| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: smiley auf dunklem bildschirm, windows startete nicht mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.09.2011, 15:48
| #1 |
 |  smiley auf dunklem bildschirm, windows startete nicht mehr hej, ich fand hier schon einen eintragmit scheinbar selbigem problem von 2007 http://www.trojaner-board.de/39607-s...mehr-hoch.html habe aber vorsichtshalber nicht in diesem thread weitergeschrieben, da ich nicht weiss, inwiefern mein thema als aktuell angezeigt wird. gestern ließ sich windows (vista) den ganzen tag nicht mehr starten, da beim hochfahren ein schwarzer bildschirm mit weißem smiley und blinkendem cursur in linker unterer bildschirmecke auftauchte und nicht mehr verschwand. lediglich strg+alt+entf brachten einen neustart hervor, jede andere taste ließ die grinsebacke erst kurz verschwinden und dann gleich wieder auftauchen. ins bios-menü konnte ich vorher noch gelangen, weshalb ich heute die vista-cd ausgegraben habe. allerdings funktionierte eben das hochfahren wieder problemlos, microsoft security essentials hat nichts gefunden. frage: könnt ihr mir scans empfehlen, mit denen ich evtl gründlicher überprüfen kann, ob sich das problem wirklich von selbst behoben hat? es scheint zwar alles ok und wäre auch wunderbar, wenns so ist, aber bevor ich das ganze übereilt abhake, wäre mir eine zweite meinung wichtig. dankeschön im voraus fürs drüberlesen, y |
|
08.09.2011, 21:54
| #2 |
| /// Malwareteam   | smiley auf dunklem bildschirm, windows startete nicht mehr Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Downloade Dir bitte Malwarebytes
Schritt 2 Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
|
|
09.09.2011, 11:02
| #3 |
| | smiley auf dunklem bildschirm, windows startete nicht mehr done.
__________________hier der malwarebytes-log: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7682 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19120 09.09.2011 11:39:58 mbam-log-2011-09-09 (11-39-58).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 186553 Laufzeit: 6 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und die zwei von otl:OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.09.2011 11:47:25 - Run 1 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Yvi\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19120) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,88% Memory free 6,19 Gb Paging File | 5,19 Gb Available in Paging File | 83,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,75 Gb Total Space | 217,11 Gb Free Space | 48,71% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 10,66 Gb Free Space | 53,32% Space Free | Partition Type: FAT32 Drive I: | 7,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: YVI-PC | User Name: Yvi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.09 11:46:45 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Yvi\Desktop\OTL.exe PRC - [2011.08.02 12:47:12 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.65\GoogleCrashHandler.exe PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.16 00:01:44 | 000,478,720 | ---- | M] (Crossrider) -- C:\Programme\CrossriderWebApps\Crossrider.exe PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe PRC - [2010.05.05 09:18:46 | 000,148,280 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\ezprint.exe PRC - [2010.05.05 09:18:43 | 000,770,728 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\lxeamon.exe PRC - [2010.04.14 16:45:21 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeacoms.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.08 13:34:00 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ielowutil.exe PRC - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2008.01.21 04:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2007.05.29 16:40:48 | 000,360,096 | ---- | M] () -- C:\Windows\System32\atwtusb.exe PRC - [2007.05.29 08:55:20 | 001,969,824 | ---- | M] () -- C:\Windows\System32\WTMKM.exe PRC - [2006.05.18 11:40:18 | 001,499,136 | ---- | M] () -- C:\Programme\NETGEAR\WG311T\wlancfg5.exe ========== Modules (No Company Name) ========== MOD - [2010.05.05 09:18:46 | 000,148,280 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\ezprint.exe MOD - [2010.05.05 09:18:43 | 000,770,728 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\lxeamon.exe MOD - [2010.04.05 06:56:20 | 000,094,359 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\epoemdll.dll MOD - [2010.04.05 06:56:19 | 000,045,221 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\epstring.dll MOD - [2010.04.05 06:56:17 | 002,203,803 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\epwizres.dll MOD - [2010.04.05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\epwizard.dll MOD - [2010.04.05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\customui.dll MOD - [2010.04.05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\epfunct.dll MOD - [2010.04.05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\eputil.dll MOD - [2010.04.05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\imagutil.dll MOD - [2010.04.01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\lxeadrs.dll MOD - [2010.04.01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\lxeascw.dll MOD - [2009.05.27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeadatr.dll MOD - [2009.04.07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\iptk.dll MOD - [2009.03.10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\lxeacaps.dll MOD - [2009.03.02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Programme\Lexmark S300-S400 Series\lxeaptp.dll MOD - [2009.02.20 04:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\System32\LXEAsmr.dll MOD - [2009.02.20 04:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXEAsm.dll MOD - [2007.05.29 16:40:48 | 000,360,096 | ---- | M] () -- C:\Windows\System32\atwtusb.exe MOD - [2007.05.29 08:55:20 | 001,969,824 | ---- | M] () -- C:\Windows\System32\WTMKM.exe MOD - [2006.08.28 17:29:00 | 000,180,224 | ---- | M] () -- C:\Windows\System32\ATWTINK.DLL MOD - [2006.05.18 11:40:18 | 001,499,136 | ---- | M] () -- C:\Programme\NETGEAR\WG311T\wlancfg5.exe MOD - [2006.04.24 14:27:58 | 000,098,304 | ---- | M] () -- C:\Programme\NETGEAR\WG311T\WlanDll.dll ========== Win32 Services (SafeList) ========== SRV - [2011.09.07 09:37:55 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010.04.14 16:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeacoms.exe -- (lxea_device) SRV - [2010.04.14 16:45:14 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [File_System | Disabled | Running] -- -- (MBAMProtector) DRV - [2011.09.09 11:42:29 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5DB49302-83F6-4186-8BAB-77C088CAA2A3}\MpKsle37b256b.sys -- (MpKsle37b256b) DRV - [2011.07.27 12:12:42 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.04.03 12:56:00 | 007,444,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.02.15 16:17:14 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008.01.17 22:35:30 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) DRV - [2008.01.16 18:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s) DRV - [2007.11.21 12:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2007.10.12 03:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.10.30 17:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2006.06.27 20:08:24 | 000,071,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec) DRV - [2006.05.03 22:40:42 | 000,390,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd.sys -- (snpstd) DRV - [2006.04.04 10:54:28 | 000,456,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WG311T13.sys -- (AR5211) DRV - [2002.07.17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI) DRV - [2001.05.23 10:42:52 | 000,012,084 | ---- | M] (Aiptek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UTBLFILT.sys -- (utblfilt) DRV - [2001.02.18 17:09:56 | 000,009,312 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hp4200c.sys -- (hp4200c) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yodl.de/?