|
Win Exploert stürtzt unter Win 7 ständig ab/cleansweep.exe? Hi nach dem ich gestern im Internet war und mir etwas ziehen wollte (schön Dumm ich weiß es selber), tauchte dann ständig der IE auf (surfe selber mit FF). das wegklicken ging ja noch aber dan kamen Meldungen, das seiten beendet werden sollen und heute morgen das die WIN host files nicht mehr funktionieren und beendet werden müssen. Seit neustem stürtzt ständig der win Explorer ab. Meine AV - Software ist antivirus und der zeigte mir gesten und heute einiges an. ich habe trojan remover drüber laufen lassen, nachdem gester Hijack this nichts ergeben hat... der Trojan hat mir 3 dinge entfernt und hijack this hat nun folgendes logfile Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:30:15, on 24.01.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\program files\avira\antivir desktop\avscan.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\Piia - Muckelchen\Downloads\HiJackThis204.exe C:\Windows\system32\RunDll32.exe C:\Windows\Explorer.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [JP595IR86O] C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe O4 - HKCU\..\Run: [{32A068F1-BA4F-03E6-B150-A98A13ED97A3}] "C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye\weizd.exe" O4 - HKCU\..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- End of file - 6451 bytes Ich hoffe auf schnelle Hilfe. Danke im vorraus |
was hat avira gefunden, log dateien. trojan remover, log dateien. ich brauche genaue meldungen, irgendwas ist nicht grad ne vernünftige info. wo hast du was geladen, bitte link als private nachicht an mich. |
Antivir:Exportierte Ereignisse: 24.01.2011 12:19 [Guard] Malware gefunden In der Datei 'C:\Windows\Crahea.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.CodecPack.affe' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 24.01.2011 12:17 [Scanner] Malware gefunden Die Datei 'C:\Windows\Crahea.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Dldr.CodecPack.affe' [trojan]. Durchgeführte Aktion(en): Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003. Die Datei konnte nicht gelöscht werden! Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen. Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden! Die Datei konnte nicht gelöscht werden! 24.01.2011 12:17 [Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 63 Anzahl Verzeichnisse: 0 Anzahl Malware: 2 Anzahl Fehler: 1 24.01.2011 12:17 [Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde abgebrochen!]. Anzahl Dateien: 261282 Anzahl Verzeichnisse: 4846 Anzahl Malware: 0 Anzahl Fehler: 2 24.01.2011 12:15 [Guard] Malware gefunden In der Datei 'C:\Windows\Crahea.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.CodecPack.affe' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 24.01.2011 11:36 [Scanner] Malware gefunden Die Datei 'C:\Windows\Crahea.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Dldr.CodecPack.affe' [trojan]. Durchgeführte Aktion(en): Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003. Die Datei konnte nicht gelöscht werden! Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen. Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden! Die Datei konnte nicht gelöscht werden! 24.01.2011 11:36 [Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 62 Anzahl Verzeichnisse: 0 Anzahl Malware: 2 Anzahl Fehler: 1 24.01.2011 11:34 [Guard] Malware gefunden In der Datei 'C:\Windows\Crahea.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.CodecPack.affe' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 24.01.2011 11:34 [Guard] Malware gefunden In der Datei 'C:\Windows\Crahea.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.CodecPack.affe' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 24.01.2011 11:34 [Guard] Malware gefunden In der Datei 'C:\Windows\Crahea.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.CodecPack.affe' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 24.01.2011 11:20 [Updater] Update erfolgreich durchgeführt Update von Avira AntiVir Personal - Free Antivirus auf Computer AMILO (192.168.178.32) erfolgreich durchgeführt. Folgende Dateien wurden von hxxp://80.190.143.240/update aktualisiert: vbase031.vdf 7.11.1.223 aevdf.dat 7.11.1.223 24.01.2011 11:20 [Guard] Engine neu geladen Die Engine wurde neu geladen. Engine Version: 8.02.04.150 VDF Version: 7.11.01.223 24.01.2011 11:18 [Planer] Auftrag gestartet Auftrag "startupd_job_ex" wurde erfolgreich gestartet. 24.01.2011 11:16 [Guard] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 10.0.1.56 Engine Version: 8.2.4.150 VDF Version: 7.11.1.216 24.01.2011 11:16 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 10.0.0.19 24.01.2011 11:15 [Guard] Dienst gestoppt Der Dienst wurde gestoppt. 24.01.2011 11:15 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 24.01.2011 11:09 [Guard] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 10.0.1.56 Engine Version: 8.2.4.150 VDF Version: 7.11.1.216 24.01.2011 11:09 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 10.0.0.19 23.01.2011 16:58 [Guard] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 10.0.1.56 Engine Version: 8.2.4.150 VDF Version: 7.11.1.216 23.01.2011 16:58 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 10.0.0.19 23.01.2011 16:57 [Guard] Dienst gestoppt Der Dienst wurde gestoppt. 23.01.2011 16:57 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 23.01.2011 16:48 [Guard] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 10.0.1.56 Engine Version: 8.2.4.150 VDF Version: 7.11.1.216 23.01.2011 16:47 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 10.0.0.19 23.01.2011 16:46 [Guard] Dienst gestoppt Der Dienst wurde gestoppt. 23.01.2011 16:46 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 23.01.2011 16:29 [Guard] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 10.0.1.56 Engine Version: 8.2.4.150 VDF Version: 7.11.1.216 23.01.2011 16:29 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 10.0.0.19 23.01.2011 16:28 [Guard] Dienst gestoppt Der Dienst wurde gestoppt. 23.01.2011 16:28 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 23.01.2011 15:33 [Guard] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 10.0.1.56 Engine Version: 8.2.4.150 VDF Version: 7.11.1.216 23.01.2011 15:32 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 10.0.0.19 23.01.2011 15:31 [Guard] Dienst gestoppt Der Dienst wurde gestoppt. 23.01.2011 15:31 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 23.01.2011 12:23 [Scanner] Malware gefunden Die Datei 'C:\Users\Piia - Muckelchen\AppData\Local\Temp\tmp2d2cfd2a\hauptbild3.jpg' enthielt einen Virus oder unerwünschtes Programm 'HEUR/Crypted.E' [heuristic]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49d8b11b.qua' verschoben! 23.01.2011 12:23 [Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 64 Anzahl Verzeichnisse: 0 Anzahl Malware: 0 Anzahl Fehler: 0 23.01.2011 12:22 [Guard] Malware gefunden In der Datei 'C:\Users\Piia - Muckelchen\AppData\Local\Temp\tmp2d2cfd2a\hauptbild3.jpg' wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden. Ausgeführte Aktion: Zugriff verweigern 23.01.2011 12:22 [Guard] Malware gefunden In der Datei 'C:\Users\Piia - Muckelchen\AppData\Local\Temp\tmp2d2cfd2a\hauptbild3.jpg' wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden. Ausgeführte Aktion: Zugriff verweigern 23.01.2011 12:22 [Guard] Malware gefunden In der Datei 'C:\Users\Piia - Muckelchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WRRV63N4\hauptbild3[1].jpg' wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden. Ausgeführte Aktion: Zugriff erlauben 23.01.2011 12:22 [Guard] Malware gefunden In der Datei 'C:\Users\Piia - Muckelchen\AppData\Local\Temp\tmp2d2cfd2a\hauptbild3.jpg' wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden. Ausgeführte Aktion: Zugriff erlauben 23.01.2011 11:57 [Guard] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 10.0.1.56 Engine Version: 8.2.4.150 VDF Version: 7.11.1.216 23.01.2011 11:57 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 10.0.0.19 23.01.2011 11:56 [Guard] Dienst gestoppt Der Dienst wurde gestoppt. 