|
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.10.2010, 23:38 | #1 |
| TR/Crypt.XPACK.Gen Hallo! Ich hatte schon einmal eure Hilfe in Anspruch genommen aufgrund eines Viruses und ein zweites Mal einer Falschmeldung, siehe diese beiden Threads: http://www.trojaner-board.de/89187-t...vorhanden.html http://www.trojaner-board.de/90778-j...chmeldung.html Mein Antivir meldetete mir vorgestern auf einmal wieder einen Virus, obwohl ich eigentlich nur Sachen von vertrauten Quellen heruntergeladen habe (pdfs, o.ä.) und auch sonst nur auf Seiten war, denen ich vertraue. TR/Crypt.XPACK.Gen in C:\Users\User\AppData\Local\Temp\BIT41AD.tmp, wird zweimal gemeldet, ich habs in die Quarantäne verschoben. Ein neuer Virenscan mit Antivir und auch zwei MBAM-Scans sind ohne Ergebnis. Ich könnte jetzt hier drei Logs o.B. posten, aber das macht ja irgendwie keinen Sinn. OTL-Scan ist gerade im Gange. Soll ich die Dateien aus der Quarantäne irgendwo überprüfen lassen oder den Rechner mit einem Onlinescanner durchsuchen lassen? Wenn er wirklich gar nicht mehr zu retten ist, müsste ich ihn formatieren. Dazu wäre die Frage: Ich hab einen Haufen Daten, die auf den Partitionen D: und E: liegen. Diese Daten brauche ich noch. Wenn ich C: formatieren würde, kann es sein, dass sich irgendein Bösewicht nach D: oder E: (bzw. auf meinen USB-Stick) verirrt hat und C: wieder infiziert? OTL-Scan folgt Vielen Dank, Catarina |
21.10.2010, 23:38 | #2 |
| TR/Crypt.XPACK.Gen Extras.txt:OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 22.10.2010 00:31:15 - Run 2 OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\***\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 33,00% Memory free 8,00 Gb Paging File | 5,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,31 Gb Total Space | 117,09 Gb Free Space | 59,95% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 81,20 Gb Free Space | 41,57% Space Free | Partition Type: NTFS Drive E: | 205,54 Gb Total Space | 64,27 Gb Free Space | 31,27% Space Free | Partition Type: NTFS Drive F: | 367,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 7,31 Gb Total Space | 5,38 Gb Free Space | 73,68% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RECHNER Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-2035082496-2408582789-327603331-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4C8C6D37-CA3C-4EF6-A1E5-0D188E7B6021}" = HP Officejet 6500 E709 Series "{59427B1F-852F-4AF1-8215-E5B12F966D89}" = Logitech G11 Keyboard Software 1.03 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{97407E09-4EA8-49F0-A513-2C1776A6DEC0}" = Sentinel System Driver(64-bit) 7.2.2 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) "C-Media CM106 Like Sound Driver" = USB Multi-Channel Audio Device "CPUID CPU-Z_is1" = CPUID CPU-Z 1.53 "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "GSview 4.9" = GSview 4.9 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0236FF14-34AF-4D37-BA6C-17567B7A8685}_is1" = MapTk (MapToolKit) "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{11968F04-71FB-4C8C-B4D8-14FA4171EE36}" = 6500_E709_Help_BasicWeb "{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in "{1873789F-59D5-4002-8A2F-60A827B78F98}_is1" = GmapTool 0.4.6 "{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink BD Solution "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21 "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution "{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3 "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5 "{41B76534-B3C2-4FCF-B171-5291A3561051}" = ArcGIS Tutorial Data "{48F95CE7-69D9-4967-81F7-D763CABFBD53}" = Debugging Tools for Windows (x86) "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform "{5033400B-0977-45AB-94CE-CC135A8E1BBB}" = ArcGIS Desktop "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79F71DBA-38D0-D6C4-DF6C-335C37091031}" = Nero 7 Demo "{7BD0D8F8-A13C-48D2-B201-4AD29A48AF34}" = Google SketchUp 7 "{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86196C81-759C-4F74-8DFF-36F9F50FEEAC}" = 6500_E709_BasicWeb "{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater "{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager "{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D8B5B7C3-47B1-40FA-8251-59C74A543880}" = Dragon Age: Origins Character Creator "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader "{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E2903F16-9A5A-4292-9D97-8328088086B6}" = forteManager "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FAD96046-769E-4A4B-949B-8D29D885EFD6}" = BPDSoftware_Ini "{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "AGSAdventureDev312SP1_is1" = Adventure Game Studio 3.1.2 SP1 "ArcGIS Desktop" = ArcGIS Desktop "ArcGIS Tutorial Data" = ArcGIS Tutorial Data "ASRock OC Tuner_is1" = ASRock OC Tuner v2.2.96 "ATITool" = ATITool Overclocking Utility "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Cachewolf POI Export" = Cachewolf POI Export "CCleaner" = CCleaner "cGPSmapper Free_is1" = cGPSmapper Free 0098e "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Citavi" = Citavi 2.5 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "EADM" = EA Download Manager "ESET Online