| |
| |||||||
Log-Analyse und Auswertung: Trojaner "Bundespolizei"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
12.04.2011, 18:06
| #1 |
 |  Trojaner "Bundespolizei" Hallo leute, habe folgendes problem, wie auch schon ein user gestern hatte. Es erscheint ein logo der bundespolizei mit der aufforderung 100euro zu bezahlen. wie ich schon im forum gelesen habe, hatte schon ein anderer user dieses problem. habe alles wie dort beschrieben mit OTLPE gemacht und habe nun die text datei. was muss ich nun mit dieser machen? vielen dank für die hilfe. |
|
12.04.2011, 19:34
| #2 |
| /// Malware-holic   | Trojaner "Bundespolizei" na hier anhängen :-)
__________________erst auf nem usb stick kopieren, auf nen rechner mit inet, und dann anhängen.
__________________ |
|
12.04.2011, 19:55
| #3 |
| | Trojaner "Bundespolizei" hey danke schonmal für die antwort.. aber wie geht es dann weiter? kannst du dann daraus lesen was los ist und mir sagen wie ich das ding losbekomme?
__________________vielen dank gruß hauke |
|
12.04.2011, 20:00
| #4 |
| /// Malware-holic | Trojaner "Bundespolizei" diese logs zeigen mir einige infos über dein system, erstellte dateien, autostart einträge laufende services, driver toolbars, usw. usw. daraus kann ich ersehen, welche einträge für den trojaner start verantwortlich sind, welche dateien dazu gehören. und dann gehts ihnen an den kragen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.04.2011, 20:07
| #5 |
| | Trojaner "Bundespolizei" ok gut. hier ist das ding, hoffe dass das so ok ist.OTL Logfile: Code:
ATTFilter OTL logfile created on: 4/12/2011 7:25:54 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 61.34 Gb Free Space | 41.16% Space Free | Partition Type: NTFS
Drive D: | 139.28 Gb Total Space | 57.28 Gb Free Space | 41.12% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2010/09/06 13:56:38 | 000,247,096 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/02/26 12:19:54 | 003,623,424 | ---- | M] (Native Instruments GmbH) [Auto] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2009/08/05 06:13:32 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 10:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/30 12:52:13 | 000,045,056 | ---- | M] (TMRG, Inc.) [Auto] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)
SRV - [2009/01/13 05:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/03/18 00:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/03 15:24:54 | 000,125,496 | ---- | M] () [Auto] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007/02/07 04:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/06/21 21:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)
========== Driver Services (SafeList) ==========
DRV - File not found [Recognizer | On_Demand] -- -- (Rtlvdrcss)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2009/12/07 17:01:01 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/28 17:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2009/05/11 04:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/16 13:04:44 | 000,371,200 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rldjif2u.sys -- (RL_DJIFIE2_USB)
DRV - [2009/04/16 13:04:42 | 000,033,792 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rldjif2a.sys -- (RL_DJIFIE2_WDM)
DRV - [2009/04/16 12:08:30 | 000,025,088 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rldjif2m.sys -- (RL_DJIFIE2_MIDI)
DRV - [2009/03/30 04:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/13 05:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/10/16 13:51:28 | 007,404,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/05 08:20:20 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/08/28 11:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/06/03 17:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/05/29 13:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV - [2008/05/19 20:15:42 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/05/13 02:35:23 | 001,772,544 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/03/21 00:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/15 20:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/02/14 17:56:01 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/12/18 20:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007/11/13 09:24:46 | 000,132,096 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mausbft.sys -- (MAUSBFT) Service for M-Audio Fast Track USB (WDM)
DRV - [2007/08/03 00:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/30 14:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 13:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/24 14:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/06/17 00:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/01/25 20:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007/01/25 20:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/14 18:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer Inc.
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\salva_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer Inc.
IE - HKU\salva_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKU\salva_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\salva_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\salva_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\salva_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\salva_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2009/09/20 10:05:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 17:18:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 17:18:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/06 18:41:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/08/20 10:06:52 | 000,000,000 | ---D | M]
[2011/01/24 20:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/07 10:26:35 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/03/07 10:26:35 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/03/07 10:26:35 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/03/07 10:26:35 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/03/07 10:26:35 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe (Corel Corporation)
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\ASUS\AI TouchMedia\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\salva_ON_C..\Run: [EA Core] File not found
O4 - HKU\salva_ON_C..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - Startup: Error locating startup folders.