23.01.2011 11:55 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 23.01.2011 11:38 [Scanner] Malware gefunden Die Datei 'C:\Users\Piia - Muckelchen\AppData\Local\Temp\hoQAK.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '499da4b8.qua' verschoben! 23.01.2011 11:38 [Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 63 Anzahl Verzeichnisse: 0 Anzahl Malware: 1 Anzahl Fehler: 0 23.01.2011 11:36 [Guard] Malware gefunden In der Datei 'C:\Users\Piia - Muckelchen\AppData\Local\Temp\hoQAK.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 23.01.2011 11:36 [Guard] Malware gefunden In der Datei 'C:\Users\Piia - Muckelchen\AppData\Local\Temp\hoQAK.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 23.01.2011 11:36 [Guard] Malware gefunden In der Datei 'C:\Users\Piia - Muckelchen\AppData\Local\Temp\hoQAK.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff erlauben trojan: ***** THE SYSTEM HAS BEEN RESTARTED ***** 24.01.2011 11:16:58: Trojan Remover has been restarted ======================================================= Deleting the following registry value(s): HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[Device Detector] - already deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[GoogleUpdate] - already deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\[VIDC.ACDV] - already deleted ======================================================= 24.01.2011 11:16:58: Trojan Remover closed ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.8.2.2595. For information, email support@simplysup.com [Unregistered version] Scan started at: 11:13:20 24 Jan 2011 Using Database v7645 Operating System: Windows 7 Professional [Build: 6.1.7600] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Piia - Muckelchen\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Piia - Muckelchen\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges [Alerts will be shown on Malware files AND files not found] ************************************************************ ************************************************************ 11:13:20: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 11:13:22: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: explorer.exe C:\Windows\explorer.exe 2614272 bytes Created: 20.12.2010 09:43 Modified: 31.10.2009 06:45 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe,] File: C:\Windows\system32\userinit.exe C:\Windows\system32\userinit.exe 26112 bytes Created: 14.07.2009 00:34 Modified: 14.07.2009 02:14 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: Apoint Value Data: C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Apoint2K\Apoint.exe 225280 bytes Created: 30.07.2009 04:33 Modified: 30.07.2009 04:33 Company: Alps Electric Co., Ltd. -------------------- Value Name: Adobe Reader Speed Launcher Value Data: "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe 35736 bytes Created: 10.11.2010 12:49 Modified: 10.11.2010 12:49 Company: Adobe Systems Incorporated -------------------- Value Name: Adobe ARM Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 932288 bytes Created: 10.11.2010 12:49 Modified: 10.11.2010 12:49 Company: Adobe Systems Incorporated -------------------- Value Name: avgnt Value Data: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 281768 bytes Created: 20.12.2010 20:19 Modified: 13.12.2010 08:39 Company: Avira GmbH -------------------- Value Name: SunJavaUpdateSched Value Data: "C:\Program Files\Common Files\Java\Java Update\jusched.exe" C:\Program Files\Common Files\Java\Java Update\jusched.exe 246504 bytes Created: 11.01.2010 15:21 Modified: 11.01.2010 15:21 Company: Sun Microsystems, Inc. -------------------- Value Name: AdobeAAMUpdater-1.0 Value Data: "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe 500208 bytes Created: 18.01.2011 13:49 Modified: 06.03.2010 03:44 Company: Adobe Systems Incorporated -------------------- Value Name: SwitchBoard Value Data: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 517096 bytes Created: 19.02.2010 13:37 Modified: 19.02.2010 13:37 Company: Adobe Systems Incorporated -------------------- Value Name: AdobeCS5ServiceManager Value Data: "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe 402432 bytes Created: 22.02.2010 04:57 Modified: 22.07.2010 22:10 Company: Adobe Systems Incorporated -------------------- Value Name: BCSSync Value Data: "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices C:\Program Files\Microsoft Office\Office14\BCSSync.exe 91520 bytes Created: 13.03.2010 14:54 Modified: 13.03.2010 14:54 Company: Microsoft Corporation -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: AnyDVD Value Data: C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe 3124160 bytes Created: 11.11.2009 12:29 Modified: 11.11.2009 12:29 Company: SlySoft, Inc. -------------------- Value Name: Sony Ericsson PC Suite Value Data: "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe 393216 bytes Created: 05.01.2011 10:41 Modified: 02.07.2008 16:16 Company: Sony Ericsson Mobile Communications AB -------------------- Value Name: GoogleUpdate Value Data: C:\Users\Piia - Muckelchen\Downloads\setup.exe C:\Users\Piia - Muckelchen\Downloads\setup.exe - this registry value has been removed [file not found to scan] -------------------- Value Name: JP595IR86O Value Data: C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe 204288 bytes Created: 23.01.2011 11:36 Modified: 23.01.2011 11:36 Company: Adobe Flash Player -------------------- Value Name: {32A068F1-BA4F-03E6-B150-A98A13ED97A3} Value Data: "C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye\weizd.exe" C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye\weizd.exe 144896 bytes Created: 19.12.2010 19:08 Modified: 19.12.2010 19:08 Company: -------------------- Value Name: cleansweep.exe Value Data: C:\cleansweep.exe\cleansweep.exe C:\cleansweep.exe\cleansweep.exe 220672 bytes Created: 20.12.2010 09:39 Modified: 24.03.2010 07:37 Company: largez -------------------- Value Name: mute.exe Value Data: C:\mute\mute.exe C:\mute\mute.exe 168960 bytes Created: 20.12.2010 09:39 Modified: 24.03.2010 07:37 Company: -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 11:13:38: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} Value: Groove GFS Stub Execution Hook File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL 4222864 bytes Created: 25.03.2010 10:25 Modified: 25.03.2010 10:25 Company: Microsoft Corporation ---------- ************************************************************ 11:13:38: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 11:13:38: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************************ 11:13:38: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- ************************************************************ 11:13:39: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: StorSvc Path: %SystemRoot%\system32\storsvc.dll C:\Windows\system32\storsvc.dll 16384 bytes Created: 14.07.2009 00:45 Modified: 14.07.2009 02:16 Company: Microsoft Corporation -------------------- ************************************************************ 11:13:47: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AdobeActiveFileMonitor7.0 ImagePath: C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe 169312 bytes Created: 16.09.2008 12:03 