Scanner" = ESET Online Scanner v3 "FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows "Foxit Reader" = Foxit Reader "Free Download Manager_is1" = Free Download Manager 3.0 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "Generic USB 106 Sound" = SL-8795 Headset "GeoSetter_is1" = GeoSetter 3.1.20 "GoldWave v5.55" = GoldWave v5.55 "GPicSync_is1" = GPicSync 1.28 "GPL Ghostscript 8.63" = GPL Ghostscript 8.63 "GPS-Track-Analyse.NET" = GPS-Track-Analyse.NET "GRASS-64" = GRASS "GSview 4.9" = GSview 4.9 "HijackThis" = HijackThis 2.0.2 "JiveX DICOM Viewer Light 4.3.1" = JiveX DICOM Viewer Light 4.3.1 "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MiKTeX 2.7" = MiKTeX 2.7 "Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11) "myphotobook" = myphotobook 3.65 "Nokia Ovi Suite" = Nokia Ovi Suite "numpy-py2.5" = Python 2.5 numpy-1.0.3 "Office14.SingleImage" = Microsoft Office Professional 2010 "Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3 "Python 2.5.1" = Python 2.5.1 "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition "SpywareBlaster_is1" = SpywareBlaster 4.3 "TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1 "THWTheorie" = THW Theorie "Totalcmd" = Total Commander (Remove or Repair) "Uninstall_is1" = Uninstall 1.0.0.1 "Vectorworks ArchLand 2009 SP3 R1" = Vectorworks ArchLand 2009 SP3 R1 "VLC media player" = VLC media player 0.9.9 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR Archivierer "WordToPDF_is1" = WordToPDF 2.5 "ZoneAlarm Pro" = ZoneAlarm Pro ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2035082496-2408582789-327603331-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 23.07.2010 08:09:40 | Computer Name = Rechner | Source = OviSuite | ID = 1 Description = Error - 23.07.2010 08:09:40 | Computer Name = Rechner | Source = OviSuite | ID = 1 Description = Error - 23.07.2010 08:09:40 | Computer Name = Rechner | Source = OviSuite | ID = 1 Description = Error - 23.07.2010 08:09:40 | Computer Name = Rechner | Source = OviSuite | ID = 1 Description = Error - 23.07.2010 08:09:40 | Computer Name = Rechner | Source = OviSuite | ID = 1 Description = Error - 23.07.2010 08:09:40 | Computer Name = Rechner | Source = OviSuite | ID = 1 Description = Error - 23.07.2010 08:09:40 | Computer Name = Rechner | Source = OviSuite | ID = 1 Description = Error - 23.07.2010 08:09:40 | Computer Name = Rechner | Source = OviSuite | ID = 1 Description = Error - 23.07.2010 08:09:48 | Computer Name = Rechner | Source = OviSuite | ID = 1 Description = Error - 23.07.2010 08:09:49 | Computer Name = Rechner | Source = OviSuite | ID = 1 Description = [ Media Center Events ] Error - 27.09.2009 14:05:02 | Computer Name = Rechner | Source = MCUpdate | ID = 0 Description = 20:05:02 - Fehler beim Herstellen der Internetverbindung. 20:05:02 - Serververbindung konnte nicht hergestellt werden.. Error - 28.09.2009 09:52:30 | Computer Name = Rechner | Source = MCUpdate | ID = 0 Description = 15:52:30 - Fehler beim Herstellen der Internetverbindung. 15:52:30 - Serververbindung konnte nicht hergestellt werden.. Error - 29.09.2009 11:05:26 | Computer Name = Rechner | Source = MCUpdate | ID = 0 Description = 17:05:26 - Fehler beim Herstellen der Internetverbindung. 17:05:26 - Serververbindung konnte nicht hergestellt werden.. Error - 30.09.2009 09:37:31 | Computer Name = Rechner | Source = MCUpdate | ID = 0 Description = 15:37:31 - Fehler beim Herstellen der Internetverbindung. 15:37:31 - Serververbindung konnte nicht hergestellt werden.. Error - 30.10.2009 17:06:24 | Computer Name = Rechner | Source = MCUpdate | ID = 0 Description = 22:06:21 - Fehler beim Herstellen der Internetverbindung. 22:06:21 - Serververbindung konnte nicht hergestellt werden.. Error - 30.10.2009 18:08:49 | Computer Name = Rechner | Source = MCUpdate | ID = 0 Description = 23:08:48 - Fehler beim Herstellen der Internetverbindung. 23:08:48 - Serververbindung konnte nicht hergestellt werden.. Error - 30.10.2009 20:04:00 | Computer Name = Rechner | Source = MCUpdate | ID = 0 Description = 01:03:59 - Fehler beim Herstellen der Internetverbindung. 01:03:59 - Serververbindung konnte nicht hergestellt werden.. Error - 30.10.2009 21:18:44 | Computer Name = Rechner | Source = MCUpdate | ID = 0 Description = 02:18:43 - Fehler beim Herstellen der Internetverbindung. 02:18:43 - Serververbindung konnte nicht hergestellt werden.. Error - 31.10.2009 08:46:48 | Computer Name = Rechner | Source = MCUpdate | ID = 0 Description = 13:46:48 - Fehler beim Herstellen der Internetverbindung. 13:46:48 - Serververbindung konnte nicht hergestellt werden.. Error - 31.10.2009 08:49:02 | Computer Name = Rechner | Source = MCUpdate | ID = 0 Description = 13:48:59 - Fehler beim Herstellen der Internetverbindung. 13:48:59 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 21.10.2010 17:11:08 | Computer Name = Rechner | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 21.10.2010 17:11:32 | Computer Name = Rechner | Source = PNRPSvc | ID = 102 Description = Error - 21.10.2010 17:11:32 | Computer Name = Rechner | Source = PNRPSvc | ID = 102 Description = Error - 21.10.2010 17:11:32 | Computer Name = Rechner | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 21.10.2010 17:11:32 | Computer Name = Rechner | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 21.10.2010 17:11:32 | Computer Name = Rechner | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 21.10.2010 17:11:32 | Computer Name = Rechner | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 21.10.2010 18:06:41 | Computer Name = Rechner | Source = PNRPSvc | ID = 102 Description = Error - 21.10.2010 18:06:41 | Computer Name = Rechner | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 21.10.2010 18:06:41 | Computer Name = Rechner | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 < End of report > |