&affid=1&uid=5ABE1BC3-76C2-4620-8ACC-E089E690C969 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..browser.startup.homepage: "hxxp://www.ninwiki.com/Special:Random" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 FF - prefs.js..extensions.enabledItems: crossriderapp435@crossrider.com:0.72.17 FF - prefs.js..keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011.07.26 20:05:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.07 12:40:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.07 12:40:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2008.07.11 16:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yvi\AppData\Roaming\mozilla\Extensions [2011.09.08 16:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\luyqcj2o.default\extensions [2010.04.29 19:28:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\luyqcj2o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.08.25 12:41:39 | 000,000,000 | ---D | M] (AvantGarde Rosepetal) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\luyqcj2o.default\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66} [2011.08.18 16:42:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\luyqcj2o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.05.12 09:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\luyqcj2o.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2011.05.12 09:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\luyqcj2o.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions [2011.03.28 19:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.07.26 20:05:04 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\PROGRAMDATA\CODECCHECK\FIREFOX [2011.03.20 01:06:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.09.18 20:17:57 | 000,001,779 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\clipfish.xml [2009.09.18 20:17:57 | 000,001,013 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conrad.xml [2009.09.18 20:17:57 | 000,002,487 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\discount24.xml [2011.03.20 01:06:12 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.03.20 01:06:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.09.18 20:17:57 | 000,001,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\musicload.xml [2009.09.18 20:17:57 | 000,002,120 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\myvideo.xml [2009.09.18 20:17:57 | 000,002,023 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\otto.xml [2009.09.18 20:17:57 | 000,000,758 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\quelle.xml [2009.09.18 20:17:57 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\telefonbuch-de.xml [2011.03.20 01:06:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.20 01:06:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml [2009.09.18 20:17:57 | 000,005,375 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yodl.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Programme\CrossriderWebApps\Crossrider.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O4 - HKLM..\Run: [atwtusb] C:\Windows\System32\atwtusb.exe () O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe () O4 - HKLM..\Run: [hplampc] C:\Windows\System32\hplampc.exe (Hewlett-Packard) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [snpstd] C:\Windows\vsnpstd.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [CrossRiderPlugin] C:\Programme\CrossriderWebApps\Crossrider.exe (Crossrider) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [espaces] File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab () O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6876E3B5-09B4-40A9-AB89-8CBD155BB5EC}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Yvi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Yvi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{57e932e0-f2d6-11de-b4f2-001d92ecbd05}\Shell\AutoRun\command - "" = I:\installer.exe O33 - MountPoints2\{57e932e0-f2d6-11de-b4f2-001d92ecbd05}\Shell\verb\command - "" = I:\installer.exe O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setupSNK.exe O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\setupSNK.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk - C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^w98Eject.lnk - C:\Windows\system\w98eject.exe - (Sigmatel) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: BDRegion - hkey= - key= - C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink) MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) MsConfig - StartUpReg: lxeamon.exe - hkey= - key= - C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe () MsConfig - StartUpReg: PhonostarTimer - hkey= - key= - C:\Programme\phonostar\ps_timer.exe (phonostar) MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - C:\Programme\GoogleEULA\EULALauncher.exe ( ) MsConfig - StartUpReg: TVBroadcast - hkey= - key= - C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.09 11:46:33 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Yvi\Desktop\OTL.exe [2011.09.09 11:13:40 | 000,000,000 | ---D | C] -- C:\Users\Yvi\AppData\Roaming\Malwarebytes [2011.09.09 11:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.09 11:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.09.06 09:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client [2011.09.06 09:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks [2011.09.06 09:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems [2011.09.05 19:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF to Word Doc Converter [2011.09.05 19:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Free PDF to Word Doc Converter [2011.08.29 21:55:13 | 000,000,000 | ---D | C] -- C:\Users\Yvi\atomix [2011.08.28 16:35:09 | 000,000,000 | ---D | C] -- C:\Users\Yvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2011.08.27 22:32:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam [2011.08.27 22:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2011.08.27 22:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2011.08.17 17:49:33 | 000,000,000 | ---D | C] -- C:\Users\Yvi\AppData\Local\Solid State Networks [2010.09.21 11:14:16 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeacoin.dll [2010.09.21 11:13:24 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeaserv.dll [2010.09.21 11:13:24 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeausb1.dll [2010.09.21 11:13:24 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeainpa.dll [2010.09.21 11:13:24 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEAhcp.dll [2010.09.21 11:13:24 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeaiesc.dll [2010.09.21 11:13:23 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeacomc.dll [2010.09.21 11:13:23 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeahbn3.dll [2010.09.21 11:13:23 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeapmui.dll [2010.09.21 11:13:23 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeacoms.exe [2010.09.21 11:13:23 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxealmpm.dll [2010.09.21 11:13:23 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeacfg.exe [2010.09.21 11:13:23 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeacomm.dll [2010.09.21 11:13:23 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeaih.exe [2008.07.30 18:33:31 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd.dll [2005.04.21 00:16:28 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll [2004.02.16 20:59:50 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Users\Yvi\AppData\Local\*.tmp files -> C:\Users\Yvi\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.09 11:49:04 | 000,676,444 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.09 11:49:04 | 000,636,302 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.09 11:49:04 | 000,147,028 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.09 11:49:04 | 000,120,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.09 11:46:45 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Yvi\Desktop\OTL.exe [2011.09.09 11:44:47 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.09.09 11:42:28 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.09 11:42:28 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.09 11:42:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.09 11:42:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.08 15:52:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.06 09:36:50 | 000,001,593 | ---- | M] () -- C:\Windows\VPNInstall.MIF [2011.09.06 09:35:36 | 000,001,982 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Users\Yvi\AppData\Local\*.tmp files -> C:\Users\Yvi\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.06 09:36:50 | 000,001,593 | ---- | C] () -- C:\Windows\VPNInstall.MIF [2011.09.06 09:35:36 | 000,001,982 