| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Firefox öffnet im Leerlauf eine Merkwürde Seite ohne Inhalt.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.06.2011, 09:28
| #1 |
| |  Firefox öffnet im Leerlauf eine Merkwürde Seite ohne Inhalt. Hallo Liebe Com , Seit gestern abend ist mir aufgefallen das mein Pc merkwürdiger weiße jedes mal die seite hxxp://p4.fo4bmowws5hde.p6r6dfjwy4ecxu2q.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/iframe.html öffnet. Mein Avira hat jedoch nichts gemeldet. Ich habe schon einwenig nachgeforscht zwar hatten viele ein ähnliches problem doch war dies meistens mit Pornoseiten oder Werbung verbunden. Ich hoffe dass ihr mir so schnell wie möglich helfen könnt . |
|
13.06.2011, 09:48
| #2 |
| /// Malware-holic   |  Firefox öffnet im Leerlauf eine Merkwürde Seite ohne Inhalt. hi
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
13.06.2011, 10:55
| #3 |
| | Firefox öffnet im Leerlauf eine Merkwürde Seite ohne Inhalt. So. Einmal OTl.txtOTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 13.06.2011 10:55:03 - Run 1 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Jacka\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 33,98% Memory free 5,99 Gb Paging File | 2,24 Gb Available in Paging File | 37,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 117,19 Gb Total Space | 55,04 Gb Free Space | 46,97% Space Free | Partition Type: NTFS Drive D: | 115,69 Gb Total Space | 17,43 Gb Free Space | 15,07% Space Free | Partition Type: NTFS Drive E: | 110,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: JACKA-PC | User Name: Jacka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jacka\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox 4.0 Beta 10\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\xampplite\mysql\bin\mysqld.exe (MySQL AB) PRC - C:\xampplite\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Programme\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\T-Com\Sinus 154 data II\PRISMSVR.exe (Conexant Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Jacka\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MySQL) -- C:\xampplite\mysql\bin\mysqld.exe (MySQL AB) SRV - (Apache2.2) -- C:\xampplite\apache\bin\httpd.exe (Apache Software Foundation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\Windows\System32\drivers\mdc8021x.sys (Meetinghouse Data Communications) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation) DRV - (DT154_A02) -- C:\Windows\System32\drivers\TS154USB.sys (Deutsche Telekom AG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3450936572-324578950-1066947897-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKU\S-1-5-21-3450936572-324578950-1066947897-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-3450936572-324578950-1066947897-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3450936572-324578950-1066947897-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 92 0B 14 E9 71 CB 01 [binary data] IE - HKU\S-1-5-21-3450936572-324578950-1066947897-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-3450936572-324578950-1066947897-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3450936572-324578950-1066947897-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://dsl-start.computerbild.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2 FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.26 20:04:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.13 17:48:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.09 13:10:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.06.12 20:35:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins [2011.06.09 13:10:39 | 000,000,000 | ---D | M] [2010.10.24 12:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jacka\AppData\Roaming\mozilla\Extensions [2011.06.12 13:28:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jacka\AppData\Roaming\mozilla\Firefox\Profiles\1ajksp3h.default\extensions [2011.05.24 14:19:43 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Jacka\AppData\Roaming\mozilla\Firefox\Profiles\1ajksp3h.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2011.06.12 13:27:44 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Jacka\AppData\Roaming\mozilla\Firefox\Profiles\1ajksp3h.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.11.11 21:02:01 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jacka\AppData\Roaming\mozilla\Firefox\Profiles\1ajksp3h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.23 11:11:14 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Jacka\AppData\Roaming\mozilla\Firefox\Profiles\1ajksp3h.default\extensions\DTToolbar@toolbarnet.com [2010.10.26 13:53:22 | 000,002,059 | ---- | M] () -- C:\Users\Jacka\AppData\Roaming\Mozilla\Firefox\Profiles\1ajksp3h.default\searchplugins\daemon-search.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Jacka\AppData\Roaming\Mozilla\Firefox\Profiles\1ajksp3h.default\searchplugins\icqplugin.xml [2010.11.15 20:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.24 12:59:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.10.24 13:05:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\JACKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AJKSP3H.