O9 - Extra Button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)
O9 - Extra 'Tools' menuitem : ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\salva_ON_C Winlogon: Shell - (C:\Users\salva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7L03ZXXE\calc[1].exe) - C:\Users\salva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7L03ZXXE\calc[1].exe (Gvqid Chqvjb)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2008/06/03 17:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2007/07/04 05:28:51 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
========== Files - Modified Within 30 Days ==========
[2011/04/12 12:00:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/12 12:00:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/04/12 12:00:14 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011/04/12 11:59:59 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/12 11:59:56 | 000,319,387 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/12 11:59:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/12 11:59:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/12 11:59:40 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/12 11:05:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/12 11:02:08 | 000,319,387 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/12 03:53:38 | 000,007,592 | ---- | M] () -- C:\Users\salva\AppData\Local\d3d9caps.dat
[2011/04/11 17:51:30 | 000,637,090 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/11 17:51:30 | 000,603,042 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/11 17:51:30 | 000,130,000 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/11 17:51:30 | 000,106,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/11 17:51:13 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2B2ED1B1-96FA-4109-BA81-866D0CACB5E9}.job
[2011/03/16 16:35:44 | 000,023,673 | ---- | M] () -- C:\Users\salva\Desktop\1011392_7f3659b3fb3174920b3ed9c1b5427e8a.pdf
[2011/03/15 03:21:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/03/14 05:57:35 | 000,180,580 | ---- | M] () -- C:\Users\salva\Desktop\inspireart.pdf
[2011/03/14 05:57:27 | 000,091,314 | ---- | M] () -- C:\Users\salva\Desktop\Gesellschaftsrecht.pdf
========== Files Created - No Company Name ==========
[2011/03/16 16:35:44 | 000,023,673 | ---- | C] () -- C:\Users\salva\Desktop\1011392_7f3659b3fb3174920b3ed9c1b5427e8a.pdf
[2011/03/14 05:57:35 | 000,180,580 | ---- | C] () -- C:\Users\salva\Desktop\inspireart.pdf
[2011/03/14 05:57:27 | 000,091,314 | ---- | C] () -- C:\Users\salva\Desktop\Gesellschaftsrecht.pdf
[2011/03/02 05:58:28 | 000,007,592 | ---- | C] () -- C:\Users\salva\AppData\Local\d3d9caps.dat
[2009/12/25 08:00:16 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009/11/27 11:26:21 | 000,000,552 | ---- | C] () -- C:\Users\salva\AppData\Local\d3d8caps.dat
[2009/10/21 12:19:49 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009/08/18 11:26:18 | 000,000,004 | ---- | C] () -- C:\ProgramData\sysid100.dat
[2009/06/19 12:55:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/19 12:55:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/04 15:12:06 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009/01/25 14:38:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/01/18 08:23:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/01/13 05:29:00 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009/01/05 17:37:11 | 000,000,127 | ---- | C] () -- C:\Users\salva\AppData\default.pls
[2009/01/04 22:03:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/01 15:03:19 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/12/30 08:12:29 | 000,029,184 | ---- | C] () -- C:\Users\salva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/30 07:55:16 | 000,319,387 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/12/30 07:54:22 | 000,319,387 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/30 04:15:32 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2008/09/18 03:51:20 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008/09/18 03:41:24 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2008/09/18 01:42:38 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/07/01 22:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008/05/22 12:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008/05/13 02:35:23 | 001,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/04/16 07:11:34 | 000,637,090 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/04/16 07:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/04/16 07:11:34 | 000,130,000 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/04/16 07:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/04/16 06:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007/05/09 03:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007/04/16 06:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,403,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,603,042 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,106,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/18 23:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006/03/08 21:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/04/03 10:29:59 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[2002/03/21 10:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998/05/06 15:09:59 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
========== LOP Check ==========
[2009/01/01 12:36:45 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\ACD Systems
[2010/02/22 09:38:55 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Antares
[2011/03/31 16:16:45 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\ICQ
[2011/01/08 16:00:25 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Leadertech
[2009/01/16 16:22:55 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Mp3tag
[2009/03/02 15:05:32 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\OpenOffice.org
[2009/02/28 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Opera
[2009/08/18 12:14:29 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\REAPER
[2008/12/31 00:32:40 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\SpeedProject
[2009/10/24 13:56:58 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Steganos
[2010/08/31 19:17:11 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Thunderbird
[2009/01/01 12:34:38 | 000,000,000 | ---D | M] -- C:\ProgramData\ACD Systems
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/12/31 07:23:38 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/11/21 16:13:58 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2011/01/08 16:06:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/01/24 20:22:42 | 000,000,000 | ---D | M] -- C:\ProgramData\FreePDF
[2010/11/09 18:04:21 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2009/02/08 10:12:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Last.fm
[2009/01/26 18:44:33 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2010/11/09 18:08:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Native Instruments
[2008/09/18 03:41:09 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G
[2010/11/21 15:39:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/04/10 13:01:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/11/09 18:08:13 | 000,000,000 | -H-D | M] -- C:\ProgramData\{20EFD19B-675C-417B-A498-B0161D72FF88}
[2010/08/20 10:08:36 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/09/18 01:57:04 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2009/06/25 07:24:12 | 000,000,000 | ---D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/11/09 17:39:12 | 000,000,000 | -H-D | M] -- C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718}
[2010/11/09 18:09:54 | 000,000,000 | -H-D | M] -- C:\ProgramData\{EABD1E45-B7E9-4848-8E7A-C9D68488B361}
[2011/04/12 12:00:39 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/11 17:51:13 | 000,000,396 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2B2ED1B1-96FA-4109-BA81-866D0CACB5E9}.job
========== Purity Check ==========
========== Custom Scans ==========
< OTL logfile created on: 4/12/2011 7:22:45 PM - Run >
Invalid Switch: 2011 7:22:45 PM - Run
< OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE >
< Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System >
< Internet Explorer (Version = 8.0.6001.19019) >
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
< 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free >
< 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free >
< Paging file location(s): ?:\pagefile.sys [binary data] >
< %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files >
< Drive C: | 149.04 Gb Total Space | 61.34 Gb Free Space | 41.16% Space Free | Partition Type: NTFS >