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [2011.09.04 12:51:11 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2010.11.18 22:11:20 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI [2010.09.21 11:14:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeavs.dll [2010.09.21 11:14:14 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeacui.dll [2010.09.21 11:14:14 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeacuir.dll [2010.09.21 11:14:14 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeagcfg.dll [2010.09.21 11:13:24 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXEAinst.dll [2010.09.21 11:13:23 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeains.dll [2010.09.21 11:13:23 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeainsb.dll [2010.09.21 11:13:23 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeacu.dll [2010.09.21 11:13:23 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeagrd.dll [2010.09.21 11:13:23 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxeainsr.dll [2010.09.21 11:13:23 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeacub.dll [2010.09.21 11:13:23 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeajswr.dll [2010.09.21 11:13:23 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeacur.dll [2010.09.21 11:13:09 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEAsm.dll [2010.09.21 11:13:09 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LXEAsmr.dll [2010.05.21 01:18:24 | 000,000,072 | ---- | C] () -- C:\Windows\oemaster.ini [2010.04.26 22:35:43 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll [2010.04.26 22:35:43 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll [2010.04.26 22:35:25 | 000,014,348 | ---- | C] () -- C:\Windows\HPSETUP.INI [2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2010.03.19 01:04:40 | 000,004,956 | ---- | C] () -- C:\ProgramData\esswogwb.bbd [2010.01.07 12:29:48 | 000,000,065 | ---- | C] () -- C:\Windows\FISHUI.INI [2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.10.10 14:59:40 | 000,001,040 | ---- | C] () -- C:\Users\Yvi\AppData\Roaming\wklnhst.dat [2009.10.02 23:21:25 | 000,000,000 | ---- | C] () -- C:\Windows\popcinfo.dat [2009.09.24 11:41:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.24 11:41:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.10 16:50:07 | 000,000,967 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.09.10 16:50:07 | 000,000,774 | ---- | C] () -- C:\Windows\ODBC.INI [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.05.30 15:00:10 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.01.26 18:52:51 | 000,225,280 | R--- | C] () -- C:\Windows\USBM55phmgunin.exe [2008.12.23 00:48:57 | 000,000,062 | ---- | C] () -- C:\Windows\10eG-Install.ini [2008.12.14 17:16:51 | 000,253,696 | ---- | C] () -- C:\Windows\pptpunin.exe [2008.12.07 23:56:23 | 000,006,688 | ---- | C] () -- C:\Windows\movexe.exe [2008.10.16 17:23:22 | 000,360,096 | ---- | C] () -- C:\Windows\System32\atwtusb.exe [2008.10.16 17:23:21 | 000,048,800 | ---- | C] () -- C:\Windows\System32\InstallService.exe [2008.10.16 17:23:20 | 001,969,824 | ---- | C] () -- C:\Windows\System32\WTMKM.exe [2008.10.16 17:23:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\ATWTINK.DLL [2008.10.16 17:23:20 | 000,102,048 | ---- | C] () -- C:\Windows\RmTablet.exe [2008.10.16 17:23:19 | 000,013,951 | ---- | C] () -- C:\Windows\System32\Photoshop Elements.ini [2008.10.16 17:23:19 | 000,010,361 | ---- | C] () -- C:\Windows\System32\PhotoImpact XL SE.ini [2008.10.16 17:23:19 | 000,007,633 | ---- | C] () -- C:\Windows\System32\Vista.ini [2008.10.16 17:23:19 | 000,007,341 | ---- | C] () -- C:\Windows\System32\XP_2000.ini [2008.10.16 17:23:19 | 000,006,386 | ---- | C] () -- C:\Windows\aiptbl.ini [2008.10.16 17:23:19 | 000,000,574 | ---- | C] () -- C:\Windows\System32\MKProfile.ini [2008.09.17 13:36:22 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2008.09.17 13:36:20 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2008.09.17 13:36:20 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2008.09.17 13:36:20 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll [2008.09.16 14:28:04 | 000,001,473 | ---- | C] () -- C:\Windows\eReg.dat [2008.08.29 11:55:37 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.08.13 17:09:06 | 000,000,000 | ---- | C] () -- C:\Windows\MAPPER.INI [2008.07.30 18:33:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsnpstd.dll [2008.07.23 23:39:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.07.22 14:38:48 | 000,000,029 | ---- | C] () -- C:\Windows\viewer.ini [2008.07.11 16:40:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.07.09 21:06:50 | 000,007,592 | ---- | C] () -- C:\Users\Yvi\AppData\Local\d3d9caps.dat [2008.07.08 20:28:07 | 000,246,784 | ---- | C] () -- C:\Users\Yvi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.06 17:21:19 | 000,000,091 | ---- | C] () -- C:\Users\Yvi\AppData\Local\fusioncache.dat [2008.04.30 12:12:26 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2008.04.30 12:12:26 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2008.04.30 11:28:46 | 000,000,052 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2008.04.01 15:35:46 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI [2008.04.01 15:13:07 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.04.01 15:13:06 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.03.31 12:55:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.01.21 09:15:58 | 000,676,444 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,147,028 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,372,872 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,636,302 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,120,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.05.03 22:40:42 | 000,390,784 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys [2006.04.04 10:54:28 | 000,192,512 | ---- | C] () -- C:\Windows\System32\AegisI5.exe [2006.04.04 10:54:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\acs.exe [2005.10.11 20:54:48 | 000,339,968 | ---- | C] () -- C:\Windows\vsnpstd.exe [2005.02.02 02:29:12 | 000,020,480 | ---- | C] () -- C:\Windows\usnpstd.exe [2003.01.18 00:34:40 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini [2002.09.06 11:36:16 | 000,124,416 | ---- | C] () -- C:\Windows\lame_enc.dll [2001.11.19 21:13:36 | 000,401,408 | ---- | C] () -- C:\Windows\stepbuttons.dll [1997.12.08 02:03:00 | 000,067,104 | ---- | C] () -- C:\Windows\Paul-setup.exe [1996.12.14 00:00:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\WRKGADM.EXE [1996.12.14 00:00:00 | 000,025,600 | ---- | C] () -- C:\Windows\System32\VADE232.DLL [1996.12.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL [1996.12.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL [1996.12.14 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL ========== LOP Check ========== [2011.05.07 09:09:07 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\.minecraft [2011.05.02 21:33:10 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\.purple [2009.06.07 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Amazon [2010.06.16 23:17:50 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Bioshock [2011.07.27 04:45:28 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\BitTorrent [2010.03.20 03:11:16 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\CocoonSoftware [2011.07.27 12:13:54 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\DAEMON Tools Lite [2010.01.07 12:29:38 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\DataCast [2011.05.07 12:42:01 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\FreeFLVConverter [2010.03.19 02:08:08 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\FreeScreenToVideo [2010.09.13 21:39:28 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\gtk-2.0 [2010.09.16 15:04:49 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Gutscheinmieze [2011.09.07 09:57:20 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\ICQ [2008.07.11 17:21:06 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\ICQLite [2010.05.21 01:26:36 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\kikin [2009.03.16 00:57:41 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\McLoad [2008.07.11 17:02:31 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Miranda [2009.01.26 18:52:11 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\MobileAction [2010.02.21 15:18:58 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\OfficeRecovery [2009.07.11 12:17:42 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\phonostar-Player [2009.09.02 22:10:05 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\QIP [2009.01.27 14:00:24 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Simple Star [2009.10.10 14:59:42 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Template [2010.02.13 03:03:33 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\TuneUp Software [2011.09.09 11:41:12 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.07.06 17:21:13 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.09.24 20:45:00 | 000,000,000 | -HSD | M] -- C:\Boot [2011.07.26 20:05:00 | 000,000,000 | ---D | M] -- C:\codec-info [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.07.06 17:13:53 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.09.21 11:12:00 | 000,000,000 | ---D | M] -- C:\Lexmark [2008.07.22 16:34:36 | 000,000,000 | ---D | M] -- C:\Medion [2008.12.14 17:16:51 | 000,000,000 | ---D | M] -- C:\MISSION [2009.12.30 01:05:48 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.04.11 14:08:14 | 000,000,000 | ---D | M] -- C:\MyWorks [2011.07.26 20:05:37 | 000,000,000 | ---D | M] -- C:\premiumsoft [2011.09.09 11:13:23 | 000,000,000 | R--D | M] -- C:\Program Files [2011.09.09 11:13:28 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.07.06 17:13:53 | 000,000,000 | -HSD | M] -- C:\Programme [2010.04.26 22:35:43 | 000,000,000 | ---D | M] -- C:\SCANJET [2010.04.26 22:35:15 | 000,000,000 | ---D | M] -- C:\sj655 [2011.09.09 11:49:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.09.10 16:50:13 | 000,000,000 | ---D | M] -- C:\Temp [2008.08.13 17:07:50 | 000,000,000 | ---D | M] -- C:\UbiSoft [2008.07.06 17:20:40 | 000,000,000 | R--D | M] -- C:\Users [2011.09.06 09:40:26 | 000,000,000 | ---D | M] -- C:\Windows [2008.09.08 18:09:57 | 000,000,000 | ---D | M] -- C:\xampp < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-07 10:45:19 ========== Alternate Data Streams ========== @Alternate Data Stream - 638 bytes -> C:\Users\Yvi\Documents\spielenachmittag_-abend (_.eml:OECustomProperty < End of report > extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.09.2011 11:47:25 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Yvi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,88% Memory free
6,19 Gb Paging File | 5,19 Gb Available in Paging File | 83,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,75 Gb Total Space | 217,11 Gb Free Space | 48,71% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,66 Gb Free Space | 53,32% Space Free | Partition Type: FAT32
Drive I: | 7,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: YVI-PC | User Name: Yvi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11B0C170-4D3E-4220-8806-7B4DFB611ADB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{301A28D9-CC67-4FE2-8B26-D665F65D4A4C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{364F9AB9-CEAD-40C0-B336-5ED7879EDB9A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{374AA3E9-BECE-406A-BE1B-8B0FD04F1E31}" = rport=139 | protocol=6 | dir=out | app=system |
"{3C2BC6EC-0637-4601-951A-7303CCAF4A07}" = lport=139 | protocol=6 | dir=in | app=system |
"{3E6CBDD9-EE41-4F52-960B-C8F9CDDE33BA}" = lport=137 | protocol=17 | dir=in | app=system |
"{5053EE42-2E21-4FE4-8881-0601ACC88EA2}" = lport=445 | protocol=6 | dir=in | app=system |
"{6315892C-D473-49B7-8F20-1A8ED331D15E}" = rport=445 | protocol=6 | dir=out | app=system |
"{938A4075-8CAE-4F26-8D57-B74B9A2EE048}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{99D1D08F-C6D5-425A-9014-4ECB60B94255}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A96EC6AF-069F-4379-891B-A345E2474029}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BD991224-1357-49D3-8726-CF904A505482}" = lport=138 | protocol=17 | dir=in | app=system |
"{BE398DE8-3201-49E8-ADBC-F46042B97ECF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BFC98B4E-D51C-4DA4-AFF5-A028A3DE2EA9}" = rport=138 | protocol=17 | dir=out | app=system |
"{C1475E40-24B1-4FFF-A329-3E65431C3D49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C28AB338-CAFD-46A5-BC32-145B10F172C5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D93B6D11-83F7-4271-B8E2-AB0640D0D2F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DE938DAD-8629-4527-B9C5-5AEED97DA6A2}" = rport=137 | protocol=17 | dir=out | app=system |
"{FA8D3940-7FCB-4579-9781-02766D1A9834}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEC9DC91-6481-4BCF-AAC1-BAADA9EC4BCA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050D951E-4861-453B-901B-1EF29E63CF57}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{093236E9-D90F-4986-B244-F0B18590F6A0}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{117F21C4-B9E7-4DFC-8AE6-42A8806367A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{15B796D0-5EFE-403A-A917-800241CEFE02}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{1819669A-AD67-4511-A125-B22B637B4629}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{21EEE702-1043-4380-87AF-2970844E1791}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{2A558AC9-D23D-4CD3-AC52-CD81711C0E8C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E62EB71-CB0D-4B06-9592-977E7BBF7796}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{308D2295-71F2-4777-87F5-1104A680C0DF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{38937176-D46E-4694-998C-E95BDD7375EB}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{46513B2D-194A-44AA-B067-0C8E8F02DCF7}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{50B9C9C9-A1D0-4F0C-AA50-E41C4ECEDDF3}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{57ECFFB6-EF28-401C-897A-44476F1ABD67}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe |
"{594004F0-2A09-483B-91BF-4D96DD6F2B66}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{63FC5AAA-6C37-42DF-AC8B-F14FB3E99E6B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{643FEC32-4A59-4FAF-A51B-99F09C40C03E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{71D114BC-6C6E-4FC7-8DEE-3E8ED76F80BD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{801DACCE-AE80-4329-8BAD-EC6C4596EA63}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{83176666-185A-4014-8152-2B23C109B985}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{8C699785-9625-43BA-AB25-C594F590809F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{9524F062-4C15-4AF3-8582-D91DBC8CD54D}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{9C14FC8A-2BEA-41B0-AED8-DB4FBB1F4FCC}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe |
"{A23348EC-8353-4649-8231-9F5AD5933B53}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{AB86E956-9CF0-48C6-BC39-EC91EE0BAFD0}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B2A01903-1FAC-43F7-A777-2605A8DE79B8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C1542B42-FF23-4DFF-A108-8AF67F8E1BE8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C1EEF1A2-B250-4167-9072-CDB0E6C177D4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C2305E0C-B8F1-4AEE-B832-EC3F8934AB45}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{C5B90965-B043-49F8-8BA4-7461C5FB297E}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{C67D9EE5-7862-4C72-A75B-7BE3C586CD38}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{CBBA7441-09EC-4A30-B508-4CB710C4E265}" = protocol=17 | dir=in | app=h:\alicecd.exe |
"{CBED4B7D-6ADB-4FA3-83E9-EACB94B0B187}" = protocol=6 | dir=in | app=h:\alicecd.exe |
"{CDF15067-DE91-4CAE-A73C-F5E97415021B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D51B741C-B7F5-4FC3-BCB8-47FFCAAC9247}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{D8CE8103-5595-4C2F-99D8-CC9C951791B2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{E8C2FD35-6555-4A19-BC75-6213CC7B096D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EBF3EF6B-003A-4A6E-9FC8-EEA0C30A7FA9}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{F08C870D-303D-4F00-A6B5-C75E96C59164}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{0F45DF03-7D18-447E-936E-7FDEA313F8B6}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{21466352-AFCF-4A72-B7F3-D051827C336A}C:\program files\steam\steamapps\common\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"TCP Query User{25517D32-3BBE-4F96-AD06-27246CD5D3A8}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{3A49D631-774B-42DF-9341-387C659B1311}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{5DE6BB2A-72C3-40A2-86F8-08F592AFAF7D}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{6BA400C8-CB2B-41CF-B9CA-2A228FA4B9C5}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{6E6CD1D4-4901-4C1E-82CF-A331D2144C95}C:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"TCP Query User{764975D0-697D-49EA-BE14-C9CA57365678}C:\users\yvi\downloads\ipcurve100win32\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\users\yvi\downloads\ipcurve100win32\ipcurve\ipcurve.exe |