Modified: 16.09.2008 12:03 Company: Adobe Systems Incorporated ---------- Key: amdsata ImagePath: \SystemRoot\system32\DRIVERS\amdsata.sys C:\Windows\system32\DRIVERS\amdsata.sys 79952 bytes Created: 10.06.2009 22:19 Modified: 14.07.2009 02:26 Company: Advanced Micro Devices ---------- Key: amdxata ImagePath: system32\DRIVERS\amdxata.sys C:\Windows\system32\DRIVERS\amdxata.sys 23616 bytes Created: 13.07.2009 23:09 Modified: 14.07.2009 02:26 Company: Advanced Micro Devices ---------- Key: AnyDVD ImagePath: System32\Drivers\AnyDVD.sys C:\Windows\System32\Drivers\AnyDVD.sys 104512 bytes Created: 11.11.2009 12:22 Modified: 11.11.2009 12:22 Company: SlySoft, Inc. ---------- Key: atapi ImagePath: system32\DRIVERS\atapi.sys C:\Windows\system32\DRIVERS\atapi.sys 21584 bytes Created: 14.07.2009 00:11 Modified: 14.07.2009 02:26 Company: Microsoft Corporation ---------- Key: athur ImagePath: system32\DRIVERS\athur.sys C:\Windows\system32\DRIVERS\athur.sys 1500160 bytes Created: 05.01.2011 09:47 Modified: 05.01.2010 19:20 Company: Atheros Communications, Inc. ---------- Key: clr_optimization_v4.0.30319_32 ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 130384 bytes Created: 18.03.2010 13:16 Modified: 18.03.2010 13:16 Company: Microsoft Corporation ---------- Key: FLEXnet Licensing Service ImagePath: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 867080 bytes Created: 20.12.2010 17:48 Modified: 20.12.2010 17:48 Company: Acresso Software Inc. ---------- Key: hwdatacard ImagePath: system32\DRIVERS\ewusbmdm.sys C:\Windows\system32\DRIVERS\ewusbmdm.sys 101760 bytes Created: 19.12.2010 18:34 Modified: 24.07.2008 12:03 Company: Huawei Technologies Co., Ltd. ---------- Key: iaStorV ImagePath: \SystemRoot\system32\DRIVERS\iaStorV.sys C:\Windows\system32\DRIVERS\iaStorV.sys 332352 bytes Created: 10.06.2009 22:19 Modified: 14.07.2009 02:20 Company: Intel Corporation ---------- Key: ISODrive ImagePath: \??\C:\Program Files\UltraISO\drivers\ISODrive.sys C:\Program Files\UltraISO\drivers\ISODrive.sys 82320 bytes Created: 25.12.2010 13:22 Modified: 29.01.2010 11:40 Company: EZB Systems, Inc. ---------- Key: KMWDFILTERx86 ImagePath: system32\DRIVERS\KMWDFILTER.sys C:\Windows\system32\DRIVERS\KMWDFILTER.sys 25088 bytes Created: 29.04.2009 15:37 Modified: 29.04.2009 15:37 Company: Windows (R) Codename Longhorn DDK provider ---------- Key: Microsoft SharePoint Workspace Audit Service ImagePath: "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice C:\Program Files\Microsoft Office\Office14\GROOVE.EXE 30969208 bytes Created: 25.03.2010 10:25 Modified: 25.03.2010 10:25 Company: Microsoft Corporation ---------- Key: msahci ImagePath: system32\DRIVERS\msahci.sys C:\Windows\system32\DRIVERS\msahci.sys 27712 bytes Created: 14.07.2009 00:45 Modified: 14.07.2009 02:20 Company: Microsoft Corporation ---------- Key: NVENETFD ImagePath: system32\DRIVERS\nvm62x32.sys C:\Windows\system32\DRIVERS\nvm62x32.sys 347264 bytes Created: 10.06.2009 22:18 Modified: 13.07.2009 23:02 Company: NVIDIA Corporation ---------- Key: osppsvc ImagePath: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 4640000 bytes Created: 09.01.2010 21:37 Modified: 09.01.2010 21:37 Company: Microsoft Corporation ---------- Key: s0017bus ImagePath: system32\DRIVERS\s0017bus.sys C:\Windows\system32\DRIVERS\s0017bus.sys 90536 bytes Created: 05.01.2011 10:41 Modified: 27.05.2008 11:41 Company: MCCI Corporation ---------- Key: s0017mdfl ImagePath: system32\DRIVERS\s0017mdfl.sys C:\Windows\system32\DRIVERS\s0017mdfl.sys 15016 bytes Created: 05.01.2011 10:41 Modified: 27.05.2008 11:41 Company: MCCI Corporation ---------- Key: s0017mdm ImagePath: system32\DRIVERS\s0017mdm.sys C:\Windows\system32\DRIVERS\s0017mdm.sys 122152 bytes Created: 05.01.2011 10:41 Modified: 27.05.2008 11:41 Company: MCCI Corporation ---------- Key: s0017mgmt ImagePath: system32\DRIVERS\s0017mgmt.sys C:\Windows\system32\DRIVERS\s0017mgmt.sys 115496 bytes Created: 05.01.2011 10:41 Modified: 27.05.2008 11:41 Company: MCCI Corporation ---------- Key: s0017nd5 ImagePath: system32\DRIVERS\s0017nd5.sys C:\Windows\system32\DRIVERS\s0017nd5.sys 25768 bytes Created: 05.01.2011 10:41 Modified: 27.05.2008 11:41 Company: MCCI Corporation ---------- Key: s0017obex ImagePath: system32\DRIVERS\s0017obex.sys C:\Windows\system32\DRIVERS\s0017obex.sys 111912 bytes Created: 05.01.2011 10:41 Modified: 27.05.2008 11:41 Company: MCCI Corporation ---------- Key: s0017unic ImagePath: system32\DRIVERS\s0017unic.sys C:\Windows\system32\DRIVERS\s0017unic.sys 117672 bytes Created: 05.01.2011 10:41 Modified: 27.05.2008 11:41 Company: MCCI Corporation ---------- Key: Serenum ImagePath: \SystemRoot\system32\DRIVERS\serenum.sys C:\Windows\system32\DRIVERS\serenum.sys 17920 bytes Created: 14.07.2009 00:45 Modified: 14.07.2009 00:45 Company: Microsoft Corporation ---------- Key: Serial ImagePath: \SystemRoot\system32\DRIVERS\serial.sys C:\Windows\system32\DRIVERS\serial.sys 83456 bytes Created: 14.07.2009 00:45 Modified: 14.07.2009 00:45 Company: Microsoft Corporation ---------- Key: SIS163u ImagePath: system32\DRIVERS\sis163u.sys C:\Windows\system32\DRIVERS\sis163u.sys 218624 bytes Created: 07.05.2007 00:00 Modified: 07.05.2007 00:00 Company: Silicon Integrated Systems Corp. ---------- Key: SrvHsfHDA ImagePath: system32\DRIVERS\VSTAZL3.SYS C:\Windows\system32\DRIVERS\VSTAZL3.SYS 207360 bytes Created: 13.07.2009 23:13 Modified: 13.07.2009 23:13 Company: Conexant Systems, Inc. ---------- Key: SrvHsfWinac ImagePath: system32\DRIVERS\VSTCNXT3.SYS C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 661504 bytes Created: 13.07.2009 23:13 Modified: 13.07.2009 23:13 Company: Conexant Systems, Inc. ---------- Key: Stereo Service ImagePath: C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 369256 bytes Created: 16.10.2010 11:46 Modified: 16.10.2010 11:46 Company: NVIDIA Corporation ---------- Key: SwitchBoard ImagePath: "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 517096 bytes Created: 19.02.2010 13:37 Modified: 19.02.2010 13:37 Company: Adobe Systems Incorporated ---------- Key: TeamViewer6 ImagePath: C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe 2222376 bytes Created: 19.12.2010 19:28 Modified: 30.11.2010 18:08 Company: TeamViewer GmbH ---------- Key: vwififlt ImagePath: system32\DRIVERS\vwififlt.sys C:\Windows\system32\DRIVERS\vwififlt.sys 48128 bytes Created: 14.07.2009 00:52 Modified: 14.07.2009 00:52 Company: Microsoft Corporation ---------- Key: Wd ImagePath: system32\DRIVERS\wd.sys C:\Windows\system32\DRIVERS\wd.sys 19024 bytes Created: 14.07.2009 00:11 Modified: 14.07.2009 02:19 Company: Microsoft Corporation ---------- Key: WinUsb ImagePath: system32\DRIVERS\WinUsb.sys C:\Windows\system32\DRIVERS\WinUsb.sys 34944 bytes Created: 14.07.2009 00:51 Modified: 14.07.2009 00:51 Company: Microsoft Corporation ---------- ************************************************************ 11:14:12: Scanning -----VXD ENTRIES----- ************************************************************ 11:14:12: Scanning ----- WINLOGON\NOTIFY DLLS ----- No WINLOGON\NOTIFY DLLs found to scan Rootkit scan of Winlogon\Notify key not possible [key may not exist] ************************************************************ 11:14:12: Scanning ----- CONTEXTMENUHANDLERS ----- Key: XXX Groove GFS Context Menu Handler XXX CLSID: {6C467336-8281-4E60-8204-430CED96822D} Path: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL 4222864 bytes Created: 25.03.2010 10:25 Modified: 25.03.2010 10:25 Company: Microsoft Corporation ---------- ************************************************************ 11:14:14: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} File: "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll 397824 bytes Created: 15.12.2009 18:05 Modified: 15.12.2009 18:05 Company: OpenOffice.org ---------- ************************************************************ 11:14:15: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} BHO: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF} BHO: C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL 561552 bytes Created: 28.02.2010 02:20 Modified: 28.02.2010 02:20 Company: Microsoft Corporation ---------- ************************************************************ 11:14:16: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 11:14:16: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- No SharedTaskScheduler entries found to scan ************************************************************ 11:14:16: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 11:14:16: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ************************************************************ 11:14:17: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 11:14:17: Scanning ------ COMMON STARTUP GROUP ------ [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 14.07.2009 05:41 Modified: 14.07.2009 05:41 Company: [no info] -------------------- ************************************************************ 11:14:18: Scanning ----- USER STARTUP GROUPS ----- Checking Startup Group for: Piia - Muckelchen [C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 19.12.2010 18:30 Modified: 21.12.2010 07:15 Company: [no info] ---------- OpenOffice.org 3.2.lnk - links to C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE 384000 bytes Created: 15.12.2009 11:30 Modified: 15.12.2009 11:30 Company: [no info] ---------- -------------------- ************************************************************ 11:14:19: Scanning ----- SCHEDULED TASKS ----- Taskname: {22116563-108C-42c0-A7CE-60161B75E508} File: C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe 204288 bytes Created: 23.01.2011 11:36 Modified: 23.01.2011 11:36 Company: Adobe Flash Player Schedule: Multiple schedule times Next Run Time: 24.01.2011 11:46:00 Status: Ready Creator: Piia - Muckelchen Comments: ---------- Taskname: {62C40AA6-4406-467a-A5A5-DFDF1B559B7A} File: C:\Windows\Crahea.exe C:\Windows\Crahea.exe 201728 bytes Created: 23.01.2011 11:37 Modified: 23.01.2011 11:36 Company: Adobe Flash Player Schedule: Multiple schedule times Next Run Time: 24.01.2011 11:43:00 Status: Running Creator: Piia - Muckelchen Comments: ---------- Taskname: {A5E2AE77-D229-48E5-B625-BF24A3DCE643} File: C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Phone\Skype.exe -R- 14944136 bytes Created: 03.12.2010 16:46 Modified: 03.12.2010 16:46 Company: Skype Technologies S.A. Schedule: At task creation/modification Next Run Time: Status: Ready Creator: SkypeSetupLight Comments: ---------- Taskname: {BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A} File: C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe 195584 bytes Created: 23.01.2011 11:36 Modified: 23.01.2011 11:36 Company: Adobe Flash Player Schedule: Multiple schedule times Next Run Time: 24.01.2011 11:52:00 Status: Ready Creator: Piia - Muckelchen Comments: ---------- Taskname: AdobeAAMUpdater-1.0-Amilo-Piia - Muckelchen File: C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe 500208 bytes Created: 18.01.2011 13:49 Modified: 06.03.2010 03:44 Company: Adobe Systems Incorporated Parameters: -mode=scheduled Schedule: At 02:00:00 every day Next Run Time: 25.01.2011 02:00:00 Status: Ready Creator: Author Name Comments: ---------- ************************************************************ 11:14:23: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- Key: Groove Explorer Icon Overlay 1 (GFS Unread Stub) CLSID: {99FD978C-D287-4F50-827F-B2C658EDA8E7} File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: Groove Explorer Icon Overlay 2 (GFS Stub) CLSID: {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) CLSID: {920E6DB1-9907-4370-B3A0-BAFC03D81399} File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: Groove Explorer Icon Overlay 3 (GFS Folder) CLSID: {16F3DD56-1AF5-4347-846D-7C10C4192619} File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: Groove Explorer Icon Overlay 4 (GFS Unread Mark) CLSID: {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: SharingPrivate CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235} File: %SystemRoot%\system32\ntshrui.dll C:\Windows\system32\ntshrui.dll 442880 bytes Created: 14.07.2009 00:41 Modified: 14.07.2009 02:16 Company: Microsoft Corporation ---------- ************************************************************ 11:14:25: Scanning ----- DEVICE DRIVER ENTRIES ----- Value: VIDC.ACDV File: ACDV.dll ACDV.dll - this registry value has been removed [file not found to scan] ---------- ************************************************************ 11:14:35: ----- ADDITIONAL CHECKS ----- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg 1720427 bytes Created: 19.12.2010 18:30 Modified: 03.01.2011 11:25 Company: [no info] ---------- Web Desktop Wallpaper entry is blank ---------- Checks for rogue DNS NameServers completed ---------- Additional checks completed ************************************************************ 11:14:37: Scanning ----- RUNNING PROCESSES ----- C:\Windows\system32\taskeng.exe 192000 bytes Created: 20.12.2010 10:00 Modified: 02.11.2010 05:34 Company: Microsoft Corporation -------------------- C:\Windows\system32\Dwm.exe 92672 bytes Created: 14.07.2009 00:24 Modified: 14.07.2009 02:14 Company: Microsoft Corporation -------------------- C:\Windows\Crahea.exe - file already scanned -------------------- C:\Program Files\Apoint2K\Apoint.exe - file already scanned -------------------- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe - file already scanned -------------------- C:\Program Files\Common Files\Java\Java Update\jusched.exe - file already scanned -------------------- C:\Program Files\Apoint2K\ApMsgFwd.exe 42280 bytes Created: 16.07.2009 00:42 Modified: 16.07.2009 00:42 Company: Alps Electric Co., Ltd. -------------------- C:\Program Files\Apoint2K\Apntex.exe 49152 bytes Created: 31.01.2009 09:15 Modified: 31.01.2009 09:15 Company: Alps Electric Co., Ltd. -------------------- C:\Program Files\OpenOffice.org 3\program\soffice.bin 7418368 bytes Created: 02.02.2010 00:15 Modified: 02.02.2010 00:15 Company: OpenOffice.org -------------------- C:\Windows\system32\taskmgr.exe 227328 bytes Created: 14.07.2009 00:20 Modified: 14.07.2009 02:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\wuauclt.exe 47104 bytes Created: 14.07.2009 01:14 Modified: 14.07.2009 02:14 Company: Microsoft Corporation -------------------- C:\Program Files\Trojan Remover\Rmvtrjan.exe FileSize: 3687344 [This is a Trojan Remover component] -------------------- C:\Windows\system32\SearchFilterHost.exe 86528 bytes Created: 14.07.2009 01:13 Modified: 14.07.2009 02:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\SearchProtocolHost.exe 164352 bytes Created: 14.07.2009 01:14 Modified: 14.07.2009 02:14 Company: Microsoft Corporation -------------------- C:\Windows\explorer.exe - file already scanned -------------------- C:\Windows\system32\WerFault.exe 360448 bytes Created: 14.07.2009 00:27 Modified: 14.07.2009 02:14 Company: Microsoft Corporation -------------------- ************************************************************ 11:14:41: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\System32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": hxxp://go.microsoft.com/fwlink/?LinkId=54896 ************************************************************ === CHANGES WERE MADE TO THE WINDOWS REGISTRY === Scan completed at: 11:14:42 24 Jan 2011 Total