21.10.2010, 23:41 | #3 |
| TR/Crypt.XPACK.Gen OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 22.10.2010 00:31:15 - Run 2 OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\***\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 33,00% Memory free 8,00 Gb Paging File | 5,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,31 Gb Total Space | 117,09 Gb Free Space | 59,95% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 81,20 Gb Free Space | 41,57% Space Free | Partition Type: NTFS Drive E: | 205,54 Gb Total Space | 64,27 Gb Free Space | 31,27% Space Free | Partition Type: NTFS Drive F: | 367,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 7,31 Gb Total Space | 5,38 Gb Free Space | 73,68% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RECHNER Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\ASRock Utility\OCTuner\ASROC.exe (ASRock) PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\RivaTuner\RivaTuner.exe () PRC - C:\Program Files (x86)\RivaTuner\Tools\RTSS\RTSS.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\system\cm106eye.exe () PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\RivaTuner\Tools\RTSS\RTSSHooks.dll () MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (WAS) -- C:\Windows\SysNative\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV:64bit: - (W3SVC) -- C:\Windows\SysNative\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AppHostSvc) -- C:\Windows\SysNative\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (getPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (DAUpdaterSvc) -- d:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV:64bit: - (USBMULCD) -- C:\Windows\SysNative\drivers\CM10664.sys (C-Media Electronics Inc) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (CLBStor) -- C:\Windows\SysNative\drivers\CLBStor.sys (Cyberlink Co.,Ltd.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation) DRV:64bit: - (ATITool) -- C:\Windows\SysNative\drivers\ATITool64.sys () DRV:64bit: - (Sentinel) -- C:\Windows\SysNative\drivers\Sentinel64.sys (SafeNet, Inc.) DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner\RivaTuner64.sys () DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.) DRV - (LGII2CDevice) -- C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys () DRV - (LGDDCDevice) -- C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys () DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) DRV - (CLBUDF) -- C:\Windows\CLBUDF.tbl () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2035082496-2408582789-327603331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-2035082496-2408582789-327603331-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2 FF - prefs.js..extensions.enabledItems: ***@stud.fh-dortmund.de:1.3 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.5 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.07.07 12:41:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010.10.12 12:05:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.10.15 00:37:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.20 22:54:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.20 22:54:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.20 22:54:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.20 22:54:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.20 22:54:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.20 22:54:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.20 22:54:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.20 22:54:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.20 22:54:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.20 22:54:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.20 22:54:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.20 22:54:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.20 22:54:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.20 22:54:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.07.07 12:41:57 | 000,000,000 | ---D | M] [2010.05.18 19:28:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.10.21 23:26:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wd07rzkk.default\extensions [2010.08.07 12:52:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wd07rzkk.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010.07.07 13:05:45 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wd07rzkk.