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2010.10.24 13:05:43 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.28 13:51:01 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010.12.03 08:35:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.03 08:35:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.03 08:35:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.03 08:35:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.03 08:35:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-3450936572-324578950-1066947897-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [PRISMSVR.EXE] C:\Program Files\T-Com\Sinus 154 data II\PRISMSVR.EXE (Conexant Systems, Inc.) O4 - HKU\S-1-5-21-3450936572-324578950-1066947897-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3450936572-324578950-1066947897-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Jacka\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jacka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.05.21 22:45:00 | 000,000,046 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{59c685c9-ddd8-11df-9695-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{59c685c9-ddd8-11df-9695-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LGInstaller.exe -- [2008.06.09 16:25:14 | 000,208,896 | R--- | M] () O33 - MountPoints2\{9bf371fc-8a34-11e0-88ee-0030f1f6cf61}\Shell - "" = AutoRun O33 - MountPoints2\{9bf371fc-8a34-11e0-88ee-0030f1f6cf61}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2011.06.12 13:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5 [2011.06.11 11:53:39 | 000,000,000 | ---D | C] -- C:\Users\Jacka\Documents\MAGIX_Screenshare [2011.06.11 11:53:04 | 000,014,208 | ---- | C] (MAGIX) -- C:\Windows\System32\drivers\disksec.sys [2011.06.11 11:53:00 | 000,995,328 | ---- | C] (MAGIX AG) -- C:\Windows\System32\MXRestore.exe [2011.06.11 11:52:59 | 000,278,528 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRES32.dll [2011.06.11 11:52:59 | 000,090,112 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRF32.dll [2011.06.11 11:52:59 | 000,077,824 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPNT32.dll [2011.06.11 11:52:59 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\STRING32.dll [2011.06.11 11:52:58 | 000,724,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLAV32.dll [2011.06.11 11:52:58 | 000,221,184 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDRV32.dll [2011.06.11 11:52:58 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDEV32.dll [2011.06.11 11:52:58 | 000,147,456 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCPY32.dll [2011.06.11 11:52:58 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIO32.dll [2011.06.11 11:52:52 | 000,000,000 | ---D | C] -- C:\Users\Jacka\Documents\MAGIX_PC_Check_Tuning_2010_mxcdr [2011.06.11 11:52:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll [2011.06.11 11:52:17 | 000,000,000 | ---D | C] -- C:\Users\Jacka\Documents\MAGIX_PC_Check_Tuning_2010_Download-Version [2011.06.11 11:51:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\MAGIX Services [2011.06.11 11:00:52 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.5 [2011.06.09 13:10:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine [2011.06.09 13:10:18 | 000,630,784 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsflex8u.ocx [2011.06.09 13:10:18 | 000,419,240 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsflex7L.ocx [2011.06.09 13:10:17 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\System32\NMSDVDXU.dll [2011.06.09 13:10:03 | 000,000,000 | ---D | C] -- C:\Users\Jacka\AppData\Roaming\LG Electronics [2011.06.09 13:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX [2011.06.09 13:09:40 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2011.06.09 13:09:38 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2011.06.09 13:09:26 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msflxgrd.ocx [2011.06.09 13:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite III [2011.06.09 13:08:51 | 000,000,000 | ---D | C] -- C:\Programme\LG Electronics [2011.06.09 13:08:07 | 000,000,000 | ---D | C] -- C:\Users\Jacka\Documents\LG Electronics [2011.06.09 13:07:59 | 000,000,000 | ---D | C] -- C:\Users\Jacka\AppData\Roaming\InstallShield [2011.06.06 22:31:24 | 000,000,000 | ---D | C] -- C:\Users\Jacka\Neuer Ordner [2011.06.06 22:11:25 | 000,000,000 | ---D | C] -- C:\Users\Jacka\Top 100 Neu [2011.05.29 22:47:50 | 000,000,000 | ---D | C] -- C:\Users\Jacka\AppData\Local\{BDD0C798-290F-49CF-BDD3-1B8AA2BC7A27} [2011.05.29 22:42:21 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.05.29 22:42:21 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.05.29 22:42:21 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.05.29 22:42:21 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.05.29 22:42:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.05.29 22:42:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.05.29 22:42:21 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.05.29 22:42:21 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.05.29 22:42:20 