< Drive D: | 139.28 Gb Total Space | 57.28 Gb Free Space | 41.12% Space Free | Partition Type: NTFS >
< Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS >
< Computer Name: REATOGO | User Name: SYSTEM >
< Boot Mode: Normal | Scan Mode: All users >
< Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days >
< Using ControlSet: ControlSet001 >
< ========== Win32 Services (SafeList) ========== >
Invalid Switch: color]
< SRV - [2010/09/06 13:56:38 | 000,247,096 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) >
Invalid Switch: 06 13:56:38 | 000,247,096 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
< SRV - [2010/02/26 12:19:54 | 003,623,424 | ---- | M] (Native Instruments GmbH) [Auto] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) >
Invalid Switch: 26 12:19:54 | 003,623,424 | ---- | M] (Native Instruments GmbH) [Auto] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
< SRV - [2009/08/05 06:13:32 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) >
Invalid Switch: 05 06:13:32 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
< SRV - [2009/05/13 10:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) >
Invalid Switch: 13 10:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
< SRV - [2009/03/30 12:52:13 | 000,045,056 | ---- | M] (TMRG, Inc.) [Auto] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge) >
Invalid Switch: 30 12:52:13 | 000,045,056 | ---- | M] (TMRG, Inc.) [Auto] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)
< SRV - [2009/01/13 05:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) >
Invalid Switch: 13 05:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
< SRV - [2008/03/18 00:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) >
Invalid Switch: 18 00:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
< SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) >
Invalid Switch: 20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
< SRV - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) >
Invalid Switch: 03 00:53:00 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
< SRV - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) >
Invalid Switch: 08 03:08:40 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
< SRV - [2007/08/03 15:24:54 | 000,125,496 | ---- | M] () [Auto] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) >
Invalid Switch: 03 15:24:54 | 000,125,496 | ---- | M] () [Auto] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
< SRV - [2007/02/07 04:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker) >
Invalid Switch: 07 04:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
< SRV - [2006/06/21 21:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel) >
Invalid Switch: 21 21:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)
< ========== Driver Services (SafeList) ========== >
Invalid Switch: color]
< DRV - File not found [Recognizer | On_Demand] -- -- (Rtlvdrcss) >
< DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) >
< DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) >
< DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) >
< DRV - [2009/12/07 17:01:01 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) >
Invalid Switch: 07 17:01:01 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
< DRV - [2009/05/28 17:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) >
Invalid Switch: 28 17:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
< DRV - [2009/05/11 04:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) >
Invalid Switch: 11 04:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
< DRV - [2009/04/16 13:04:44 | 000,371,200 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rldjif2u.sys -- (RL_DJIFIE2_USB) >
Invalid Switch: 16 13:04:44 | 000,371,200 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rldjif2u.sys -- (RL_DJIFIE2_USB)
< DRV - [2009/04/16 13:04:42 | 000,033,792 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rldjif2a.sys -- (RL_DJIFIE2_WDM) >
Invalid Switch: 16 13:04:42 | 000,033,792 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rldjif2a.sys -- (RL_DJIFIE2_WDM)
< DRV - [2009/04/16 12:08:30 | 000,025,088 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rldjif2m.sys -- (RL_DJIFIE2_MIDI) >
Invalid Switch: 16 12:08:30 | 000,025,088 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rldjif2m.sys -- (RL_DJIFIE2_MIDI)
< DRV - [2009/03/30 04:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) >
Invalid Switch: 30 04:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
< DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) >
Invalid Switch: 13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
< DRV - [2009/01/13 05:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) >
Invalid Switch: 13 05:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
< DRV - [2008/10/16 13:51:28 | 007,404,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) >
Invalid Switch: 16 13:51:28 | 007,404,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
< DRV - [2008/09/05 08:20:20 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) >
Invalid Switch: 05 08:20:20 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
< DRV - [2008/08/28 11:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) >
Invalid Switch: 28 11:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
< DRV - [2008/06/03 17:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) >
Invalid Switch: 03 17:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
< DRV - [2008/05/29 13:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby) >
Invalid Switch: 29 13:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
< DRV - [2008/05/19 20:15:42 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) >
Invalid Switch: 19 20:15:42 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
< DRV - [2008/05/13 02:35:23 | 001,772,544 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) >
Invalid Switch: 13 02:35:23 | 001,772,544 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
< DRV - [2008/03/21 00:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) >
Invalid Switch: 21 00:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
< DRV - [2008/02/15 20:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) >
Invalid Switch: 15 20:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
< DRV - [2008/02/14 17:56:01 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) >
Invalid Switch: 14 17:56:01 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
< DRV - [2007/12/18 20:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) >
Invalid Switch: 18 20:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
< DRV - [2007/11/13 09:24:46 | 000,132,096 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mausbft.sys -- (MAUSBFT) Service for M-Audio Fast Track USB (WDM) >
Invalid Switch: 13 09:24:46 | 000,132,096 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mausbft.sys -- (MAUSBFT) Service for M-Audio Fast Track USB (WDM)
< DRV - [2007/08/03 00:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) >
Invalid Switch: 03 00:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
< DRV - [2007/07/30 14:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) >
Invalid Switch: 30 14:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
< DRV - [2007/07/30 13:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) >
Invalid Switch: 30 13:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
< DRV - [2007/07/24 14:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) >
Invalid Switch: 24 14:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
< DRV - [2007/06/17 00:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) >
Invalid Switch: 17 00:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
< DRV - [2007/01/25 20:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) >
Invalid Switch: 25 20:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
< DRV - [2007/01/25 20:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) >
Invalid Switch: 25 20:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
< DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) >
Invalid Switch: 18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
< DRV - [2006/12/14 18:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) >
Invalid Switch: 14 18:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
< DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) >
Invalid Switch: 02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
< ========== Standard Registry (SafeList) ========== >
Invalid Switch: color]
< ========== Internet Explorer ========== >
Invalid Switch: color]
< IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer Inc. >
Invalid Switch: ASUSTeK Computer Inc.
< IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
< IE - HKU\salva_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer Inc. >
Invalid Switch: ASUSTeK Computer Inc.
< IE - HKU\salva_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche >
Invalid Switch:
< IE - HKU\salva_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 >
< IE - HKU\salva_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found >
< IE - HKU\salva_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) >
< IE - HKU\salva_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
< IE - HKU\salva_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local >
< FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2009/09/20 10:05:26 | 000,000,000 | ---D | M] >
Invalid Switch: 20 10:05:26 | 000,000,000 | ---D | M]
< FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 17:18:17 | 000,000,000 | ---D | M] >
Invalid Switch: 23 17:18:17 | 000,000,000 | ---D | M]
< FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 17:18:17 | 000,000,000 | ---D | M] >
Invalid Switch: 23 17:18:17 | 000,000,000 | ---D | M]
< FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/06 18:41:08 | 000,000,000 | ---D | M] >
Invalid Switch: 06 18:41:08 | 000,000,000 | ---D | M]
< FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/08/20 10:06:52 | 000,000,000 | ---D | M] >
Invalid Switch: 20 10:06:52 | 000,000,000 | ---D | M]
< [2011/01/24 20:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions >
Invalid Switch: 24 20:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
< [2011/03/07 10:26:35 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml >
Invalid Switch: 07 10:26:35 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
< [2011/03/07 10:26:35 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml >
Invalid Switch: 07 10:26:35 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
< [2011/03/07 10:26:35 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml >
Invalid Switch: 07 10:26:35 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
< [2011/03/07 10:26:35 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml >
Invalid Switch: 07 10:26:35 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
< [2011/03/07 10:26:35 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml >
Invalid Switch: 07 10:26:35 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
< O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts >
Invalid Switch: 18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
< O1 - Hosts: 127.0.0.1 localhost >
< O1 - Hosts: ::1 localhost >
< O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) >
< O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.) >
< O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) >
< O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe () >
< O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) >
< O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe () >
< O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) >
< O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) >
< O4 - HKLM..\Run: [CLMLServer] C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe (CyberLink) >
< O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation) >
< O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe (Corel Corporation) >
< O4 - HKLM..\Run: [Device Detector] File not found >
< O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe () >
< O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) >
< O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) >
< O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) >
< O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) >
< O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) >
< O4 - HKLM..\Run: [PCMAgent] C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe (CyberLink Corp.) >
< O4 - HKLM..\Run: [PlayMovie] C:\Program Files\ASUS\AI TouchMedia\PlayMovie\PMVService.exe (CyberLink Corp.) >
< O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) >
< O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () >
< O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) >
< O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) >
< O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) >
< O4 - HKU\salva_ON_C..\Run: [EA Core] File not found >
< O4 - HKU\salva_ON_C..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) >
< O4 - Startup: Error locating startup folders. >
< O9 - Extra Button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.) >
< O9 - Extra 'Tools' menuitem : ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.) >
< O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) >
< O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) >
< O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) >
< O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) >
< O13 - gopher Prefix: missing >
< O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) >
Invalid Switch: jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
< O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) >
Invalid Switch: jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
< O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) >
Invalid Switch: jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
< O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) >
Invalid Switch: OberonGameHost.cab (Oberon Flash Game Host)
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 >
< O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) >
< O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation) >
< O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) >
< O20 - HKU\salva_ON_C Winlogon: Shell - (C:\Users\salva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7L03ZXXE\calc[1].exe) - C:\Users\salva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7L03ZXXE\calc[1].exe (Gvqid Chqvjb) >
< O32 - HKLM CDRom: AutoRun - 1 >
< O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] >
Invalid Switch: 18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
< O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] >