"TCP Query User{771C3396-4F64-4140-B573-98F14F3D749F}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{7CC3CF82-1508-4F6D-8E3C-25F6F123992F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{7CF55CB3-859F-4B58-BE1C-C96A59538D6F}C:\program files\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files\qip infium\infium.exe |
"TCP Query User{8A2E5674-4EBC-4A2C-A204-E489D7DA7E5A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{90654FFA-076A-4A6F-A317-2305C715BF36}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"TCP Query User{B0FB3946-E5DD-4E20-8215-8F646724789A}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{C41EE633-9212-412A-B674-DE95A3093775}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{DB015508-EC3B-43CD-AC65-860DAF153450}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{E194A3EF-9D0D-4CBA-B62C-DB5691C9755E}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"TCP Query User{EE253F81-E48A-4D20-8E9C-7ABE340BF2D5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{F1632741-3E4F-454D-83F3-633240A552E3}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{167DDB5A-EA87-404C-B78E-B106B8531B1E}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{26E6A495-7922-4E96-86DC-79A2589BA61D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{4AE1D26A-6F4F-4EB5-A2D0-C9B5F230A643}C:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"UDP Query User{5101F411-7B56-4B95-8B51-5F515D46342E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{59A5DE72-F107-4106-90E9-451B23866882}C:\program files\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files\qip infium\infium.exe |
"UDP Query User{5B0E64F6-545E-4396-8021-7009DFB001C4}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{6EF9A5EB-BD7F-455F-9AD0-EC862F951F12}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{775CEE26-DAA8-4EC6-A769-FE74D6F99CCB}C:\program files\steam\steamapps\common\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"UDP Query User{7AD709A3-2A29-408A-873D-14C1B13571E6}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{9B532CAD-DAF1-4BED-BFB9-C722A13D8656}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{A2C099DA-A91F-4F43-9587-3A2F59418EBC}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{B29507D8-C45E-43F9-BCF8-BFD52D230D92}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{C694473C-0D09-4512-B17F-53AAE6FE1F1A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{CE1BD52C-C9E1-4C1C-97FB-DEE0BF229275}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{D7BD00A0-C1D4-410D-A592-65FEBD5FB20C}C:\users\yvi\downloads\ipcurve100win32\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\users\yvi\downloads\ipcurve100win32\ipcurve\ipcurve.exe |
"UDP Query User{E9E4396A-DD90-4318-9E16-450869B8D4E4}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"UDP Query User{EEA85A52-3E76-482B-A917-6D2181392618}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{F6570E4F-22BE-43F7-AC11-6651B26FA4B2}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe |
"UDP Query User{F70EE985-5887-4D9D-A36A-4AF01AC26FBA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23BB5CFE-8B85-4568-9A85-68F99D19680E}" = Audio 180 %
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{36BBA884-C697-48B6-B496-5F329215E249}" = BioShock Demo
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57383270-6F61-4DC8-A9B8-C1745FC29F38}" = USB PC Camera (SN9C101)
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{769033E4-C119-496A-8144-3F468081F8D7}" = Movavi Video Suite 8
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AE38076-D8FD-4EF9-A203-98A3EF0C66C1}" = Siemens Data Suite
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F251952-43A3-1305-997C-5B285C76FCAD}" = ATI Catalyst Install Manager
"{9FD45917-95E6-449D-ACC9-01E634A34CBD}_is1" = MPEG Video Wizard DVD 5.0.0.104 (01/2010)
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4CF84DC-055D-469B-AFEC-FFB9E5FB770B}" = TrekStor i.Beat censo
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAF5914B-5730-4373-B038-9F436AC6A0D6}" = Rayman3
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DB44F479-789A-4D76-A31E-663C5658F576}" = Mindjet MindManager 9
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F701F7AC-B6A5-4B97-8901-B6C08649FCDF}" = TrekStor i.Beat cebrax FM
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer
"Advanced MP3 Converter_is1" = Advanced MP3 Converter 2.20
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"BitTorrent" = BitTorrent
"CamStudio" = CamStudio
"Crossrider" = Crossrider Web Apps
"DAEMON Tools Lite" = DAEMON Tools Lite
"Die Sims" = Die Sims
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Doro_is1" = Doro 1.42
"Eufloria_is1" = Eufloria v2.07
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free FLV Converter_is1" = Free FLV Converter V 6.96.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Screen To Video_is1" = Free Screen To Video V 1.2
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GTK 2.0" = GTK+ Runtime 2.12.12 rev a (nur entfernen)
"hedgewars" = Hedgewars
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP PrecisionScan LT Software" = HP PrecisionScan LT Software
"Insaniquarium Deluxe 1.0" = Insaniquarium Deluxe 1.0
"InstallShield_{7AE38076-D8FD-4EF9-A203-98A3EF0C66C1}" = Siemens Data Suite
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR WG311T Wireless Adapter
"JDownloader" = JDownloader
"kikin Plugin (Murb.com Edition)" = kikin Plugin (Murb.com Edition) 1.11
"LetsTrade" = LetsTrade Komponenten
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"M55 USB-Handset Manager" = M55 USB-Handset Manager
"McLoad Preinstaller" = McLoad Preinstaller
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"Mpeg Video Wizard DVD 5.0" = MPEG Video Wizard DVD 5.0.0.104 (01/2010)
"MyFreeCodec" = MyFreeCodec
"NVIDIA Drivers" = NVIDIA Drivers
"OEMaster-Daten-ExportfürOutlookExpress" = OEMaster - DBX-Reader und Daten-Export für Outlook Express
"Office8.0" = Microsoft Office 97, Professional Edition
"OpenAL" = OpenAL
"PDF-XChange 3_is1" = PDF-XChange 3
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.4
"Pidgin" = Pidgin
"PPTP" = Pink Panthers Gefährliche Mission
"RealPlayer 6.0" = RealPlayer
"Rmtablet" = GRAFIKABLETT MD 85637
"Siemens S55 Colour Scheme Editor_is1" = Siemens S55 Colour Scheme Editor 0.9.14
"Steam App 400" = Portal
"Steam App 620" = Portal 2
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"WinDjView" = WinDjView 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xilisoft AVI MPEG Converter" = Xilisoft AVI MPEG Converter
"Zuma Deluxe RA" = Zuma Deluxe RA
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"pdfsam" = pdfsam
"QIP Infium" = QIP Infium 2.0.9032 RC4
"QUICKMEDIACONVERTER" = QMC
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.11.2009 10:27:31 | Computer Name = Yvi-PC | Source = System Restore | ID = 8193
Description =
Error - 03.11.2009 11:27:38 | Computer Name = Yvi-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.11.2009 17:08:15 | Computer Name = Yvi-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.11.2009 11:01:10 | Computer Name = Yvi-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.11.2009 13:08:54 | Computer Name = Yvi-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.11.2009 13:45:15 | Computer Name = Yvi-PC | Source = System Restore | ID = 8193
Description =
Error - 04.11.2009 16:53:49 | Computer Name = Yvi-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.11.2009 17:38:41 | Computer Name = Yvi-PC | Source = System Restore | ID = 8193
Description =
Error - 04.11.2009 17:38:53 | Computer Name = Yvi-PC | Source = System Restore | ID = 8193
Description =
Error - 04.11.2009 18:03:47 | Computer Name = Yvi-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 12.05.2010 05:15:22 | Computer Name = Yvi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 570
seconds with 360 seconds of active time. This session ended with a crash.