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010.10.21 23:26:22 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wd07rzkk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.09.11 12:12:34 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wd07rzkk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.08.24 17:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wd07rzkk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.18 17:04:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wd07rzkk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.07.01 23:20:42 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wd07rzkk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.07.07 14:26:02 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wd07rzkk.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2010.07.15 22:12:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wd07rzkk.default\extensions\philip.hasky@stud.fh-dortmund.de [2010.08.08 23:30:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.07.19 13:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2010.06.22 23:31:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.08 23:26:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.10.20 10:48:13 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2010.07.01 23:20:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.01 23:20:00 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.01 23:20:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.01 23:20:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.01 23:20:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.07.15 01:07:28 | 000,609,487 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 fr.a2dfp.net O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net O1 - Hosts: 127.0.0.1 ad.a8.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 abcstats.com O1 - Hosts: 127.0.0.1 a.abv.bg O1 - Hosts: 127.0.0.1 adserver.abv.bg O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 ca.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 Accuserve Online Ad Delivery System O1 - Hosts: 127.0.0.1 achmedia.com O1 - Hosts: 127.0.0.1 aconti.net O1 - Hosts: 127.0.0.1 secure.aconti.net O1 - Hosts: 127.0.0.1 aconti.netService #[Dialer.Aconti] O1 - Hosts: 127.0.0.1 ads.active.com O1 - Hosts: 127.0.0.1 am1.activemeter.com O1 - Hosts: 127.0.0.1 Active Meter: Free Invisible Hit Counter, Web Tracker, Web Analytic and Web Stats #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ads.activepower.net O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ad2games.com O1 - Hosts: 16077 more lines... O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.DLL (C-Media Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RivaTuner] C:\Program Files (x86)\RivaTuner\RivaTunerWrapper.exe () O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner\RivaTunerWrapper.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [RTSS] C:\Program Files (x86)\RivaTuner\Tools\RTSS\RTSSWrapper.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2035082496-2408582789-327603331-1001..\Run: [] File not found O4 - HKU\S-1-5-21-2035082496-2408582789-327603331-1001..\Run: [ASRockOCTuner] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.4.11.1 192.168.2.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.12.06 16:12:36 | 000,666,226 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2008.12.06 16:12:57 | 000,666,473 | R--- | M] () - F:\autorun_network.inf -- [ CDFS ] O32 - AutoRun File - [2008.12.06 16:13:19 | 000,666,664 | R--- | M] () - F:\autorun_usb.inf -- [ CDFS ] O33 - MountPoints2\{1d209622-b6ab-11de-ad61-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1d209622-b6ab-11de-ad61-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found O33 - MountPoints2\{ad04201f-ab90-11de-bcad-001966c76e35}\Shell - "" = AutoRun O33 - MountPoints2\{ad04201f-ab90-11de-bcad-001966c76e35}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\Install.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.20 10:49:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Foxit Software [2010.10.20 10:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Reader [2010.10.14 12:36:57 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2010.10.14 12:36:57 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010.10.14 12:36:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010.10.14 12:36:52 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll [2010.10.14 12:36:52 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\StructuredQuery.dll [2010.10.14 12:36:49 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2010.10.14 12:36:48 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2010.10.14 12:36:48 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll [2010.10.14 12:36:47 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll [2010.10.14 12:36:47 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll [2010.10.14 12:36:42 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2010.10.14 12:36:42 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.10.14 12:36:41 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.10.14 12:36:41 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.10.14 12:36:41 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.10.14 12:36:41 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.10.14 12:36:41 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.10.14 12:36:41 