Scan time: 00:01:21 ------------------------------------------------------------------------- Trojan Remover needs to restart the system to complete operations 24.01.2011 11:14:47: restart commenced ************************************************************ ====================================== [INCOMPLETE SCAN LOG RECOVERED] ====================================== ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.8.2.2595. For information, email support@simplysup.com [Unregistered version] Scan started at: 11:11:53 24 Jan 2011 Using Database v7645 Operating System: Windows 7 Professional [Build: 6.1.7600] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Piia - Muckelchen\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Piia - Muckelchen\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges [Alerts will be shown on Malware files AND files not found] ************************************************************ ************************************************************ 11:11:54: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 11:11:56: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: explorer.exe C:\Windows\explorer.exe 2614272 bytes Created: 20.12.2010 09:43 Modified: 31.10.2009 06:45 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe,] File: C:\Windows\system32\userinit.exe C:\Windows\system32\userinit.exe 26112 bytes Created: 14.07.2009 00:34 Modified: 14.07.2009 02:14 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: Apoint Value Data: C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Apoint2K\Apoint.exe 225280 bytes Created: 30.07.2009 04:33 Modified: 30.07.2009 04:33 Company: Alps Electric Co., Ltd. -------------------- Value Name: Adobe Reader Speed Launcher Value Data: "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe 35736 bytes Created: 10.11.2010 12:49 Modified: 10.11.2010 12:49 Company: Adobe Systems Incorporated -------------------- Value Name: Adobe ARM Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 932288 bytes Created: 10.11.2010 12:49 Modified: 10.11.2010 12:49 Company: Adobe Systems Incorporated -------------------- Value Name: avgnt Value Data: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 281768 bytes Created: 20.12.2010 20:19 Modified: 13.12.2010 08:39 Company: Avira GmbH -------------------- Value Name: SunJavaUpdateSched Value Data: "C:\Program Files\Common Files\Java\Java Update\jusched.exe" C:\Program Files\Common Files\Java\Java Update\jusched.exe 246504 bytes Created: 11.01.2010 15:21 Modified: 11.01.2010 15:21 Company: Sun Microsystems, Inc. -------------------- Value Name: AdobeAAMUpdater-1.0 Value Data: "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe 500208 bytes Created: 18.01.2011 13:49 Modified: 06.03.2010 03:44 Company: Adobe Systems Incorporated -------------------- Value Name: SwitchBoard Value Data: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 517096 bytes Created: 19.02.2010 13:37 Modified: 19.02.2010 13:37 Company: Adobe Systems Incorporated -------------------- Value Name: AdobeCS5ServiceManager Value Data: "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe 402432 bytes Created: 22.02.2010 04:57 Modified: 22.07.2010 22:10 Company: Adobe Systems Incorporated -------------------- Value Name: BCSSync Value Data: "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices C:\Program Files\Microsoft Office\Office14\BCSSync.exe 91520 bytes Created: 13.03.2010 14:54 Modified: 13.03.2010 14:54 Company: Microsoft Corporation -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: Device Detector Value Data: DevDetect.exe -autorun DevDetect.exe -autorun - this registry value has been removed [file not found to scan] -------------------- Value Name: AnyDVD Value Data: C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe 3124160 bytes Created: 11.11.2009 12:29 Modified: 11.11.2009 12:29 Company: SlySoft, Inc. -------------------- Value Name: Sony Ericsson PC Suite Value Data: "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe 393216 bytes Created: 05.01.2011 10:41 Modified: 02.07.2008 16:16 Company: Sony Ericsson Mobile Communications AB -------------------- Value Name: GoogleUpdate Value Data: C:\Users\Piia - Muckelchen\Downloads\setup.exe ERROR: EStackOverflow calling [Unhandled] in procedure ScanForm.CommandOK: Stack overflow ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [INCOMPLETE SCAN LOG RECOVERED] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ====================================== [INCOMPLETE SCAN LOG RECOVERED] ====================================== ***** DRIVE/DIRECTORY SCAN ***** Trojan Remover Ver 6.8.2.2595. For information, email support@simplysup.com [Unregistered version] Scan started at: 16:42:09 23 Jan 2011 Using Database v7645 Operating System: Windows 7 Professional [Build: 6.1.7600] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Piia - Muckelchen\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Piia - Muckelchen\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ Carrying out scan on C:\ (including subdirectories) Archive files will be EXCLUDED. ------------------------------ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [INCOMPLETE SCAN LOG RECOVERED] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.8.2.2595. For information, email support@simplysup.com [Unregistered version] Scan started at: 16:40:35 23 Jan 2011 Using Database v7645 Operating System: Windows 7 Professional [Build: 6.1.7600] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Piia - Muckelchen\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Piia - Muckelchen\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ ************************************************************ 16:40:35: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 16:40:36: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: explorer.exe C:\Windows\explorer.exe 2614272 bytes Created: 20.12.2010 09:43 Modified: 31.10.2009 06:45 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe,] File: C:\Windows\system32\userinit.exe C:\Windows\system32\userinit.exe 26112 bytes Created: 14.07.2009 00:34 Modified: 14.07.2009 02:14 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: Apoint Value Data: C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Apoint2K\Apoint.exe 225280 bytes Created: 30.07.2009 04:33 Modified: 30.07.2009 04:33 Company: Alps Electric Co., Ltd. -------------------- Value Name: Adobe Reader Speed Launcher Value Data: "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe 35736 bytes Created: 10.11.2010 12:49 Modified: 10.11.2010 12:49 Company: Adobe Systems Incorporated -------------------- Value Name: Adobe ARM Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 932288 bytes Created: 10.11.2010 12:49 Modified: 10.11.2010 12:49 Company: Adobe Systems Incorporated -------------------- Value Name: avgnt Value Data: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 281768 bytes Created: 20.12.2010 20:19 Modified: 13.12.2010 08:39 Company: Avira GmbH -------------------- Value Name: SunJavaUpdateSched Value Data: "C:\Program Files\Common Files\Java\Java Update\jusched.exe" C:\Program Files\Common Files\Java\Java Update\jusched.exe 246504 bytes Created: 11.01.2010 15:21 Modified: 11.01.2010 15:21 Company: Sun Microsystems, Inc. -------------------- Value Name: AdobeAAMUpdater-1.0 Value Data: "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe 500208 bytes Created: 18.01.2011 13:49 Modified: 06.03.2010 03:44 Company: Adobe Systems Incorporated -------------------- Value Name: SwitchBoard Value Data: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 517096 bytes Created: 19.02.2010 13:37 Modified: 19.02.2010 13:37 Company: Adobe