Error - 27.03.2011 10:18:40 | Computer Name = Yvi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 07.09.2011 05:43:05 | Computer Name = Yvi-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error - 08.09.2011 07:44:11 | Computer Name = Yvi-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =
Error - 08.09.2011 07:44:30 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 08.09.2011 07:44:30 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.09.2011 10:53:28 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 08.09.2011 10:53:28 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 09.09.2011 05:09:40 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 09.09.2011 05:09:40 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 09.09.2011 05:42:50 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 09.09.2011 05:42:50 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
09.09.2011, 21:40
| #4 |
| /// Malwareteam | smiley auf dunklem bildschirm, windows startete nicht mehr Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
|
|
09.09.2011, 22:01
| #5 |
| | smiley auf dunklem bildschirm, windows startete nicht mehr MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: MEDIONPC BIOS Manufacturer: American Megatrends Inc. System Manufacturer: MEDIONPC System Product Name: MS-7501 Logical Drives Mask: 0x000001fc Kernel Drivers (total 152): 0x82606000 \SystemRoot\system32\ntkrnlpa.exe 0x829C0000 \SystemRoot\system32\hal.dll 0x80403000 \SystemRoot\system32\kdcom.dll 0x8040A000 \SystemRoot\system32\PSHED.dll 0x8041B000 \SystemRoot\system32\BOOTVID.dll 0x80423000 \SystemRoot\system32\CLFS.SYS 0x80464000 \SystemRoot\system32\CI.dll 0x80544000 \SystemRoot\system32\drivers\Wdf01000.sys 0x805C0000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80609000 \SystemRoot\system32\drivers\acpi.sys 0x8064F000 \SystemRoot\system32\drivers\WMILIB.SYS 0x80658000 \SystemRoot\system32\drivers\msisadrv.sys 0x80660000 \SystemRoot\system32\drivers\pci.sys 0x80687000 \SystemRoot\System32\drivers\partmgr.sys 0x80696000 \SystemRoot\system32\drivers\volmgr.sys 0x806A5000 \SystemRoot\System32\drivers\volmgrx.sys 0x806EF000 \SystemRoot\system32\DRIVERS\amdide.sys 0x806F6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x80704000 \SystemRoot\System32\drivers\mountmgr.sys 0x80714000 \SystemRoot\system32\drivers\atapi.sys 0x8071C000 \SystemRoot\system32\drivers\ataport.SYS 0x8073A000 \SystemRoot\system32\drivers\fltmgr.sys 0x8076C000 \SystemRoot\system32\drivers\fileinfo.sys 0x8077C000 \SystemRoot\System32\Drivers\ksecdd.sys 0x83001000 \SystemRoot\system32\drivers\ndis.sys 0x8310C000 \SystemRoot\system32\drivers\msrpc.sys 0x83137000 \SystemRoot\system32\drivers\NETIO.SYS 0x83204000 \SystemRoot\System32\drivers\tcpip.sys 0x832F1000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8A80E000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8A91E000 \SystemRoot\system32\drivers\volsnap.sys 0x8A957000 \SystemRoot\System32\Drivers\spldr.sys 0x8A95F000 \SystemRoot\System32\Drivers\mup.sys 0x8A96E000 \SystemRoot\System32\drivers\ecache.sys 0x8A995000 \SystemRoot\system32\drivers\disk.sys 0x8A9A6000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8A9C7000 \SystemRoot\system32\DRIVERS\AtiPcie.sys 0x8A9CF000 \SystemRoot\system32\drivers\crcdisk.sys 0x8330C000 \SystemRoot\system32\DRIVERS\ahcix86s.sys 0x8334D000 \SystemRoot\system32\DRIVERS\storport.sys 0x8A9EF000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8A800000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x833CF000 \SystemRoot\system32\DRIVERS\processr.sys 0x90406000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x90B20000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x90BC0000 \SystemRoot\System32\drivers\watchdog.sys 0x83172000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x90BCC000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x90BDC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x833DE000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x90BEA000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x831B3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x831F1000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x90E05000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x90E92000 \SystemRoot\system32\DRIVERS\serial.sys 0x90EAC000 \SystemRoot\system32\DRIVERS\serenum.sys 0x90EB6000 \SystemRoot\system32\DRIVERS\dne2000.sys 0x90ED5000 \SystemRoot\system32\DRIVERS\serscan.sys 0x90EDD000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x90F0C000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x90F17000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x90F2E000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x90F39000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x90F5C000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x90F6B000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x90F7F000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x90F94000 \SystemRoot\system32\DRIVERS\termdd.sys 0x90FA4000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x90FAF000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x90FBA000 \SystemRoot\system32\DRIVERS\swenum.sys 0x90FBC000 \SystemRoot\system32\DRIVERS\ks.sys 0x9120D000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys 0x91248000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x91252000 \SystemRoot\system32\DRIVERS\umbus.sys 0x9125F000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x91294000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x9360A000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x9380B000 \SystemRoot\system32\drivers\portcls.sys 0x93838000 \SystemRoot\system32\drivers\drmk.sys 0x9385D000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0x93884000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x9388D000 \SystemRoot\System32\Drivers\Null.SYS 0x93894000 \SystemRoot\System32\Drivers\Beep.SYS 0x938A4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x938AB000 \SystemRoot\System32\drivers\vga.sys 0x938B7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x938D8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x938E0000 \SystemRoot\system32\drivers\rdpencdd.sys 0x938E8000 \SystemRoot\System32\Drivers\Msfs.SYS 0x938F3000 \SystemRoot\System32\Drivers\Npfs.SYS 0x93901000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x9390A000 \SystemRoot\system32\DRIVERS\tdx.sys 0x93920000 \SystemRoot\system32\DRIVERS\smb.sys 0x93934000 \SystemRoot\system32\drivers\afd.sys 0x9397C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x93991000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x93993000 \SystemRoot\System32\DRIVERS\netbt.sys 0x939C5000 \SystemRoot\system32\DRIVERS\pacer.sys 0x939DB000 \SystemRoot\system32\DRIVERS\netbios.sys 0x939E9000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x912A5000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x93600000 \SystemRoot\system32\drivers\nsiproxy.sys 0x912E1000 \SystemRoot\System32\Drivers\dfsc.sys 0x912F8000 \SystemRoot\system32\DRIVERS\netr28u.sys 0x9138C000 \SystemRoot\system32\DRIVERS\usbprint.sys 0x91396000 \SystemRoot\System32\Drivers\fastfat.SYS 0x913BE000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x9389B000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x913D5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x913E5000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x913EE000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x91200000 \SystemRoot\System32\Drivers\crashdmp.sys 0x913F6000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x8338E000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys 0x9CAC0000 \SystemRoot\System32\win32k.sys 0x90FE6000 \SystemRoot\System32\drivers\Dxapi.sys 0x90FF0000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9CCE0000 \SystemRoot\System32\TSDDD.dll 0x805CD000 \SystemRoot\system32\drivers\luafv.sys 0x9CD00000 \SystemRoot\System32\cdd.dll 0xA2406000 \SystemRoot\system32\drivers\spsys.sys 0xA24B6000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xA24C6000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xA24F0000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA24FA000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA250D000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA2523000 \SystemRoot\system32\drivers\HTTP.sys 0xA2590000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA25AD000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA25C6000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA25DB000 \SystemRoot\system32\drivers\mrxdav.sys 0xA5407000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA5426000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA545F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA5477000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA549F000 \SystemRoot\System32\DRIVERS\srv.sys 0xA54EE000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys 0xA6A03000 \SystemRoot\system32\drivers\peauth.sys 0xA6AE1000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA6AEB000 \SystemRoot\system32\DRIVERS\MpNWMon.sys 0xA6AF5000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA6B01000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA6B16000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xA6B28000 \??