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.10.14 12:36:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.10.14 12:36:41 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.10.14 12:36:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.10.14 12:36:41 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.10.14 12:36:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.10.14 12:36:41 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.10.14 12:36:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.10.14 12:36:32 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010.10.14 12:36:31 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010.10.14 12:36:30 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010.10.14 12:36:30 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010.10.14 12:36:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll [2010.10.13 11:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2010.10.13 11:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2010.10.13 11:19:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.10.13 11:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.10.12 12:17:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HP [2010.10.12 12:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar [2010.10.12 12:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer [2010.10.12 12:04:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP [2010.10.12 12:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard [2010.10.12 12:04:13 | 000,138,752 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l02t.dll [2010.10.12 12:03:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2010.10.12 12:02:55 | 001,422,848 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwtiop4.dll [2010.10.12 12:02:55 | 000,906,240 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpwwiax5.dll [2010.10.12 12:02:55 | 000,644,456 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll [2010.10.12 12:02:55 | 000,553,472 | ---- | C] (Hewlett Packard) -- C:\Windows\SysNative\hppldcoi.dll [2010.10.12 12:02:55 | 000,488,960 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpovst11.dll [2010.10.12 11:46:39 | 000,000,000 | ---D | C] -- C:\hp [2010.10.11 20:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2010.10.05 18:40:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2010.10.05 18:37:44 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2010.10.05 18:37:44 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2010.10.05 18:37:44 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2010.10.05 18:37:44 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2010.10.05 18:37:44 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2010.10.05 18:37:44 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2010.10.05 18:37:44 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2010.10.05 18:37:44 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2010.10.05 18:37:43 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2010.10.05 18:37:43 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2010.10.05 18:37:43 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2010.10.05 18:37:43 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2010.10.05 18:37:43 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2010.10.05 18:37:43 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2010.10.05 18:37:42 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2010.10.05 18:37:42 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2010.10.05 18:37:42 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2010.10.05 18:37:42 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2010.10.05 18:37:41 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2010.10.05 18:37:41 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2010.10.05 18:37:41 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2010.10.05 18:37:41 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2010.10.05 18:37:41 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2010.10.05 18:37:41 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2010.10.05 18:37:40 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2010.10.05 18:37:40 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2010.10.05 18:37:39 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2010.10.05 18:37:39 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2010.10.05 18:37:39 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2010.10.05 18:37:39 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2010.10.05 18:37:38 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2010.10.05 18:37:38 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2010.10.05 18:37:38 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2010.10.05 18:37:38 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2010.10.05 18:37:38 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2010.10.05 18:37:38 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2010.10.05 18:37:37 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2010.10.05 18:37:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2010.10.05 18:37:34 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2010.10.05 18:37:34 