Systems Incorporated -------------------- Value Name: AdobeCS5ServiceManager Value Data: "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe 402432 bytes Created: 22.02.2010 04:57 Modified: 22.07.2010 22:10 Company: Adobe Systems Incorporated -------------------- Value Name: BCSSync Value Data: "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices C:\Program Files\Microsoft Office\Office14\BCSSync.exe 91520 bytes Created: 13.03.2010 14:54 Modified: 13.03.2010 14:54 Company: Microsoft Corporation -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 1167296 bytes Created: 23.01.2011 16:24 Modified: 05.07.2010 12:49 Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: Device Detector Value Data: DevDetect.exe -autorun DevDetect.exe - [file not found to scan] -------------------- Value Name: AnyDVD Value Data: C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe 3124160 bytes Created: 11.11.2009 12:29 Modified: 11.11.2009 12:29 Company: SlySoft, Inc. -------------------- Value Name: Sony Ericsson PC Suite Value Data: "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe 393216 bytes Created: 05.01.2011 10:41 Modified: 02.07.2008 16:16 Company: Sony Ericsson Mobile Communications AB -------------------- Value Name: GoogleUpdate Value Data: C:\Users\Piia - Muckelchen\Downloads\setup.exe C:\Users\Piia - Muckelchen\Downloads\setup.exe - [file not found to scan] -------------------- Value Name: JP595IR86O Value Data: C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe 204288 bytes Created: 23.01.2011 11:36 Modified: 23.01.2011 11:36 Company: Adobe Flash Player -------------------- Value Name: {32A068F1-BA4F-03E6-B150-A98A13ED97A3} Value Data: "C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye\weizd.exe" C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye\weizd.exe 144896 bytes Created: 19.12.2010 19:08 Modified: 19.12.2010 19:08 Company: -------------------- Value Name: cleansweep.exe Value Data: C:\cleansweep.exe\cleansweep.exe C:\cleansweep.exe\cleansweep.exe 220672 bytes Created: 20.12.2010 09:39 Modified: 24.03.2010 07:37 Company: largez -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 16:40:43: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} Value: Groove GFS Stub Execution Hook File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL 4222864 bytes Created: 25.03.2010 10:25 Modified: 25.03.2010 10:25 Company: Microsoft Corporation ---------- ************************************************************ 16:40:43: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 16:40:44: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************************ 16:40:44: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- ************************************************************ 16:40:44: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: StorSvc Path: %SystemRoot%\system32\storsvc.dll C:\Windows\system32\storsvc.dll 16384 bytes Created: 14.07.2009 00:45 Modified: 14.07.2009 02:16 Company: Microsoft Corporation -------------------- ************************************************************ 16:40:46: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AdobeActiveFileMonitor7.0 ImagePath: C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe 169312 bytes Created: 16.09.2008 12:03 Modified: 16.09.2008 12:03 Company: Adobe Systems Incorporated ---------- Key: amdsata ImagePath: \SystemRoot\system32\DRIVERS\amdsata.sys C:\Windows\system32\DRIVERS\amdsata.sys 79952 bytes Created: 10.06.2009 22:19 Modified: 14.07.2009 02:26 Company: Advanced Micro Devices ---------- Key: amdxata ImagePath: system32\DRIVERS\amdxata.sys C:\Windows\system32\DRIVERS\amdxata.sys 23616 bytes Created: 13.07.2009 23:09 Modified: 14.07.2009 02:26 Company: Advanced Micro Devices ---------- Key: AnyDVD ImagePath: System32\Drivers\AnyDVD.sys C:\Windows\System32\Drivers\AnyDVD.sys 104512 bytes Created: 11.11.2009 12:22 Modified: 11.11.2009 12:22 Company: SlySoft, Inc. ---------- Key: atapi ImagePath: system32\DRIVERS\atapi.sys C:\Windows\system32\DRIVERS\atapi.sys 21584 bytes Created: 14.07.2009 00:11 Modified: 14.07.2009 02:26 Company: Microsoft Corporation ---------- Key: athur ImagePath: system32\DRIVERS\athur.sys C:\Windows\system32\DRIVERS\athur.sys 1500160 bytes Created: 05.01.2011 09:47 Modified: 05.01.2010 19:20 Company: Atheros Communications, Inc. ---------- Key: clr_optimization_v4.0.30319_32 ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 130384 bytes Created: 18.03.2010 13:16 Modified: 18.03.2010 13:16 Company: Microsoft Corporation ---------- Key: FLEXnet Licensing Service ImagePath: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 867080 bytes Created: 20.12.2010 17:48 Modified: 20.12.2010 17:48 Company: Acresso Software Inc. ---------- Key: hwdatacard ImagePath: system32\DRIVERS\ewusbmdm.sys C:\Windows\system32\DRIVERS\ewusbmdm.sys 101760 bytes Created: 19.12.2010 18:34 Modified: 24.07.2008 12:03 Company: Huawei Technologies Co., Ltd. ---------- Key: iaStorV ImagePath: \SystemRoot\system32\DRIVERS\iaStorV.sys C:\Windows\system32\DRIVERS\iaStorV.sys 332352 bytes Created: 10.06.2009 22:19 Modified: 14.07.2009 02:20 Company: Intel Corporation ---------- Key: ISODrive ImagePath: \??\C:\Program Files\UltraISO\drivers\ISODrive.sys C:\Program Files\UltraISO\drivers\ISODrive.sys 82320 bytes Created: 25.12.2010 13:22 Modified: 29.01.2010 11:40 Company: EZB Systems, Inc. ---------- Key: KMWDFILTERx86 ImagePath: system32\DRIVERS\KMWDFILTER.sys C:\Windows\system32\DRIVERS\KMWDFILTER.sys 25088 bytes Created: 29.04.2009 15:37 Modified: 29.04.2009 15:37 Company: Windows (R) Codename Longhorn DDK provider ---------- Key: Microsoft SharePoint Workspace Audit Service ImagePath: "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice C:\Program Files\Microsoft Office\Office14\GROOVE.EXE 30969208 bytes Created: 25.03.2010 10:25 Modified: 25.03.2010 10:25 Company: Microsoft Corporation ---------- Key: msahci ImagePath: system32\DRIVERS\msahci.sys C:\Windows\system32\DRIVERS\msahci.sys 27712 bytes Created: 14.07.2009 00:45 Modified: 14.07.2009 02:20 Company: Microsoft Corporation ---------- Key: NVENETFD ImagePath: system32\DRIVERS\nvm62x32.sys C:\Windows\system32\DRIVERS\nvm62x32.sys 347264 bytes Created: 10.06.2009 22:18 Modified: 13.07.2009 23:02 Company: NVIDIA Corporation ---------- Key: osppsvc ImagePath: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 4640000 bytes Created: 09.01.2010 21:37 Modified: 09.01.2010 21:37 Company: Microsoft Corporation ---------- Key: s0017bus ImagePath: system32\DRIVERS\s0017bus.sys C:\Windows\system32\DRIVERS\s0017bus.sys 90536 bytes Created: 05.01.2011 10:41 Modified: 27.05.2008 11:41 Company: MCCI Corporation ---------- Key: s0017mdfl ImagePath: system32\DRIVERS\s0017mdfl.sys C:\Windows\system32\DRIVERS\s0017mdfl.sys 15016 bytes Created: 05.01.2011 10:41 Modified: 27.05.2008 11:41 Company: MCCI Corporation ---------- Key: s0017mdm ImagePath: system32\DRIVERS\s0017mdm.sys C:\Windows\system32\DRIVERS\s0017mdm.sys 122152 bytes Created: 05.01.2011 10:41 Modified: 27.05.2008 11:41 Company: MCCI Corporation ---------- Key: s0017mgmt ImagePath: system32\DRIVERS\s0017mgmt.sys C:\Windows\system32\DRIVERS\s0017mgmt.sys 115496 bytes Created: 05.01.2011 10:41 Modified: 27.05.2008 11:41 Company: MCCI Corporation ---------- Key: s0017nd5 ImagePath: system32\DRIVERS\s0017nd5.sys C:\Windows\system32\DRIVERS\s0017nd5.sys 25768 bytes Created: 05.01.2011 10:41 Modified: 27.05.2008 11:41 Company: MCCI Corporation ---------- Key: s0017obex ImagePath: system32\DRIVERS\s0017obex.sys C:\Windows\system32\DRIVERS\s0017obex.sys 111912 bytes Created: 05.01.2011 10:41 Modified: 27.05.2008 11:41 Company: MCCI Corporation ---------- Key: s0017unic ImagePath: system32\DRIVERS\s0017unic.sys C:\Windows\system32\DRIVERS\s0017unic.sys 117672 bytes Created: 05.01.2011 10:41 Modified: 27.05.2008 11:41 Company: MCCI Corporation ---------- Key: Serenum ImagePath: \SystemRoot\system32\DRIVERS\serenum.sys C:\Windows\system32\DRIVERS\serenum.sys 17920 bytes Created: 14.07.2009 00:45 Modified: 14.07.2009 00:45 Company: Microsoft Corporation ---------- Key: Serial ImagePath: \SystemRoot\system32\DRIVERS\serial.sys C:\Windows\system32\DRIVERS\serial.sys 83456 bytes Created: 14.07.2009 00:45 Modified: 14.07.2009 00:45 Company: Microsoft Corporation ---------- Key: SIS163u ImagePath: system32\DRIVERS\sis163u.sys C:\Windows\system32\DRIVERS\sis163u.sys 218624 bytes Created: 07.05.2007 00:00 Modified: 07.05.2007 00:00 Company: Silicon Integrated Systems Corp. ---------- Key: SrvHsfHDA ImagePath: system32\DRIVERS\VSTAZL3.SYS C:\Windows\system32\DRIVERS\VSTAZL3.SYS 207360 bytes Created: 13.07.2009 23:13 Modified: 13.07.2009 23:13 Company: Conexant Systems, Inc. ---------- Key: SrvHsfWinac ImagePath: system32\DRIVERS\VSTCNXT3.SYS C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 661504 bytes Created: 13.07.2009 23:13 Modified: 13.07.2009 23:13 Company: Conexant Systems, Inc. ---------- Key: Stereo Service ImagePath: C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 369256 bytes Created: 16.10.2010 11:46 Modified: 16.10.2010 11:46 Company: NVIDIA Corporation ---------- Key: SwitchBoard ImagePath: "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 517096 bytes Created: 19.02.2010 13:37 Modified: 19.02.2010 13:37 Company: Adobe Systems Incorporated ---------- Key: TeamViewer6 ImagePath: C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe 2222376 bytes Created: 19.12.2010 19:28 Modified: 30.11.2010 18:08 Company: TeamViewer GmbH ---------- Key: vwififlt ImagePath: system32\DRIVERS\vwififlt.sys C:\Windows\system32\DRIVERS\vwififlt.sys 48128 bytes Created: 14.07.2009 00:52 Modified: 14.07.2009 00:52 Company: Microsoft Corporation ---------- Key: Wd ImagePath: system32\DRIVERS\wd.sys C:\Windows\system32\DRIVERS\wd.sys 19024 bytes Created: 14.07.2009 00:11 Modified: 14.07.2009 02:19 Company: Microsoft Corporation ---------- Key: WinUsb ImagePath: system32\DRIVERS\WinUsb.sys C:\Windows\system32\DRIVERS\WinUsb.sys 34944 bytes Created: 14.07.2009 00:51 Modified: 14.07.2009 00:51 Company: Microsoft Corporation ---------- ************************************************************ 16:41:11: Scanning -----VXD ENTRIES----- ************************************************************ 16:41:11: Scanning ----- WINLOGON\NOTIFY DLLS ----- No WINLOGON\NOTIFY DLLs found to scan Rootkit scan of Winlogon\Notify key not possible [key may not exist] ************************************************************ 16:41:11: Scanning ----- CONTEXTMENUHANDLERS ----- Key: XXX Groove GFS Context Menu Handler XXX CLSID: {6C467336-8281-4E60-8204-430CED96822D} Path: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL 4222864 bytes Created: 25.03.2010 10:25 Modified: 25.03.2010 10:25 Company: Microsoft Corporation ---------- ************************************************************ 16:41:11: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} File: "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll 397824 bytes Created: 15.12.2009 18:05 Modified: 15.12.2009 18:05 Company: OpenOffice.org ---------- ************************************************************ 16:41:12: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} BHO: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF} BHO: C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL 561552 bytes Created: 28.02.2010 02:20 Modified: 28.02.2010 02:20 Company: Microsoft Corporation ---------- ************************************************************ 16:41:12: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 16:41:13: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- No SharedTaskScheduler entries found to scan ************************************************************ 16:41:13: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 16:41:13: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ************************************************************ 16:41:14: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 16:41:14: Scanning ------ COMMON STARTUP GROUP ------ [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 14.07.2009 05:41 Modified: 14.07.2009 05:41 Company: [no info] -------------------- ************************************************************ 16:41:15: Scanning ----- USER STARTUP GROUPS ----- Checking Startup Group for: Piia - Muckelchen [C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 19.12.2010 18:30 Modified: 21.12.2010 07:15 Company: [no info] ---------- OpenOffice.org 3.2.lnk - links to C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE 384000 bytes Created: 15.12.2009 11:30 Modified: 15.12.2009 11:30 Company: [no info] ---------- -------------------- ************************************************************ 16:41:16: Scanning ----- SCHEDULED TASKS ----- Taskname: {22116563-108C-42c0-A7CE-60161B75E508} File: C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe 204288 bytes Created: 23.01.2011 11:36 Modified: 23.01.2011 11:36 Company: Adobe Flash Player Schedule: Multiple schedule times Next Run Time: 23.01.2011 16:52:00 Status: Ready Creator: Piia - Muckelchen Comments: ---------- Taskname: {62C40AA6-4406-467a-A5A5-DFDF1B559B7A} File: C:\Windows\Crahea.exe C:\Windows\Crahea.exe 201728 bytes Created: 23.01.2011 11:37 Modified: 23.01.2011 11:36 Company: Adobe Flash Player Schedule: Multiple schedule times Next Run Time: 23.01.2011 17:36:00 Status: Running Creator: Piia - Muckelchen Comments: ---------- Taskname: {A5E2AE77-D229-48E5-B625-BF24A3DCE643} File: C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Phone\Skype.exe -R- 14944136 bytes Created: 03.12.2010 16:46 Modified: 03.12.2010 16:46 Company: Skype Technologies S.A. Schedule: At task creation/modification Next Run Time: Status: Ready Creator: SkypeSetupLight Comments: ---------- Taskname: {BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A} File: C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe 195584 bytes Created: 23.01.2011 11:36 Modified: 23.01.2011 11:36 Company: Adobe Flash Player Schedule: Multiple schedule times Next Run Time: 23.01.2011 17:02:00 Status: Ready Creator: Piia - Muckelchen Comments: ---------- Taskname: AdobeAAMUpdater-1.0-Amilo-Piia - Muckelchen File: C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe 500208 bytes Created: 18.01.2011 13:49 Modified: 06.03.2010 03:44 Company: Adobe Systems Incorporated Parameters: -mode=scheduled Schedule: At 02:00:00 every day Next Run Time: 24.01.2011 02:00:00 Status: Ready Creator: Author Name Comments: ---------- ************************************************************ 16:41:20: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- Key: Groove Explorer Icon Overlay 1 (GFS Unread Stub) CLSID: {99FD978C-D287-4F50-827F-B2C658EDA8E7} File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: Groove Explorer Icon Overlay 2 (GFS Stub) CLSID: {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) CLSID: {920E6DB1-9907-4370-B3A0-BAFC03D81399} File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: Groove Explorer Icon Overlay 3 (GFS Folder) CLSID: {16F3DD56-1AF5-4347-846D-7C10C4192619} File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: Groove Explorer Icon Overlay 4 (GFS Unread Mark) CLSID: {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: SharingPrivate CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235} File: %SystemRoot%\system32\ntshrui.dll