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.05.29 22:42:20 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.05.29 22:42:20 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.05.29 22:42:20 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.05.29 22:42:20 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.05.29 22:42:20 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.05.29 22:42:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.05.29 22:42:20 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.05.29 22:42:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.05.29 22:42:20 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.05.29 22:42:20 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.05.29 22:42:20 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.05.29 22:42:20 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.05.29 22:42:20 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.05.29 22:42:20 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.05.29 22:42:20 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.05.29 22:42:20 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.05.29 22:42:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.05.29 22:42:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.05.29 22:42:19 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.05.29 22:42:19 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.05.29 22:42:19 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.05.29 22:42:19 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.05.29 22:42:19 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.05.29 22:42:19 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.05.29 22:42:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.05.29 22:42:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.05.29 22:42:19 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.05.29 22:42:19 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.05.29 22:42:19 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.05.29 22:42:19 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.05.25 14:53:24 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Plasmoo [2011.05.25 02:00:55 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2011.05.24 15:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras [2011.05.24 14:58:22 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2011.05.24 14:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.05.24 12:27:46 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2011.05.15 00:30:03 | 000,000,000 | ---D | C] -- C:\Users\Jacka\AppData\Local\{2BC84563-840F-4540-B53D-69ACD77D52D0} ========== Files - Modified Within 30 Days ========== [2011.06.12 13:45:50 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\PCCT - MAGIX AG.job [2011.06.12 13:28:01 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk [2011.06.11 11:57:40 | 000,655,604 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.11 11:57:40 | 000,616,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.11 11:57:40 | 000,130,516 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.11 11:57:40 | 000,106,864 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.11 11:53:57 | 000,001,595 | ---- | M] () -- C:\Users\Public\Desktop\1-Klick Schnellwartung.lnk [2011.06.11 11:52:36 | 000,001,289 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX PC Check & Tuning 2010 Download-Version.lnk [2011.06.09 13:10:33 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk [2011.06.09 13:10:22 | 000,001,220 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter Mobile.lnk [2011.06.09 13:09:39 | 000,001,585 | ---- | M] () -- C:\Users\Jacka\Desktop\DivX Movies.lnk [2011.06.09 13:08:51 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\LG PC Suite III.lnk [2011.06.05 08:49:24 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.05 08:49:24 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.29 22:46:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.29 22:45:44 | 2415,185,920 | -HS- | M] () -- C:\hiberfil.sys [2011.05.29 22:42:21 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.05.29 22:42:21 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.05.29 22:42:21 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.05.29 22:42:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.05.29 22:42:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.05.29 22:42:21 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.05.29 22:42:21 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.05.29 22:42:21 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.05.29 22:42:20 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.05.29 22:42:20 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.05.29 22:42:20 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.05.29 22:42:20 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.05.29 22:42:20 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.05.29 22:42:20 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.05.29 22:42:20 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.05.29 22:42:20 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.05.29 22:42:20 