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2010.10.05 18:37:28 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2010.10.05 18:37:28 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2010.10.05 18:37:28 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2010.10.05 18:37:28 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2010.10.05 18:37:26 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2010.10.05 18:37:26 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2010.10.05 18:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2010.10.03 13:01:53 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.22 00:31:31 | 004,456,448 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.10.22 00:20:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.21 23:54:44 | 000,000,966 | ---- | M] () -- C:\Windows\Cm106.ini.imi [2010.10.21 23:11:08 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.21 23:10:15 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.21 23:10:15 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.21 23:02:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.10.21 23:01:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.21 23:01:37 | 3219,890,176 | -HS- | M] () -- C:\hiberfil.sys [2010.10.20 18:03:18 | 007,266,778 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.10.20 14:01:34 | 000,015,717 | ---- | M] () -- C:\Users\***\Desktop\invoice-2009-28241-o-39090-c-29887-d-20101020.pdf [2010.10.20 10:49:20 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.10.17 16:34:47 | 000,011,221 | ---- | M] () -- C:\Users\***\gsview32.ini [2010.10.15 18:52:13 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{148f1b32-d839-11df-b3b5-001966c76e35}.TMContainer00000000000000000002.regtrans-ms [2010.10.15 18:52:13 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{148f1b32-d839-11df-b3b5-001966c76e35}.TMContainer00000000000000000001.regtrans-ms [2010.10.15 18:52:13 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{148f1b32-d839-11df-b3b5-001966c76e35}.TM.blf [2010.10.15 10:50:21 | 005,031,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.10.15 00:34:42 | 001,816,166 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.10.15 00:34:42 | 000,769,700 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.10.15 00:34:42 | 000,711,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.10.15 00:34:42 | 000,173,614 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.10.15 00:34:42 | 000,141,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.10.13 11:19:19 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.10.12 12:36:40 | 000,218,914 | ---- | M] () -- C:\Windows\hpwins23.dat [2010.10.12 12:27:12 | 000,218,896 | ---- | M] () -- C:\Windows\hpwins23.dat.temp [2010.10.08 09:47:36 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.08 09:43:51 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{da665a74-d2ae-11df-b295-001966c76e35}.TMContainer00000000000000000002.regtrans-ms [2010.10.08 09:43:51 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{da665a74-d2ae-11df-b295-001966c76e35}.TMContainer00000000000000000001.regtrans-ms [2010.10.08 09:43:51 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{da665a74-d2ae-11df-b295-001966c76e35}.TM.blf [2010.10.06 00:24:46 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{53e998fc-d0ce-11df-83b3-001966c76e35}.TMContainer00000000000000000002.regtrans-ms [2010.10.06 00:24:46 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{53e998fc-d0ce-11df-83b3-001966c76e35}.TMContainer00000000000000000001.regtrans-ms [2010.10.06 00:24:46 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{53e998fc-d0ce-11df-83b3-001966c76e35}.TM.blf [2010.10.05 14:16:15 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{760c230b-d079-11df-acc9-001966c76e35}.TMContainer00000000000000000002.regtrans-ms [2010.10.05 14:16:15 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{760c230b-d079-11df-acc9-001966c76e35}.TMContainer00000000000000000001.regtrans-ms [2010.10.05 14:16:15 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{760c230b-d079-11df-acc9-001966c76e35}.TM.blf [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.20 14:00:14 | 000,015,717 | ---- | C] () -- C:\Users\***\Desktop\invoice-2009-28241-o-39090-c-29887-d-20101020.pdf [2010.10.20 10:49:20 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.10.15 11:04:02 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{148f1b32-d839-11df-b3b5-001966c76e35}.TMContainer00000000000000000002.regtrans-ms [2010.10.15 11:04:02 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{148f1b32-d839-11df-b3b5-001966c76e35}.TMContainer00000000000000000001.regtrans-ms [2010.10.15 11:04:02 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{148f1b32-d839-11df-b3b5-001966c76e35}.TM.blf [2010.10.13 11:19:19 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.10.12 12:27:09 | 000,218,896 | ---- | C] () -- C:\Windows\hpwins23.dat.temp [2010.10.12 12:27:09 | 000,001,501 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp [2010.10.12 12:03:11 | 000,218,914 | ---- | C] () -- C:\Windows\hpwins23.dat [2010.10.12 12:03:11 | 000,001,501 | ---- | C] () -- C:\Windows\hpwmdl23.dat [2010.10.11 20:13:24 | 000,001,747 