Invalid Switch: 24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
< O34 - HKLM BootExecute: (autocheck autochk *) - File not found >
< O35 - HKLM\..comfile [open] -- "%1" %* >
< O35 - HKLM\..exefile [open] -- "%1" %* >
< O37 - HKLM\...com [@ = comfile] -- "%1" %* >
< O37 - HKLM\...exe [@ = exefile] -- "%1" %* >
< ========== Files/Folders - Created Within 30 Days ========== >
Invalid Switch: color]
< [2011/03/23 03:25:18 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll >
Invalid Switch: 23 03:25:18 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
< [2011/03/23 03:25:18 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll >
Invalid Switch: 23 03:25:18 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
< [2008/06/03 17:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys >
Invalid Switch: 03 17:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
< [2007/07/04 05:28:51 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll >
Invalid Switch: 04 05:28:51 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
< ========== Files - Modified Within 30 Days ========== >
Invalid Switch: color]
< [2011/04/12 12:00:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat >
Invalid Switch: 12 12:00:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
< [2011/04/12 12:00:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat >
Invalid Switch: 12 12:00:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
< [2011/04/12 12:00:14 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe >
Invalid Switch: 12 12:00:14 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
< [2011/04/12 11:59:59 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job >
Invalid Switch: 12 11:59:59 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
< [2011/04/12 11:59:56 | 000,319,387 | ---- | M] () -- C:\ProgramData\nvModes.001 >
Invalid Switch: 12 11:59:56 | 000,319,387 | ---- | M] () -- C:\ProgramData\nvModes.001
< [2011/04/12 11:59:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 >
Invalid Switch: 12 11:59:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
< [2011/04/12 11:59:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 >
Invalid Switch: 12 11:59:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
< [2011/04/12 11:59:40 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys >
Invalid Switch: 12 11:59:40 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys
< [2011/04/12 11:05:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job >
Invalid Switch: 12 11:05:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
< [2011/04/12 11:02:08 | 000,319,387 | ---- | M] () -- C:\ProgramData\nvModes.dat >
Invalid Switch: 12 11:02:08 | 000,319,387 | ---- | M] () -- C:\ProgramData\nvModes.dat
< [2011/04/12 03:53:38 | 000,007,592 | ---- | M] () -- C:\Users\salva\AppData\Local\d3d9caps.dat >
Invalid Switch: 12 03:53:38 | 000,007,592 | ---- | M] () -- C:\Users\salva\AppData\Local\d3d9caps.dat
< [2011/04/11 17:51:30 | 000,637,090 | ---- | M] () -- C:\Windows\System32\perfh007.dat >
Invalid Switch: 11 17:51:30 | 000,637,090 | ---- | M] () -- C:\Windows\System32\perfh007.dat
< [2011/04/11 17:51:30 | 000,603,042 | ---- | M] () -- C:\Windows\System32\perfh009.dat >
Invalid Switch: 11 17:51:30 | 000,603,042 | ---- | M] () -- C:\Windows\System32\perfh009.dat
< [2011/04/11 17:51:30 | 000,130,000 | ---- | M] () -- C:\Windows\System32\perfc007.dat >
Invalid Switch: 11 17:51:30 | 000,130,000 | ---- | M] () -- C:\Windows\System32\perfc007.dat
< [2011/04/11 17:51:30 | 000,106,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat >
Invalid Switch: 11 17:51:30 | 000,106,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
< [2011/04/11 17:51:13 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2B2ED1B1-96FA-4109-BA81-866D0CACB5E9}.job >
Invalid Switch: 11 17:51:13 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2B2ED1B1-96FA-4109-BA81-866D0CACB5E9}.job
< [2011/03/16 16:35:44 | 000,023,673 | ---- | M] () -- C:\Users\salva\Desktop\1011392_7f3659b3fb3174920b3ed9c1b5427e8a.pdf >
Invalid Switch: 16 16:35:44 | 000,023,673 | ---- | M] () -- C:\Users\salva\Desktop\1011392_7f3659b3fb3174920b3ed9c1b5427e8a.pdf
< [2011/03/15 03:21:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight >
Invalid Switch: 15 03:21:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
< [2011/03/14 05:57:35 | 000,180,580 | ---- | M] () -- C:\Users\salva\Desktop\inspireart.pdf >
Invalid Switch: 14 05:57:35 | 000,180,580 | ---- | M] () -- C:\Users\salva\Desktop\inspireart.pdf
< [2011/03/14 05:57:27 | 000,091,314 | ---- | M] () -- C:\Users\salva\Desktop\Gesellschaftsrecht.pdf >
Invalid Switch: 14 05:57:27 | 000,091,314 | ---- | M] () -- C:\Users\salva\Desktop\Gesellschaftsrecht.pdf
< ========== Files Created - No Company Name ========== >
Invalid Switch: color]
< [2011/03/16 16:35:44 | 000,023,673 | ---- | C] () -- C:\Users\salva\Desktop\1011392_7f3659b3fb3174920b3ed9c1b5427e8a.pdf >
Invalid Switch: 16 16:35:44 | 000,023,673 | ---- | C] () -- C:\Users\salva\Desktop\1011392_7f3659b3fb3174920b3ed9c1b5427e8a.pdf
< [2011/03/14 05:57:35 | 000,180,580 | ---- | C] () -- C:\Users\salva\Desktop\inspireart.pdf >
Invalid Switch: 14 05:57:35 | 000,180,580 | ---- | C] () -- C:\Users\salva\Desktop\inspireart.pdf
< [2011/03/14 05:57:27 | 000,091,314 | ---- | C] () -- C:\Users\salva\Desktop\Gesellschaftsrecht.pdf >
Invalid Switch: 14 05:57:27 | 000,091,314 | ---- | C] () -- C:\Users\salva\Desktop\Gesellschaftsrecht.pdf
< [2011/03/02 05:58:28 | 000,007,592 | ---- | C] () -- C:\Users\salva\AppData\Local\d3d9caps.dat >
Invalid Switch: 02 05:58:28 | 000,007,592 | ---- | C] () -- C:\Users\salva\AppData\Local\d3d9caps.dat
< [2009/12/25 08:00:16 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini >
Invalid Switch: 25 08:00:16 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
< [2009/11/27 11:26:21 | 000,000,552 | ---- | C] () -- C:\Users\salva\AppData\Local\d3d8caps.dat >
Invalid Switch: 27 11:26:21 | 000,000,552 | ---- | C] () -- C:\Users\salva\AppData\Local\d3d8caps.dat