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.05.29 22:42:20 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.05.29 22:42:20 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.05.29 22:42:20 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.05.29 22:42:20 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.05.29 22:42:20 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.05.29 22:42:20 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.05.29 22:42:20 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.05.29 22:42:20 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.05.29 22:42:20 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.05.29 22:42:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.05.29 22:42:19 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.05.29 22:42:19 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.05.29 22:42:19 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.05.29 22:42:19 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.05.29 22:42:19 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.05.29 22:42:19 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.05.29 22:42:19 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.05.29 22:42:19 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.05.29 22:42:19 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.05.29 22:42:19 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.05.29 22:42:19 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.05.29 22:42:19 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.05.29 22:42:19 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.05.25 14:54:22 | 000,001,197 | ---- | M] () -- C:\Users\Jacka\Desktop\DVDVideoSoft Free Studio.lnk [2011.05.25 14:53:25 | 000,001,356 | ---- | M] () -- C:\Users\Jacka\Desktop\Free YouTube to MP3 Converter.lnk [2011.05.15 22:31:24 | 000,016,932 | ---- | M] () -- C:\Users\Jacka\Desktop\Christians Bericht ;).odt ========== Files Created - No Company Name ========== [2011.06.12 13:28:01 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk [2011.06.11 11:53:57 | 000,001,595 | ---- | C] () -- C:\Users\Public\Desktop\1-Klick Schnellwartung.lnk [2011.06.11 11:53:54 | 000,000,462 | ---- | C] () -- C:\Windows\tasks\PCCT - MAGIX AG.job [2011.06.11 11:52:36 | 000,001,289 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX PC Check & Tuning 2010 Download-Version.lnk [2011.06.09 13:10:33 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk [2011.06.09 13:10:22 | 000,001,220 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter Mobile.lnk [2011.06.09 13:09:39 | 000,001,585 | ---- | C] () -- C:\Users\Jacka\Desktop\DivX Movies.lnk [2011.06.09 13:08:51 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\LG PC Suite III.lnk [2011.05.29 22:42:20 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.05.25 14:53:25 | 000,001,356 | ---- | C] () -- C:\Users\Jacka\Desktop\Free YouTube to MP3 Converter.lnk [2011.05.15 22:31:22 | 000,016,932 | ---- | C] () -- C:\Users\Jacka\Desktop\Christians Bericht ;).odt [2011.04.04 14:56:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.01.28 12:18:27 | 000,003,584 | ---- | C] () -- C:\Users\Jacka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.13 20:10:50 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll [2010.10.31 21:41:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.26 20:06:54 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp [2010.10.26 19:57:59 | 000,245,308 | ---- | C] () -- C:\Windows\hpoins19.dat [2010.10.26 19:57:59 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2009.07.14 10:47:43 | 000,655,604 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,130,516 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,290,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,616,484 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,106,864 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2008.10.22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll ========== LOP Check ========== [2010.12.05 16:12:14 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\ASCOMP Software [2010.11.11 16:56:29 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Ashampoo [2010.10.26 14:17:44 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\DAEMON Tools Lite [2011.01.28 12:09:03 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\DVDVideoSoft [2011.04.08 18:28:55 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.14 15:44:07 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\FileZilla [2011.04.25 21:30:53 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\FMZilla [2010.10.28 13:51:33 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Foxit [2011.04.04 15:06:50 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Foxit Software [2011.06.12 13:14:41 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\ICQ [2011.06.09 13:12:46 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\LG Electronics [2011.06.11 11:53:53 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\MAGIX [2010.11.19 12:54:54 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Mumble [2010.12.10 12:03:49 