ea702}\Shell - "" = AutoRun O33 - MountPoints2\{7b45aa58-be7c-11e0-88e1-14dae90ea702}\Shell\AutoRun\command - "" = X:\Autorun.exe O33 - MountPoints2\{ac815101-d0d8-11e0-9f9f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ac815101-d0d8-11e0-9f9f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\CheckID.exe O33 - MountPoints2\{f4939195-12ac-11e1-9ac3-14dae90ea702}\Shell - "" = AutoRun O33 - MountPoints2\{f4939195-12ac-11e1-9ac3-14dae90ea702}\Shell\AutoRun\command - "" = Y:\INSTALL.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.04.07 14:14:04 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe [2012.04.07 13:46:14 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes [2012.04.07 13:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.07 13:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.07 13:46:11 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.04.07 13:15:45 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2012.03.31 12:12:06 | 008,738,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012.03.31 11:41:09 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.03.14 22:27:33 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.03.14 22:27:32 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.03.14 22:27:32 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.03.14 15:28:35 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.03.14 15:27:15 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.03.14 15:27:15 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012.03.14 15:27:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.03.14 15:27:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.03.14 15:27:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.03.10 04:00:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2012.03.10 04:00:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat ========== Files - Modified Within 30 Days ========== [2012.04.07 14:14:07 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe [2012.04.07 14:12:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.07 13:46:12 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.07 13:22:02 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.07 13:22:02 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.07 13:20:27 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.04.07 13:20:27 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.04.07 13:18:57 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.04.07 13:18:57 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.04.07 13:18:57 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.04.07 13:18:57 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.04.07 13:18:57 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.04.07 13:13:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.07 13:13:46 | 4276,572,158 | -HS- | M] () -- C:\hiberfil.sys [2012.03.31 12:12:06 | 008,738,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012.03.25 17:07:52 | 000,019,229 | ---- | M] () -- C:\Users\Mike\Desktop\Dokument.rtf [2012.03.15 16:32:26 | 000,290,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.04.07 13:46:12 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.07 04:22:18 | 4276,572,158 | -HS- | C] () -- C:\hiberfil.sys [2012.03.31 11:41:10 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.02.24 18:16:31 | 000,072,337 | ---- | C] () -- C:\Program Files (x86)\EULA.deu [2012.02.23 21:37:13 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2012.02.11 00:38:14 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2012.01.20 15:14:38 | 000,001,224 | ---- | C] () -- C:\Windows\wininit.ini [2011.10.30 23:29:56 | 000,010,280 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.10.28 01:27:53 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.09.23 18:22:35 | 000,000,600 | ---- | C] () -- C:\Users\Mike\AppData\Local\PUTTY.RND [2011.08.28 13:27:06 | 000,281,880 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.08.28 13:27:05 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.08.28 13:27:05 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.08.28 12:38:51 | 000,000,745 | ---- | C] () -- C:\Windows\CoD.INI [2011.08.27 22:37:54 | 000,007,598 | ---- | C] () -- C:\Users\Mike\AppData\Local\Resmon.ResmonCfg [2011.08.27 22:22:56 | 005,225,680 | ---- | C] () -- C:\Windows\PE_Rom.dll [2011.08.27 20:57:11 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.08.27 20:57:04 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011.08.27 20:45:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.08.27 20:44:54 | 000,027,406 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.01.10 14:49:16 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\dokan.dll [2010.08.03 07:21:24 | 000,014,464 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys ========== LOP Check ========== [2012.02.29 02:20:50 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\DesktopIconForAmazon [2011.09.23 18:40:46 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\FileZilla [2012.02.23 21:22:01 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\HEM Data [2012.04.01 13:16:35 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ICQ [2011.09.08 16:09:14 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ICQa [2011.10.28 21:02:12 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\IDoser [2011.10.31 00:24:25 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Origin [2012.02.24 18:18:32 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\PacificPoker [2012.03.06 22:34:04 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\postgresql [2011.08.29 17:30:22 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TeamViewer [2011.08.27 23:34:58 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\wargaming.net [2012.03.08 15:41:15 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extra OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.04.2012 14:39:31 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Mike\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,98 Gb Total Physical Memory | 13,54 Gb Available Physical Memory | 84,75% Memory free 15,99 Gb Paging File | 13,41 Gb Available in Paging File | 83,89% Paging File free Paging file location(s): f:\pagefile.sys 16 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 30,20 Gb Total Space | 1,11 Gb Free Space | 3,66% Space Free | Partition Type: NTFS Drive D: | 3,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 19,53 Gb Total Space | 19,44 Gb Free Space | 99,55% Space Free | Partition Type: NTFS Drive F: | 50,88 Gb Total Space | 34,52 Gb Free Space | 67,84% Space Free | Partition Type: NTFS Drive G: | 146,48 Gb Total Space | 128,68 Gb Free Space | 87,85% Space Free | Partition Type: NTFS Drive H: | 292,97 Gb Total Space | 270,23 Gb Free Space | 92,24% Space Free | Partition Type: NTFS Drive I: | 97,66 Gb Total Space | 77,52 Gb Free Space | 79,38% Space Free | Partition Type: NTFS Drive J: | 394,40 Gb Total Space | 195,90 Gb Free Space | 49,67% Space Free | Partition Type: NTFS Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Creative VF0700" = Creative Live! Cam Chat HD (VF0700) (1.00.06.00) "DesktopIconAmazon" = Desktop Icon für Amazon "HoldemManager" = Holdem Manager "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "PROSetDX" = Intel(R) Network Connections 15.6.25.0 "Sandboxie" = Sandboxie 3.60 (64-bit) "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B82D6C6-9ECC-4710-97AB-5CE482E72852}_is1" = TableScan Turbo RC4 build 10 "{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.6 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II "{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.1 "{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™ "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06 "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4 "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6 "{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch "{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "5513-1208-7298-9440" = JDownloader 0.9 "888poker" = 888poker "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Battlelog Web Plugins" = Battlelog Web Plugins "Call of Duty" = Call of Duty "DokanLibrary" = Dokan Library 0.6.0 "ESN Sonar-0.70.0" = ESN Sonar "ESN Sonar-0.70.3" = ESN Sonar "ESN Sonar-0.70.4" = ESN Sonar "I-Doser" = I-Doser Free "InstallShield_{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch "InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4 "InstallShield_{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch "InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 "Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "Origin" = Origin "PokerStars" = PokerStars "PostgreSQL 8.4" = PostgreSQL 8.4 "PunkBusterSvc" = PunkBuster Services "WinCDEmu" = WinCDEmu "Xfire" = Xfire (remove only) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Sind da jetzt noch Reste des BKA Trojaners vorhanden ? Ist es Sicher Passwörter über den PC zu verändern oder sollte ich vorsichtshalber einen anderen benutzen ? Ich bedanke mich im voraus für Hilfe. Mfg |
Themen zu BKA Trojaner 3.04 Systemwiederherstellung aktiviert noch Reste vom Trojaner vorhanden ? |
antivir, autorun, avg, backdoor, bho, call of duty, dateisystem, desktop, error, flash player, grand theft auto, helper.exe, heuristiks/extra, heuristiks/shuriken, home, installation, jdownloader, langs, launch, logfile, monitor.exe, mozilla, nt.dll, nvidia update, object, plug-in, programm, prozesse, realtek, registry, rundll, searchscopes, security, software, teamspeak, trojaner, usb 3.0, verweise, viren, virus, win32/softonicdownloader.a, windows, world at war |