< [2009/10/21 12:19:49 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI >
Invalid Switch: 21 12:19:49 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
< [2009/08/18 11:26:18 | 000,000,004 | ---- | C] () -- C:\ProgramData\sysid100.dat >
Invalid Switch: 18 11:26:18 | 000,000,004 | ---- | C] () -- C:\ProgramData\sysid100.dat
< [2009/06/19 12:55:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin >
Invalid Switch: 19 12:55:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
< [2009/06/19 12:55:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll >
Invalid Switch: 19 12:55:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
< [2009/03/04 15:12:06 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin >
Invalid Switch: 04 15:12:06 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
< [2009/01/25 14:38:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat >
Invalid Switch: 25 14:38:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
< [2009/01/18 08:23:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat >
Invalid Switch: 18 08:23:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
< [2009/01/13 05:29:00 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll >
Invalid Switch: 13 05:29:00 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
< [2009/01/05 17:37:11 | 000,000,127 | ---- | C] () -- C:\Users\salva\AppData\default.pls >
Invalid Switch: 05 17:37:11 | 000,000,127 | ---- | C] () -- C:\Users\salva\AppData\default.pls
< [2009/01/04 22:03:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin >
Invalid Switch: 04 22:03:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
< [2009/01/01 15:03:19 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini >
Invalid Switch: 01 15:03:19 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
< [2008/12/30 08:12:29 | 000,029,184 | ---- | C] () -- C:\Users\salva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
Invalid Switch: 30 08:12:29 | 000,029,184 | ---- | C] () -- C:\Users\salva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
< [2008/12/30 07:55:16 | 000,319,387 | ---- | C] () -- C:\ProgramData\nvModes.001 >
Invalid Switch: 30 07:55:16 | 000,319,387 | ---- | C] () -- C:\ProgramData\nvModes.001
< [2008/12/30 07:54:22 | 000,319,387 | ---- | C] () -- C:\ProgramData\nvModes.dat >
Invalid Switch: 30 07:54:22 | 000,319,387 | ---- | C] () -- C:\ProgramData\nvModes.dat
< [2008/12/30 04:15:32 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini >
Invalid Switch: 30 04:15:32 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
< [2008/09/18 03:51:20 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe >
Invalid Switch: 18 03:51:20 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
< [2008/09/18 03:41:24 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe >
Invalid Switch: 18 03:41:24 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
< [2008/09/18 01:42:38 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat >
Invalid Switch: 18 01:42:38 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
< [2008/07/01 22:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll >
Invalid Switch: 01 22:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
< [2008/05/22 12:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg >
Invalid Switch: 22 12:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
< [2008/05/13 02:35:23 | 001,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys >
Invalid Switch: 13 02:35:23 | 001,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
< [2008/04/16 07:11:34 | 000,637,090 | ---- | C] () -- C:\Windows\System32\perfh007.dat >
Invalid Switch: 16 07:11:34 | 000,637,090 | ---- | C] () -- C:\Windows\System32\perfh007.dat
< [2008/04/16 07:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat >
Invalid Switch: 16 07:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
< [2008/04/16 07:11:34 | 000,130,000 | ---- | C] () -- C:\Windows\System32\perfc007.dat >
Invalid Switch: 16 07:11:34 | 000,130,000 | ---- | C] () -- C:\Windows\System32\perfc007.dat
< [2008/04/16 07:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat >
Invalid Switch: 16 07:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
< [2008/04/16 06:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini >
Invalid Switch: 16 06:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
< [2007/05/09 03:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys >
Invalid Switch: 09 03:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
< [2007/04/16 06:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin >
Invalid Switch: 16 06:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
< [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat >
Invalid Switch: 02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
< [2006/11/02 08:47:37 | 000,403,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT >
Invalid Switch: 02 08:47:37 | 000,403,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
< [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll >
Invalid Switch: 02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
< [2006/11/02 06:33:01 | 000,603,042 | ---- | C] () -- C:\Windows\System32\perfh009.dat >
Invalid Switch: 02 06:33:01 | 000,603,042 | ---- | C] () -- C:\Windows\System32\perfh009.dat
< [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat >
Invalid Switch: 02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
< [2006/11/02 06:33:01 | 000,106,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat >
Invalid Switch: 02 06:33:01 | 000,106,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
< [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat >
Invalid Switch: 02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
< [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat >
Invalid Switch: 02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
< [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin >
Invalid Switch: 02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
< [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT >
Invalid Switch: 02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