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Notepad++ [2010.10.24 20:44:57 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\OpenOffice.org [2010.12.23 19:52:49 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\PhotoScape [2010.11.08 20:49:16 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\TeamViewer [2011.05.05 19:54:10 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\TuneUp Software [2010.10.27 14:18:26 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\WinSplit [2011.06.12 13:45:50 | 000,000,462 | ---- | M] () -- C:\Windows\Tasks\PCCT - MAGIX AG.job [2009.07.14 06:53:46 | 000,013,984 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.10.24 13:18:46 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Adobe [2011.05.13 17:51:57 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Apple Computer [2010.12.05 16:12:14 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\ASCOMP Software [2010.11.11 16:56:29 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Ashampoo [2010.10.25 14:18:09 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Avira [2010.10.26 14:17:44 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\DAEMON Tools Lite [2011.01.28 12:09:03 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\DVDVideoSoft [2011.04.08 18:28:55 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.14 15:44:07 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\FileZilla [2011.04.25 21:30:53 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\FMZilla [2010.10.28 13:51:33 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Foxit [2011.04.04 15:06:50 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Foxit Software [2010.10.26 21:22:10 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\HP [2011.06.12 13:14:41 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\ICQ [2010.10.22 14:45:06 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Identities [2011.06.09 13:07:59 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\InstallShield [2011.06.09 13:12:46 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\LG Electronics [2010.10.24 13:18:46 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Macromedia [2011.06.11 11:53:53 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\MAGIX [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Media Center Programs [2011.01.23 22:23:39 | 000,000,000 | --SD | M] -- C:\Users\Jacka\AppData\Roaming\Microsoft [2010.10.24 12:59:59 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Mozilla [2010.11.19 12:54:54 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Mumble [2010.12.10 12:03:49 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Notepad++ [2010.10.24 20:44:57 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\OpenOffice.org [2010.12.23 19:52:49 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\PhotoScape [2011.06.11 11:09:09 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\Skype [2011.06.13 08:04:44 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\skypePM [2010.11.08 20:49:16 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\TeamViewer [2011.05.05 19:54:10 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\TuneUp Software [2010.10.26 13:34:52 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\WinRAR [2010.10.27 14:18:26 | 000,000,000 | ---D | M] -- C:\Users\Jacka\AppData\Roaming\WinSplit < %APPDATA%\*.exe /s > [2011.02.21 13:33:43 | 000,010,134 | R--- | M] () -- C:\Users\Jacka\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe [2011.06.09 13:20:03 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Jacka\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\ARPPRODUCTICON.exe [2011.06.09 13:20:03 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\Jacka\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\ExeInvoker.exe_431B2BA896014E69B34114BFD8E7B136.exe [2011.06.09 13:20:03 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\Jacka\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\ExeLauncher.exe_5933C76ED597469A944A1DFEB496348C.exe [2011.06.09 13:20:03 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\Jacka\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\ExeRemover.exe_5C5473BE36444FA89D0788993908FE0F.exe [2011.06.09 13:20:03 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\Jacka\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\InstallUSB.exe_0912055C2AF14064B183AEB6F12A2FCB.exe [2011.06.09 13:20:03 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\Jacka\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\InstallUSB64.exe_9C05A9D45C0842CF949276F7724FAEC9.exe [2011.06.09 13:20:03 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\Jacka\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\InstallUSB9x.exe_F776472D82DA4AFDAFD0AAF1CF858DF7.exe [2011.06.09 13:20:03 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\Jacka\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\UninstallShld.exe_DC44F1F136264642BD94B64FFC464DD7.exe [2011.06.09 13:20:03 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\Jacka\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\UninstallShld64.ex_A20ACFB15A794B1C9E6A3DFBB9D252B8.exe [2011.06.09 