C:\Windows\system32\ntshrui.dll 442880 bytes Created: 14.07.2009 00:41 Modified: 14.07.2009 02:16 Company: Microsoft Corporation ---------- ************************************************************ 16:41:22: Scanning ----- DEVICE DRIVER ENTRIES ----- Value: VIDC.ACDV File: ACDV.dll ACDV.dll - [file not found to scan] ---------- ************************************************************ 16:41:22: ----- ADDITIONAL CHECKS ----- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg 1720427 bytes Created: 19.12.2010 18:30 Modified: 03.01.2011 11:25 Company: [no info] ---------- Web Desktop Wallpaper entry is blank ---------- Checks for rogue DNS NameServers completed ---------- Additional checks completed ************************************************************ 16:41:25: Scanning ----- RUNNING PROCESSES ----- C:\Windows\system32\Dwm.exe 92672 bytes Created: 14.07.2009 00:24 Modified: 14.07.2009 02:14 Company: Microsoft Corporation -------------------- C:\Windows\Explorer.EXE - file already scanned -------------------- C:\Windows\system32\taskeng.exe 192000 bytes Created: 20.12.2010 10:00 Modified: 02.11.2010 05:34 Company: Microsoft Corporation -------------------- C:\Windows\system32\taskhost.exe 49152 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:14 Company: Microsoft Corporation -------------------- C:\Windows\Crahea.exe - file already scanned -------------------- C:\Program Files\Apoint2K\Apoint.exe - file already scanned -------------------- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe - file already scanned -------------------- C:\Program Files\Common Files\Java\Java Update\jusched.exe - file already scanned -------------------- C:\Program Files\Common Files\ACD Systems\DE\DevDetect.exe 604496 bytes Created: 06.04.2010 15:26 Modified: 06.04.2010 15:26 Company: ACD Systems International Inc. -------------------- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe - file already scanned -------------------- C:\Program Files\OpenOffice.org 3\program\soffice.exe 7424000 bytes Created: 02.02.2010 00:15 Modified: 02.02.2010 00:15 Company: OpenOffice.org -------------------- C:\Program Files\OpenOffice.org 3\program\soffice.bin 7418368 bytes Created: 02.02.2010 00:15 Modified: 02.02.2010 00:15 Company: OpenOffice.org -------------------- C:\Program Files\Apoint2K\ApMsgFwd.exe 42280 bytes Created: 16.07.2009 00:42 Modified: 16.07.2009 00:42 Company: Alps Electric Co., Ltd. -------------------- C:\Program Files\Apoint2K\Apntex.exe 49152 bytes Created: 31.01.2009 09:15 Modified: 31.01.2009 09:15 Company: Alps Electric Co., Ltd. -------------------- C:\Windows\system32\conhost.exe 271360 bytes Created: 14.07.2009 00:25 Modified: 14.07.2009 02:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\wuauclt.exe 47104 bytes Created: 14.07.2009 01:14 Modified: 14.07.2009 02:14 Company: Microsoft Corporation -------------------- C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe - file already scanned -------------------- C:\Program Files\Common Files\Java\Java Update\jucheck.exe 490216 bytes Created: 11.01.2010 15:21 Modified: 11.01.2010 15:21 Company: Sun Microsystems, Inc. -------------------- C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe - file already scanned -------------------- C:\Program Files\Trojan Remover\Rmvtrjan.exe FileSize: 3687344 [This is a Trojan Remover component] -------------------- C:\Windows\system32\SearchFilterHost.exe 86528 bytes Created: 14.07.2009 01:13 Modified: 14.07.2009 02:14 Company: Microsoft Corporation -------------------- ************************************************************ 16:41:31: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\System32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": hxxp://go.microsoft.com/fwlink/?LinkId=54896 ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 16:41:32 23 Jan 2011 Total Scan time: 00:00:56 ************************************************************ |
Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten |
OLT.txtOTL Logfile: Code: OTL logfile created on: 24.01.2011 15:46:11 - Run 1 |
OLT.txtOTL Logfile: Code: OTL logfile created on: 24.01.2011 15:46:11 - Run 1 |
1. rechtsklick avira schirm, guard deaktivieren. 2. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe (Adobe Flash Player) PRC - C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe (Adobe Flash Player) PRC - C:\Windows\Crahea.exe (Adobe Flash Player) O4 - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000..\Run: [JP595IR86O] C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe (Adobe Flash Player) [2011.01.23 11:37:04 | 000,201,728 | ---- | C] (Adobe Flash Player) -- C:\Windows\Crahea.exe [2011.01.24 15:43:59 | 000,000,316 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.01.24 15:39:07 | 000,000,270 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job :Files C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye C:\Users\Piia - Muckelchen\AppData\Roaming\Leisin C:\cleansweep.exe\ C:\mute :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. rechtsklick avira schirm, guard deaktivieren. öffne computer, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html avira aktivieren. |
All processes killed ========== OTL ========== No active process named Cp2.exe was found! Process Cp1.exe killed successfully! No active process named Crahea.exe was found! Registry value HKEY_USERS\S-1-5-21-2881098273-3420571134-2651252604-1000\Software\Microsoft\Windows\CurrentVersion\Run\\JP595IR86O deleted successfully. C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe moved successfully. C:\Windows\Crahea.exe moved successfully. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully. C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job moved successfully. ========== FILES ========== C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe moved successfully. File\Folder C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe not found. C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye folder moved successfully. C:\Users\Piia - Muckelchen\AppData\Roaming\Leisin folder moved successfully. C:\cleansweep.exe folder moved successfully. C:\mute folder moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 41620 bytes User: Default User ->Flash cache emptied: 0 bytes User: Piia - Muckelchen ->Flash cache emptied: 49152 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Piia - Muckelchen ->Temp folder emptied: 139738715 bytes ->Temporary Internet Files folder emptied: 62107322 bytes ->Java cache emptied: 414571 bytes ->FireFox cache emptied: 90160289 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 8827074 bytes RecycleBin emptied: 11506811458 bytes Total Files Cleaned = 11.261,00 mb OTL by OldTimer - Version 3.2.20.5 log created on 01242011_162003 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
machst du onlinebanking oder einkäufe? |
Ja überwiegend Banking, warum? |
ok. 1. lasse sofort deinen onlinebanking zugang sperren, deine daten sind ausgespät worden. 2. danach musst du daten sichern und wir machen uns ans neu aufsetzen, sonst kannst du kein onlinebanking mehr an dem pc machen. |
Okay und wie sichern wir jetzt die Daten genau? gibt es da tools oder ähnliches für, da einige Daten wie fotos extrem wichtig für mich sind |
nein, einfach auf cd brennen, oder auf ne externe festplatte. oder usb stick. übrigens, wenn deine daten so wichtig ist, sollte man sowieso davon nen backup, (sicherung) haben, was machst du denn, wenn deine festplatte mal kaputt ist, ne reparatur kostet einige 100 € was für die meisten bedeutet das die daten dann weg sind. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 17:30 Uhr. |
Copyright ©2000-2025, Trojaner-Board