< [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini >
Invalid Switch: 02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat >
Invalid Switch: 02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
< [2006/05/18 23:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini >
Invalid Switch: 18 23:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
< [2006/03/08 21:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll >
Invalid Switch: 08 21:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
< [2005/04/03 10:29:59 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll >
Invalid Switch: 03 10:29:59 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
< [2002/03/21 10:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL >
Invalid Switch: 21 10:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL
< [2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll >
Invalid Switch: 14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
< [1998/05/06 15:09:59 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll >
Invalid Switch: 06 15:09:59 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
< ========== LOP Check ========== >
Invalid Switch: color]
< [2009/01/01 12:36:45 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\ACD Systems >
Invalid Switch: 01 12:36:45 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\ACD Systems
< [2010/02/22 09:38:55 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Antares >
Invalid Switch: 22 09:38:55 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Antares
< [2011/03/31 16:16:45 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\ICQ >
Invalid Switch: 31 16:16:45 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\ICQ
< [2011/01/08 16:00:25 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Leadertech >
Invalid Switch: 08 16:00:25 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Leadertech
< [2009/01/16 16:22:55 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Mp3tag >
Invalid Switch: 16 16:22:55 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Mp3tag
< [2009/03/02 15:05:32 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\OpenOffice.org >
Invalid Switch: 02 15:05:32 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\OpenOffice.org
< [2009/02/28 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Opera >
Invalid Switch: 28 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Opera
< [2009/08/18 12:14:29 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\REAPER >
Invalid Switch: 18 12:14:29 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\REAPER
< [2008/12/31 00:32:40 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\SpeedProject >
Invalid Switch: 31 00:32:40 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\SpeedProject
< [2009/10/24 13:56:58 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Steganos >
Invalid Switch: 24 13:56:58 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Steganos
< [2010/08/31 19:17:11 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Thunderbird >
Invalid Switch: 31 19:17:11 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Thunderbird
< [2009/01/01 12:34:38 | 000,000,000 | ---D | M] -- C:\ProgramData\ACD Systems >
Invalid Switch: 01 12:34:38 | 000,000,000 | ---D | M] -- C:\ProgramData\ACD Systems
< [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data >
Invalid Switch: 02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
< [2008/12/31 07:23:38 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS >
Invalid Switch: 31 07:23:38 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS
< [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop >
Invalid Switch: 02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
< [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents >
Invalid Switch: 02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
< [2010/11/21 16:13:58 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core >
Invalid Switch: 21 16:13:58 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
< [2011/01/08 16:06:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts >
Invalid Switch: 08 16:06:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
< [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites >
Invalid Switch: 02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
< [2011/01/24 20:22:42 | 000,000,000 | ---D | M] -- C:\ProgramData\FreePDF >
Invalid Switch: 24 20:22:42 | 000,000,000 | ---D | M] -- C:\ProgramData\FreePDF
< [2010/11/09 18:04:21 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ >
Invalid Switch: 09 18:04:21 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
< [2009/02/08 10:12:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Last.fm >
Invalid Switch: 08 10:12:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Last.fm
< [2009/01/26 18:44:33 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe >
Invalid Switch: 26 18:44:33 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
< [2010/11/09 18:08:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Native Instruments >
Invalid Switch: 09 18:08:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Native Instruments
< [2008/09/18 03:41:09 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G >
Invalid Switch: 18 03:41:09 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G
< [2010/11/21 15:39:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield >
Invalid Switch: 21 15:39:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield
< [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu >
Invalid Switch: 02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
< [2009/04/10 13:01:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp >
Invalid Switch: 10 13:01:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
< [2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates >
Invalid Switch: 02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
< [2010/11/09 18:08:13 | 000,000,000 | -H-D | M] -- C:\ProgramData\{20EFD19B-675C-417B-A498-B0161D72FF88} >