13:20:03 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\Jacka\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\UninstallShld9x.ex_8E637EE98DAB4D9CB1D54202EAD617F4.exe [2011.06.09 13:20:03 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\Jacka\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\UninstallUSB.exe_CC88D403E3234E61A79375366C5599C5.exe [2011.06.09 13:20:03 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\Jacka\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\UninstallUSB64.exe_135957F0A3F84224B026EA24C7F4E26D.exe [2011.06.09 13:20:03 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\Jacka\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\UninstallUSB9x.exe_001C2C6090FF48C495F16AE3FD1ED9C9.exe [2010.10.26 14:27:41 | 000,010,134 | R--- | M] () -- C:\Users\Jacka\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2009.06.04 13:51:24 | 001,413,256 | R--- | M] () -- C:\Users\Jacka\AppData\Roaming\Microsoft\Windows\Templates\H\USBAutoRun.exe [2009.05.12 08:46:36 | 000,212,992 | R--- | M] () -- C:\Users\Jacka\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGSetCDROMAutoRun.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2010.11.01 13:27:40 | 000,004,608 | ---- | M] () MD5=9214399E2FDE9C7549C2D5FD0E24F808 -- C:\Users\Jacka\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v7AC6EAFE\Native\STUBEXE\@WINDIR@\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.10.26 13:53:07 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.05.29 22:42:20 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2011.05.29 22:42:20 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll < End of report > Und Extras.txt : OTL Extras logfile created on: 13.06.2011 10:55:03 - Run 1 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Jacka\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 33,98% Memory free 5,99 Gb Paging File | 2,24 Gb Available in Paging File | 37,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 117,19 Gb Total Space | 55,04 Gb Free Space | 46,97% Space Free | Partition Type: NTFS Drive D: | 115,69 Gb Total Space | 17,43 Gb Free Space | 15,07% Space Free | Partition Type: NTFS Drive E: | 110,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: JACKA-PC | User Name: Jacka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3450936572-324578950-1066947897-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter Mobile "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400 "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III "{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7 "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007 "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C53FB914-C1F6-4F9D-93E2-A3A84935EC15}" = Sinus 154 data II "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010 "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EADM" = EA Download Manager "Foxit Reader" = Foxit Reader "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8 "Free Studio_is1" = Free Studio version 5.0.0 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.38.517 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "HyperCam 3" = HyperCam 3 "InstallShield_{C53FB914-C1F6-4F9D-93E2-A3A84935EC15}" = Sinus 154 data II "JDownloader" = JDownloader "MAGIX PC Check & Tuning 2010 Download-Version D" = MAGIX PC Check & Tuning 2010 Download-Version 5.0.25.701 (D) "MAGIX Screenshare D" = MAGIX Screenshare "MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de) "Mumble" = Mumble and Murmur "Notepad++" = Notepad++ "PhotoScape" = PhotoScape "Shop for HP Supplies" = Shop for HP Supplies "Steam App 9480" = Saints Row 2 "SystemRequirementsLab" = System Requirements Lab "TeamViewer 6" = TeamViewer 6 "TuneUp Utilities 2011" = TuneUp Utilities 2011 "Uninstall_is1" = Uninstall 1.0.0.1 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3450936572-324578950-1066947897-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Funhouse2.eu" = Funhouse2.eu ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! |
|
13.06.2011, 11:05
| #4 |
| /// Malware-holic | Firefox öffnet im Leerlauf eine Merkwürde Seite ohne Inhalt. 1. deinstaliere spybot es kann die reinigung stören. starte neu. 2. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2011, 11:35
| #5 |
| | Firefox öffnet im Leerlauf eine Merkwürde Seite ohne Inhalt. Sorry hab das jetzt nichts ganz verstanden habe spyboot deinstalliert soll ich OTL wieder durchlaufen lassen? und danach dann combofix log? |
|
13.06.2011, 13:11
| #6 |
| /// Malware-holic | Firefox öffnet im Leerlauf eine Merkwürde Seite ohne Inhalt. nö. steht doch in reihenfolge da was zu tun ist. spybot deinstalieren neustarten, combofix
__________________ --> Firefox öffnet im Leerlauf eine Merkwürde Seite ohne Inhalt. |
|
13.06.2011, 14:16
| #7 |
| | Firefox öffnet im Leerlauf eine Merkwürde Seite ohne Inhalt. Combofix Logfile: Code:
ATTFilter ComboFix 11-06-12.04 - Jacka 13.06.2011 12:45:44.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3071.1859 [GMT 2:00]
ausgeführt von:: c:\users\Jacka\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-13 bis 2011-06-13 ))))))))))))))))))))))))))))))
.
.