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.10.08 09:47:36 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.08 09:43:48 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{da665a74-d2ae-11df-b295-001966c76e35}.TMContainer00000000000000000002.regtrans-ms [2010.10.08 09:43:48 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{da665a74-d2ae-11df-b295-001966c76e35}.TMContainer00000000000000000001.regtrans-ms [2010.10.08 09:43:48 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{da665a74-d2ae-11df-b295-001966c76e35}.TM.blf [2010.10.06 00:24:45 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{53e998fc-d0ce-11df-83b3-001966c76e35}.TMContainer00000000000000000002.regtrans-ms [2010.10.06 00:24:45 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{53e998fc-d0ce-11df-83b3-001966c76e35}.TMContainer00000000000000000001.regtrans-ms [2010.10.06 00:24:45 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{53e998fc-d0ce-11df-83b3-001966c76e35}.TM.blf [2010.10.05 14:16:12 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{760c230b-d079-11df-acc9-001966c76e35}.TMContainer00000000000000000002.regtrans-ms [2010.10.05 14:16:12 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{760c230b-d079-11df-acc9-001966c76e35}.TMContainer00000000000000000001.regtrans-ms [2010.10.05 14:16:12 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{760c230b-d079-11df-acc9-001966c76e35}.TM.blf [2010.09.21 18:36:26 | 000,000,466 | ---- | C] () -- C:\Windows\ArcView9x.INI [2010.07.28 20:55:10 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll [2010.07.28 20:55:08 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll [2010.07.28 20:55:07 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll [2010.07.28 20:51:45 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2010.07.28 20:51:45 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2009.12.30 15:27:55 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll [2009.12.30 15:27:45 | 000,000,966 | ---- | C] () -- C:\Windows\Cm106.ini.imi [2009.12.30 15:15:20 | 000,000,467 | ---- | C] () -- C:\Windows\Cm106.ini.cfl [2009.12.30 15:08:03 | 000,000,518 | ---- | C] () -- C:\Windows\cm106.ini [2009.12.30 15:07:43 | 000,002,391 | ---- | C] () -- C:\Windows\Cm106.ini.cfg [2009.12.07 15:55:19 | 000,000,070 | ---- | C] () -- C:\Windows\WinInit.Ini [2009.12.07 15:53:31 | 000,000,037 | ---- | C] () -- C:\Users\***\AppData\Roaming\pwcpsw.dat [2009.12.07 15:53:30 | 000,000,154 | ---- | C] () -- C:\Users\***\AppData\Roaming\default.pwcfg [2009.12.07 15:52:37 | 000,000,731 | ---- | C] () -- C:\Windows\pwc62d.INI [2009.12.07 14:15:00 | 000,000,081 | ---- | C] () -- C:\Windows\winDecrypt.INI [2009.11.29 21:16:04 | 000,000,696 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.11.24 22:39:53 | 000,000,095 | ---- | C] () -- C:\Windows\crackpdf.INI [2009.10.22 00:35:00 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009.10.22 00:35:00 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.10.12 17:05:53 | 000,000,287 | ---- | C] () -- C:\Users\***\AppData\Local\VersionChecker_14.xml [2009.10.06 15:22:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.30 01:07:08 | 001,794,784 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.09.25 14:10:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.09.25 13:57:43 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.09.25 01:43:59 | 000,007,634 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2009.09.24 23:20:49 | 000,004,801 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.08.22 20:25:00 | 000,062,861 | ---- | C] () -- C:\Program Files (x86)\RivaTuner.cfg [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.10.11 05:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [1997.06.25 16:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\RegObj.dll ========== LOP Check ========== [2010.07.19 13:29:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Academic Software Zurich [2009.10.07 01:16:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\anpo.republika.pl [2010.09.12 00:10:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2009.11.25 00:29:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools [2010.08.24 17:32:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.30 16:46:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESRI [2009.10.07 01:12:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fltk.org [2010.10.20 10:49:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2010.05.10 22:04:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager [2010.08.07 12:52:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN [2009.12.21 00:50:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GeoSetter [2010.06.16 17:29:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2010.09.16 01:31:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2009.09.24 23:14:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2009.10.12 17:05:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nemetschek [2010.07.07 13:42:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2010.07.07 13:42:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite [2009.10.02 02:30:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy [2010.07.07 