Invalid Switch: 09 18:08:13 | 000,000,000 | -H-D | M] -- C:\ProgramData\{20EFD19B-675C-417B-A498-B0161D72FF88}
< [2010/08/20 10:08:36 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} >
Invalid Switch: 20 10:08:36 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
< [2008/09/18 01:57:04 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1} >
Invalid Switch: 18 01:57:04 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
< [2009/06/25 07:24:12 | 000,000,000 | ---D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} >
Invalid Switch: 25 07:24:12 | 000,000,000 | ---D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
< [2010/11/09 17:39:12 | 000,000,000 | -H-D | M] -- C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718} >
Invalid Switch: 09 17:39:12 | 000,000,000 | -H-D | M] -- C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718}
< [2010/11/09 18:09:54 | 000,000,000 | -H-D | M] -- C:\ProgramData\{EABD1E45-B7E9-4848-8E7A-C9D68488B361} >
Invalid Switch: 09 18:09:54 | 000,000,000 | -H-D | M] -- C:\ProgramData\{EABD1E45-B7E9-4848-8E7A-C9D68488B361}
< [2011/04/12 12:00:39 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT >
Invalid Switch: 12 12:00:39 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
< [2011/04/11 17:51:13 | 000,000,396 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2B2ED1B1-96FA-4109-BA81-866D0CACB5E9}.job >
Invalid Switch: 11 17:51:13 | 000,000,396 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2B2ED1B1-96FA-4109-BA81-866D0CACB5E9}.job
< ========== Purity Check ========== >
Invalid Switch: color]
< < End of report >
--- --- --- > < End of report > |
|
12.04.2011, 20:27
| #6 |
| /// Malware-holic | Trojaner "Bundespolizei" wir haben hier nen problem. du musst auf folgendes achten. bei dir sind die zu löschenden dateien so lang. das passt nicht in eine zeile, muss aber in dem fenster von otl alles so stehen wie ich sage. in der ersten zeile das :OTL und darunter der komplette o20 eintrag bis zu Chqvjb) wenn es also zu lang ist, stelle dich ans ende der zweiten zeile und drücke entfernen, das musste den rest nach oben ziehen. in der dritten zeile kommt dann :FILES und darunter der eintrag c:\... und in der vierten gehts weiter mit :Commants auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O20 - HKU\salva_ON_C Winlogon: Shell - (C:\Users\salva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7L03ZXXE\calc[1].exe) - C:\Users\salva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7L03ZXXE\calc[1].exe (Gvqid :Files C:\Users\salva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7L03ZXXE\calc[1].exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt auf deinem stick. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. öffne computer, öffne c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ --> Trojaner "Bundespolizei" |
|
12.04.2011, 20:51
| #7 |
| | Trojaner "Bundespolizei" hey danke dass du immer so schnell antwortest... ich werde versuchen das so zu machen wie du gesagt hast, allerdings bin ich ein laie wenn es um solche sachen geht  meinst du in deinem ersten absatz mit dem entfernen, dass ich das in der OTL textdatei machen soll? vielen dank |
|
13.04.2011, 10:28
| #8 |
| /// Malware-holic | Trojaner "Bundespolizei" so muss das dann aussehen:  das forum bricht die zeile um. wenn du das im otl fenster einfügst, stellst du dich an das ende der zeile, wo umgebrochen wurde, drückst auf entf und das wird nach oben gezogen. das selbe machst du nach :files so das es dann so aussieht wie bei mir.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.04.2011, 18:54
| #9 |
| | Trojaner "Bundespolizei" hey, also wie ich gelesen habe, haben viele andere das gleiche problem wie ich.. in einem anderen thread hast du geschrieben, dass es wenn man onlinebanking usw. benutzt besser ist, wenn man ganze system neudraufzieht.. ich denke das ist in meiner situation besser.. kann ich das jetzt direkt machen ohne den trojaner vorher zu entfernen? und wie sicher ich jetzt am besten meine daten? wahrscheinlich muss ich den trojaner vorher entfernen sonst zieh ich ja die infizierte datei gleich wieder drauf oder? vielen dank für deine hilfe! gruß hauke |
|
13.04.2011, 19:00
| #10 |
| /// Malware-holic | Trojaner "Bundespolizei" in dem andern thread hatte der nutzer 2 verschiedene malware arten. hier sieht es nicht so aus. deswegen mache erst mal wie beschrieben weiter und wir untersuchen das system. für die daten sicherung ist es alle male angenehmer, wenn du den trojaner erst mal entfernst wie beschrieben, dann kommst du wieder in windows rein und kannst daten sichern, und neu machen, wovon ich dich nicht abhalte :-) ich würde dir sogar weitere tipps geben, wie das system abzu sichern ist
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.04.2011, 20:09
| #11 |
| | Trojaner "Bundespolizei" ok alles klar.. dann werd ich das erstmal so machen wie du oben geschrieben hast! |
|
14.04.2011, 17:42
| #12 |
| | Trojaner "Bundespolizei" hey, also ich habe nun alles soweit gemacht, er fragt mich nachdem ich auf den fix button gedrückt hab ob er neu starten soll..wenn ich dann auf ja drücke macht er aber nichts.. was habe ich falsch gemacht? |
|
14.04.2011, 18:08
| #13 |
| | Trojaner "Bundespolizei" hab ihn einfach manuel neu gestartet... komme nach dem neustart ohne cd jedoch nicht auf den desktop sondern es erscheint wieder der bildschirm mit dem BKA... ich versuche das ganze einfach nochmal von vorne.. |
|
14.04.2011, 18:35
| #14 |
| /// Malware-holic | Trojaner "Bundespolizei" starte mal manuell neu und nimm die cd raus, schau was passiert.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.04.2011, 18:51
| #15 |
| | Trojaner "Bundespolizei" wenn ich manuell starte und die cd herausnehme erscheint nicht der desktop sondern wieder der BKA bildschirm.. habe auch schon das script per hand eingegeben und nicht über txt datei.. |
|
| Themen zu Trojaner "Bundespolizei" |
| 100euro, anderer, aufforderung, bundespolizei, erschein, erscheint, euro, folge, folgendes, forum, gestern, leute, otlpe, problem, troja, trojaner |