2011-06-13 11:25 . 2011-06-13 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 09:53 . 2008-04-04 15:34 14208 ----a-w- c:\windows\system32\drivers\disksec.sys
2011-06-11 09:53 . 2009-08-27 12:24 995328 ----a-w- c:\windows\system32\MXRestore.exe
2011-06-11 09:52 . 2009-08-18 15:55 90112 ----a-w- c:\windows\system32\DLLPRF32.dll
2011-06-11 09:52 . 2009-08-18 15:55 77824 ----a-w- c:\windows\system32\DLLPNT32.dll
2011-06-11 09:52 . 2009-08-18 15:55 278528 ----a-w- c:\windows\system32\DLLRES32.dll
2011-06-11 09:52 . 2009-08-18 15:55 65536 ----a-w- c:\windows\system32\STRING32.dll
2011-06-11 09:52 . 2009-08-18 15:55 724992 ----a-w- c:\windows\system32\DLLAV32.dll
2011-06-11 09:52 . 2009-08-18 15:55 212992 ----a-w- c:\windows\system32\DLLDEV32.dll
2011-06-11 09:52 . 2009-08-18 15:55 147456 ----a-w- c:\windows\system32\DLLCPY32.dll
2011-06-11 09:52 . 2009-08-18 15:55 221184 ----a-w- c:\windows\system32\DLLDRV32.dll
2011-06-11 09:52 . 2009-08-18 15:55 94208 ----a-w- c:\windows\system32\DLLIO32.dll
2011-06-11 09:52 . 2003-04-18 13:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-06-11 09:51 . 2011-06-11 09:51 -------- d-----w- c:\program files\Common Files\MAGIX Services
2011-06-11 09:00 . 2011-06-12 11:28 -------- d-----w- c:\program files\ICQ7.5
2011-06-10 09:21 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1164A0DE-DA6F-4B40-9269-F2D29EA46C4F}\mpengine.dll
2011-06-09 11:18 . 2009-05-12 06:46 212992 ----a-r- c:\users\Jacka\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGSetCDROMAutoRun.exe
2011-06-09 11:18 . 2008-12-17 02:14 32768 ----a-r- c:\users\Jacka\AppData\Roaming\Microsoft\Windows\Templates\H\LGPsLvDlChk.dll
2011-06-09 11:18 . 2009-04-06 04:58 1461760 ----a-r- c:\users\Jacka\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGUSBModemDrivers_WHQL_ML_Ver_4.9.4_All_NP.msi
2011-06-09 11:18 . 2008-04-01 09:15 20480 ----a-r- c:\users\Jacka\AppData\Roaming\Microsoft\Windows\Templates\H\SendScsiCmd.dll
2011-06-09 11:10 . 2011-06-09 11:10 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-06-09 11:10 . 2005-09-26 20:55 419240 ----a-w- c:\windows\system32\Vsflex7L.ocx
2011-06-09 11:10 . 2005-03-18 14:55 630784 ----a-w- c:\windows\system32\vsflex8u.ocx
2011-06-09 11:10 . 2007-11-08 14:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2011-06-09 11:10 . 2011-06-09 11:12 -------- d-----w- c:\users\Jacka\AppData\Roaming\LG Electronics
2011-06-09 11:09 . 2011-06-09 11:09 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-06-09 11:09 . 2011-06-09 11:10 -------- d-----w- c:\program files\DivX
2011-06-09 11:09 . 2000-05-21 22:00 244416 ----a-w- c:\windows\system32\Msflxgrd.ocx
2011-06-09 11:08 . 2011-06-09 11:19 -------- d-----w- c:\program files\LG Electronics
2011-06-09 11:07 . 2011-06-09 11:07 -------- d-----w- c:\users\Jacka\AppData\Roaming\InstallShield
2011-06-06 20:31 . 2011-06-09 10:57 -------- d-----w- c:\users\Jacka\Neuer Ordner
2011-06-06 20:11 . 2011-06-06 20:26 -------- d-----w- c:\users\Jacka\Top 100 Neu
2011-05-29 20:47 . 2011-06-01 20:51 -------- d-----w- c:\users\Jacka\AppData\Local\{BDD0C798-290F-49CF-BDD3-1B8AA2BC7A27}
2011-05-29 20:44 . 2011-05-29 20:44 -------- d-----w- c:\windows\system32\wbem\en-US
2011-05-25 12:53 . 2011-05-25 12:53 -------- d-----w- c:\program files\Common Files\Plasmoo
2011-05-25 00:00 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 13:00 . 2011-05-24 13:01 -------- d-----w- c:\programdata\Skype Extras
2011-05-24 12:58 . 2011-05-24 12:58 -------- d-----w- c:\program files\Common Files\Skype
2011-05-24 10:27 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-14 22:30 . 2011-05-16 10:32 -------- d-----w- c:\users\Jacka\AppData\Local\{2BC84563-840F-4540-B53D-69ACD77D52D0}