13:05:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2010.07.06 23:35:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PEERNET [2010.09.13 23:58:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.08.30 00:33:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2009.10.27 13:15:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WordToPDF [2010.10.08 16:29:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ESRI [2010.10.20 10:51:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxit Software [2010.10.03 12:50:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ [2010.09.12 20:09:34 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:5F64C164 @Alternate Data Stream - 1248 bytes -> C:\Users\***\AppData\Local\Temp:HQEtE1jiUwaVdYmh5q < End of report > Was mir noch aufgefallen ist: Der Rechner ist langsamer, er hat leichte Tonprobleme (lautes, ohrenbetäubendes Knacken/Rauschen aus dem Kopfhörer, was aber durch Rein/Rausziehen des USB-Steckers behoben werden konnte), Firefox meldet einen Fehler beim Update und wollte nicht mehr starten. Jetzt gehts wieder. Internet ist recht langsam. EDIT: Ältere OTL/MBAM-Scans von vor dem Befall habe ich noch, falls gewünscht, teilweise auch siehe die oben geposteten Threads. Geändert von Catarina (21.10.2010 um 23:49 Uhr) |
22.10.2010, 00:15 | #4 |
| TR/Crypt.XPACK.Gen "O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 fr.a2dfp.net O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net O1 - Hosts: 127.0.0.1 ad.a8.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 abcstats.com O1 - Hosts: 127.0.0.1 a.abv.bg O1 - Hosts: 127.0.0.1 adserver.abv.bg O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 ca.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 Accuserve Online Ad Delivery System O1 - Hosts: 127.0.0.1 achmedia.com O1 - Hosts: 127.0.0.1 aconti.net O1 - Hosts: 127.0.0.1 secure.aconti.net O1 - Hosts: 127.0.0.1 aconti.netService #[Dialer.Aconti] O1 - Hosts: 127.0.0.1 ads.active.com O1 - Hosts: 127.0.0.1 am1.activemeter.com O1 - Hosts: 127.0.0.1 Active Meter: Free Invisible Hit Counter, Web Tracker, Web Analytic and Web Stats #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ads.activepower.net O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ad2games.com O1 - Hosts: 16077 more lines..." das klingt doch sehr verdächtig, oder? |
22.10.2010, 14:15 | #5 |
| TR/Crypt.XPACK.Gen Ergebnis vom ESET Online Scanner: 1 Fund: C:\Program Files (x86)\THW Theorie\sbin\Process.exe Win32/PrcView application cleaned by deleting - quarantined Hab das Programm deinstalliert, scheint mir aber nen Fehlalarm zu sein. |
01.11.2010, 17:51 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen Die Hosts-Einträge stammen wohl im Zuge der Immunisierung von Spybot. Hast Du das mal gemacht? Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________ --> TR/Crypt.XPACK.Gen |
01.11.2010, 19:16 | #7 |
| TR/Crypt.XPACK.Gen Danke für die Antwort! Spybot-Immunisierung? Was genau ist das? Hab ich nicht gemacht. Habe eigentlich nur die Sachen gemacht, die ihr mir empfohlen habt. Das Programm "Spybot" habe ich noch nie benutzt. Ich habe Spybot-Immunisierung mal gegoogelt und gelesen, dass diese Host-Datei irgendwelche Serveradressen sperren kann. Was ich allerdings installiert habe, sind von euch empfohlene Firefox-Addons: NoScript und Web of Trust. Vielleicht sorgen die für diese Host-Einträge. Malwarebytes-Vollscan folgt. |
01.11.2010, 20:03 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen WOT kann das natürlich auch initiiert haben. Nicht nur Spybot macht sowas. Mach kann auf diese Weise auch manuell Seiten sperren, die man nicht sehen will. Muss man nur die textbasierte hosts Datei editieren.
__________________ Logfiles bitte immer in CODE-Tags posten |
01.11.2010, 20:11 | #9 |
| TR/Crypt.XPACK.Gen Danke für die Erklärung! Der MBAM-Scan läuft noch. |
01.11.2010, 20:47 | #10 |
| TR/Crypt.XPACK.GenCode:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5016 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 01.11.2010 20:41:58 mbam-log-2010-11-01 (20-41-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|) Durchsuchte Objekte: 589411 Laufzeit: 1 Stunde(n), 8 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
10.11.2010, 12:50 | #11 |
| TR/Crypt.XPACK.Gen Wo der Scan mit MBAM unauffällig war, ist damit alles okay, oder soll ich weitere Scans anstellen? |
10.11.2010, 14:20 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen Sind denn noch Probleme offen oder gab es weitere Funde?
__________________ Logfiles bitte immer in CODE-Tags posten |
10.11.2010, 16:08 | #13 |
| TR/Crypt.XPACK.Gen Hmm, nee, eigentlich keine weiteren Probleme. Der neuste MBAM-Scan brachte folgendes Ergebnis: Code:
ATTFilter 10.11.2010 16:06:13 mbam-log-2010-11-10 (16-06-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 590154 Laufzeit: 1 Stunde(n), 6 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Aber vielleicht war ich da einfach nur paranoid! |
Themen zu TR/Crypt.XPACK.Gen |
antivir, appdata, brauche, dateien, daten, escan, frage, infiziert, neuer, nicht mehr, onlinescan, quarantäne, rechner, retten, sache, sachen, scan, seite, seiten, temp, threads, tr/crypt.xpack.ge, tr/crypt.xpack.gen, virenscan, wirklich |