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-13 15:25 . 2011-05-13 15:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-09 06:13 . 2011-05-11 17:50 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 17:50 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-30 17:50 . 2011-05-05 17:54 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-03-30 17:45 . 2011-05-05 17:54 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-03-30 17:45 . 2011-05-05 17:54 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-03-25 03:06 . 2011-05-11 17:50 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:06 . 2011-05-11 17:50 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:06 . 2011-05-11 17:50 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:06 . 2011-05-11 17:50 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:06 . 2011-05-11 17:50 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:06 . 2011-05-11 17:50 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:06 . 2011-05-11 17:50 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-03-25 02:00 . 2011-03-25 02:00 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2011-03-17 02:18 . 2010-10-22 15:28 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-28 21:42 . 2009-08-28 21:42 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-08-28 21:42 . 2009-08-28 21:42 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"PRISMSVR.EXE"="c:\program files\T-Com\Sinus 154 data II\PRISMSVR.EXE" [2004-04-26 295001]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" silent loginmode=4
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S0 DiskSec;Magix Volume Filter Driver; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-26 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 Apache2.2;Apache2.2;c:\xampplite\apache\bin\httpd.exe [2009-12-19 29416]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S3 DT154_A02;Sinus 154 data II Driver;c:\windows\system32\DRIVERS\TS154USB.sys [2004-06-02 379264]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - DISKSEC
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-13 c:\windows\Tasks\PCCT - MAGIX AG.job
- c:\program files\MAGIX\PC_Check_Tuning_2010_Download-Version\MxTray.exe [2011-06-11 11:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Jacka\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Jacka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jacka\AppData\Roaming\Mozilla\Firefox\Profiles\1ajksp3h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://dsl-start.computerbild.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3450936572-324578950-1066947897-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3450936572-324578950-1066947897-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-06-13 13:28:54
ComboFix-quarantined-files.txt 2011-06-13 11:28
.
Vor Suchlauf: 11 Verzeichnis(se), 59.837.759.488 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 59.511.697.408 Bytes frei
.
- - End Of File - - A7D2D374595E2F7E81F0D54D1D0944B2
|
|
13.06.2011, 14:18
| #8 |
| /// Malware-holic | Firefox öffnet im Leerlauf eine Merkwürde Seite ohne Inhalt. sieht gut aus. download malwarebytes: Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2011, 19:47
| #9 |
| | Firefox öffnet im Leerlauf eine Merkwürde Seite ohne Inhalt. alwarebytes' Anti-Malware 1.51.0.1200 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6847 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 13.06.2011 20:47:08 mbam-log-2011-06-13 (20-47-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 280140 Laufzeit: 44 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\funhouse2.eu\metin2.bin (Trojan.Downloader) -> No action taken. c:\Users\Jacka\documents\ICQ\443456561\receivedfiles\589934232 schatz.x3\tuneup.utilities.2011.v10.0.2020.1.german.incl.keymaker-zwt\keygen.exe (RiskWare.Tool.CK) -> No action taken. d:\backup jacka\programme\funhouse2.eu\metin2.bin (Trojan.Downloader) -> No action taken. |
|
13.06.2011, 20:11
| #10 |
| /// Malware-holic | Firefox öffnet im Leerlauf eine Merkwürde Seite ohne Inhalt. hi, keygens sind illegal, dafür gibts hier nur hilfe beim neu aufsetzen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Firefox öffnet im Leerlauf eine Merkwürde Seite ohne Inhalt. |
| abend, avira, firefox, gestern, hoffe, inhalt, leerlauf, liebe, merkwürdiger, nichts, pornoseiten, problem, schnell, seite, weiße, wenig, werbung, ähnliches, öffnet |
Linear-Darstellung