\C:\Program Files\HomeCinema\PlayMovie\000.fcl 0xA6B45000 \??\C:\Program Files\HomeCinema\PowerDVD\000.fcl 0xA6B62000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys 0xA6B77000 \??\C:\Windows\system32\drivers\mbam.sys 0xA6B7B000 \SystemRoot\system32\DRIVERS\udfs.sys 0xA6BB6000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xA6BBF000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3CFEB9A-DF84-4231-AD9C-668D005270FE}\MpKsld95bc85b.sys 0x9CD10000 \SystemRoot\System32\ATMFD.DLL 0x77B20000 \Windows\System32\ntdll.dll Processes (total 70): 0 System Idle Process 4 System 456 C:\Windows\System32\smss.exe 536 csrss.exe 584 C:\Windows\System32\wininit.exe 596 csrss.exe 632 C:\Windows\System32\services.exe 644 C:\Windows\System32\lsass.exe 652 C:\Windows\System32\lsm.exe 808 C:\Windows\System32\svchost.exe 856 C:\Windows\System32\nvvsvc.exe 892 C:\Windows\System32\svchost.exe 936 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 1032 C:\Windows\System32\svchost.exe 1080 C:\Windows\System32\winlogon.exe 1108 C:\Windows\System32\svchost.exe 1148 C:\Windows\System32\svchost.exe 1248 C:\Windows\System32\audiodg.exe 1284 C:\Windows\System32\svchost.exe 1320 C:\Windows\System32\SLsvc.exe 1368 C:\Windows\System32\svchost.exe 1524 C:\Windows\System32\svchost.exe 1644 C:\Windows\System32\rundll32.exe 1940 C:\Windows\System32\spoolsv.exe 1968 C:\Windows\System32\svchost.exe 284 C:\Windows\System32\dwm.exe 336 C:\Windows\explorer.exe 272 C:\Windows\System32\taskeng.exe 796 C:\Windows\System32\taskeng.exe 1104 C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe 820 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 1328 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 2180 C:\Windows\System32\lxeacoms.exe 2236 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 2328 C:\Windows\System32\IoctlSvc.exe 2344 C:\Windows\System32\svchost.exe 2408 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2632 C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe 2720 C:\Windows\System32\svchost.exe 2780 C:\Windows\System32\svchost.exe 2812 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2856 C:\Windows\System32\SearchIndexer.exe 3156 WUDFHost.exe 3312 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe 3344 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3636 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 3848 C:\Windows\System32\rundll32.exe 3912 C:\Windows\System32\atwtusb.exe 4000 C:\Program Files\Lexmark S300-S400 Series\ezprint.exe 4024 C:\Program Files\Microsoft Security Client\msseces.exe 4084 C:\Windows\ehome\ehtray.exe 2200 C:\Program Files\CrossriderWebApps\Crossrider.exe 2264 C:\Program Files\DAEMON Tools Lite\DTLite.exe 2308 C:\Program Files\NETGEAR\WG311T\wlancfg5.exe 1768 C:\Windows\ehome\ehmsas.exe 2564 C:\Windows\System32\WTMKM.exe 3720 C:\Windows\System32\wbem\unsecapp.exe 3080 WmiPrvSE.exe 1812 C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe 3816 C:\Windows\System32\svchost.exe 3128 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe 2544 C:\Windows\System32\wuauclt.exe 3532 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE 3924 C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe 5056 C:\Windows\System32\SearchProtocolHost.exe 5608 C:\Windows\System32\SearchFilterHost.exe 6028 C:\Program Files\Mozilla Firefox\firefox.exe 5672 C:\Program Files\Mozilla Firefox\plugin-container.exe 2336 C:\Users\Yvi\Desktop\MBRCheck.exe 4556 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000006f`70839c00 (FAT32) PhysicalDrive0 Model Number: WDC WD5000AACS-00ZUB0, Rev: 1.10 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 RE: Windows 98 MBR code detected SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E Done! dankeschön für die fixen antworten |
|
09.09.2011, 22:14
| #6 | |
| /// Malwareteam | smiley auf dunklem bildschirm, windows startete nicht mehrZitat:
Hast Du mehrere Betriebssyteme? |
|
09.09.2011, 22:41
| #7 |
| | smiley auf dunklem bildschirm, windows startete nicht mehr hm.. soweit ich bis eben dachte, nein. es ist zwar noch ein zweiter pc vorhanden, über den zwecks älterer spiele 98 läuft, aber hier sollte nichts davon zu finden sein.. ich bin mir gerade nicht sicher, ob ich vor einigen jahren mal bei diesem pc auf einer partition 98 installiert hatte, um mich beim booten für eins der beiden systeme entscheiden zu können, aber selbst wenn dem so wäre, sollte inzwischen nix mehr davon übrig sein. wäre die meldung denn dann beunruhigend oder gleichgültig? |
|
11.09.2011, 23:22
| #8 |
| /// Malwareteam | smiley auf dunklem bildschirm, windows startete nicht mehr Melde mich Morgen, sorry. |
|
12.09.2011, 17:52
| #9 |
| /// Malwareteam | smiley auf dunklem bildschirm, windows startete nicht mehr MBR mit aswMBR von Avast wiederherstellen Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop nicht woanders hin, falls noch nicht vorhanden. Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen. Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen. Klicke Scan, um den Suchlauf zu starten. Wenn der Scan beendet ist, was mit Scan finished sucessfull! angezeigt wird, klicke auf FixMBR, um den MBR wiederherzustellen. |
|
12.09.2011, 23:24
| #10 |
| | smiley auf dunklem bildschirm, windows startete nicht mehr nabend, alles nach plan durchgeführt. bereit für eventuelle nächste schritte (: |
|
13.09.2011, 17:44
| #11 |
| /// Malwareteam | smiley auf dunklem bildschirm, windows startete nicht mehr
|
|
13.09.2011, 18:33
| #12 |
| | smiley auf dunklem bildschirm, windows startete nicht mehr MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: MEDIONPC BIOS Manufacturer: American Megatrends Inc. System Manufacturer: MEDIONPC System Product Name: MS-7501 Logical Drives Mask: 0x000001fc Kernel Drivers (total 152): 0x82606000 \SystemRoot\system32\ntkrnlpa.exe 0x829C0000 \SystemRoot\system32\hal.dll 0x80403000 \SystemRoot\system32\kdcom.dll 0x8040A000 \SystemRoot\system32\PSHED.dll 0x8041B000 \SystemRoot\system32\BOOTVID.dll 0x80423000 \SystemRoot\system32\CLFS.SYS 0x80464000 \SystemRoot\system32\CI.dll 0x80544000 \SystemRoot\system32\drivers\Wdf01000.sys 0x805C0000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80609000 \SystemRoot\system32\drivers\acpi.sys 0x8064F000 \SystemRoot\system32\drivers\WMILIB.SYS 0x80658000 \SystemRoot\system32\drivers\msisadrv.sys 0x80660000 \SystemRoot\system32\drivers\pci.sys 0x80687000 \SystemRoot\System32\drivers\partmgr.sys 0x80696000 \SystemRoot\system32\drivers\volmgr.sys 0x806A5000 \SystemRoot\System32\drivers\volmgrx.sys 0x806EF000 \SystemRoot\system32\DRIVERS\amdide.sys 0x806F6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x80704000 \SystemRoot\System32\drivers\mountmgr.sys 0x80714000 \SystemRoot\system32\drivers\atapi.sys 0x8071C000 \SystemRoot\system32\drivers\ataport.SYS 0x8073A000 \SystemRoot\system32\drivers\fltmgr.sys 0x8076C000 \SystemRoot\system32\drivers\fileinfo.sys 0x8077C000 \SystemRoot\System32\Drivers\ksecdd.sys 0x83001000 \SystemRoot\system32\drivers\ndis.sys 0x8310C000 \SystemRoot\system32\drivers\msrpc.sys 0x83137000 \SystemRoot\system32\drivers\NETIO.SYS 0x83204000 \SystemRoot\System32\drivers\tcpip.sys 0x832F1000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8A80E000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8A91E000 \SystemRoot\system32\drivers\volsnap.sys 0x8A957000 \SystemRoot\System32\Drivers\spldr.sys 0x8A95F000 \SystemRoot\System32\Drivers\mup.sys 0x8A96E000 \SystemRoot\System32\drivers\ecache.sys 0x8A995000 \SystemRoot\system32\drivers\disk.sys 0x8A9A6000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8A9C7000 \SystemRoot\system32\DRIVERS\AtiPcie.sys 0x8A9CF000 \SystemRoot\system32\drivers\crcdisk.sys 0x8330C000 \SystemRoot\system32\DRIVERS\ahcix86s.sys 0x8334D000 \SystemRoot\system32\DRIVERS\storport.sys 0x8A9EF000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8A800000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x833CF000 \SystemRoot\system32\DRIVERS\processr.sys 0x90406000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x90B20000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x90BC0000 \SystemRoot\System32\drivers\watchdog.sys 0x83172000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x90BCC000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x90BDC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x833DE000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x90BEA000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x831B3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x831F1000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x90E05000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x90E92000 \SystemRoot\system32\DRIVERS\serial.sys 0x90EAC000 \SystemRoot\system32\DRIVERS\serenum.sys 0x90EB6000 \SystemRoot\system32\DRIVERS\dne2000.sys 0x90ED5000 \SystemRoot\system32\DRIVERS\serscan.sys 0x90EDD000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x90F0C000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x90F17000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x90F2E000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x90F39000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x90F5C000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x90F6B000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x90F7F000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x90F94000 \SystemRoot\system32\DRIVERS\termdd.sys 0x90FA4000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x90FAF000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x90FBA000 \SystemRoot\system32\DRIVERS\swenum.sys 0x90FBC000 \SystemRoot\system32\DRIVERS\ks.sys 0x9120D000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys 0x91248000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x91252000 \SystemRoot\system32\DRIVERS\umbus.sys 0x9125F000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x91294000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x9360A000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x9380B000 \SystemRoot\system32\drivers\portcls.sys 0x93838000 \SystemRoot\system32\drivers\drmk.sys 0x9385D000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0x93884000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x9388D000 \SystemRoot\System32\Drivers\Null.SYS 0x93894000 \SystemRoot\System32\Drivers\Beep.SYS 0x938A4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x938AB000 \SystemRoot\System32\drivers\vga.sys 0x938B7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x938D8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x938E0000 \SystemRoot\system32\drivers\rdpencdd.sys 0x938E8000 \SystemRoot\System32\Drivers\Msfs.SYS 0x938F3000 \SystemRoot\System32\Drivers\Npfs.SYS 0x93901000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x9390A000 \SystemRoot\system32\DRIVERS\tdx.sys 0x93920000 \SystemRoot\system32\DRIVERS\smb.sys 0x93934000 \SystemRoot\system32\drivers\afd.sys 0x9397C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x93991000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x93993000 \SystemRoot\System32\DRIVERS\netbt.sys 0x939C5000 \SystemRoot\system32\DRIVERS\pacer.sys 0x939DB000 \SystemRoot\system32\DRIVERS\netbios.sys 0x939E9000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x912A5000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x93600000 \SystemRoot\system32\drivers\nsiproxy.sys 0x912E1000 \SystemRoot\System32\Drivers\dfsc.sys 0x912F8000 \SystemRoot\system32\DRIVERS\netr28u.sys 0x9138C000 \SystemRoot\system32\DRIVERS\usbprint.sys 0x91396000 \SystemRoot\System32\Drivers\fastfat.SYS 0x913BE000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x9389B000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x913D5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x913E5000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x913EE000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x91200000 \SystemRoot\System32\Drivers\crashdmp.sys 0x913F6000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x8338E000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys 0x9CAC0000 \SystemRoot\System32\win32k.sys 0x90FE6000 \SystemRoot\System32\drivers\Dxapi.sys 0x90FF0000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9CCE0000 \SystemRoot\System32\TSDDD.dll 0x805CD000 \SystemRoot\system32\drivers\luafv.sys 0x9CD00000 \SystemRoot\System32\cdd.dll 0xA2406000 \SystemRoot\system32\drivers\spsys.sys 0xA24B6000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xA24C6000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xA24F0000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA24FA000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA250D000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA2523000 \SystemRoot\system32\drivers\HTTP.sys 0xA2590000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA25AD000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA25C6000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA25DB000 \SystemRoot\system32\drivers\mrxdav.sys 0xA5407000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA5426000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA545F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA5477000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA549F000 \SystemRoot\System32\DRIVERS\srv.sys 0xA54EE000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys 0xA6A03000 \SystemRoot\system32\drivers\peauth.sys 0xA6AE1000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA6AEB000 \SystemRoot\system32\DRIVERS\MpNWMon.sys 0xA6AF5000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA6B01000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA6B16000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xA6B28000 \??\C:\Program Files\HomeCinema\PlayMovie\000.fcl 0xA6B45000 \??\C:\Program Files\HomeCinema\PowerDVD\000.fcl 0xA6B62000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys 0xA6B77000 \??\C:\Windows\system32\drivers\mbam.sys 0xA6B7B000 \SystemRoot\system32\DRIVERS\udfs.sys 0xA6BB6000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xA6BBF000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3CFEB9A-DF84-4231-AD9C-668D005270FE}\MpKsld95bc85b.sys 0x9CD10000 \SystemRoot\System32\ATMFD.DLL 0x77B20000 \Windows\System32\ntdll.dll Processes (total 70): 0 System Idle Process 4 System 456 C:\Windows\System32\smss.exe 536 csrss.exe 584 C:\Windows\System32\wininit.exe 596 csrss.exe 632 C:\Windows\System32\services.exe 644 C:\Windows\System32\lsass.exe 652 C:\Windows\System32\lsm.exe 808 C:\Windows\System32\svchost.exe 856 C:\Windows\System32\nvvsvc.exe 892 C:\Windows\System32\svchost.exe 936 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 1032 C:\Windows\System32\svchost.exe 1080 C:\Windows\System32\winlogon.exe 1108 C:\Windows\System32\svchost.exe 1148 C:\Windows\System32\svchost.exe 1248 C:\Windows\System32\audiodg.exe 1284 C:\Windows\System32\svchost.exe 1320 C:\Windows\System32\SLsvc.exe 1368 C:\Windows\System32\svchost.exe 1524 C:\Windows\System32\svchost.exe 1644 C:\Windows\System32\rundll32.exe 1940 C:\Windows\System32\spoolsv.exe 1968 C:\Windows\System32\svchost.exe 284 C:\Windows\System32\dwm.exe 336 C:\Windows\explorer.exe 272 C:\Windows\System32\taskeng.exe 796 C:\Windows\System32\taskeng.exe 1104 C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe 820 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 1328 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 2180 C:\Windows\System32\lxeacoms.exe 2236 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 2328 C:\Windows\System32\IoctlSvc.exe 2344 C:\Windows\System32\svchost.exe 2408 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2632 C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe 2720 C:\Windows\System32\svchost.exe 2780 C:\Windows\System32\svchost.exe 2812 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2856 C:\Windows\System32\SearchIndexer.exe 3156 WUDFHost.exe 3312 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe 3344 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3636 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 3848 C:\Windows\System32\rundll32.exe 3912 C:\Windows\System32\atwtusb.exe 4000 C:\Program Files\Lexmark S300-S400 Series\ezprint.exe 4024 C:\Program Files\Microsoft Security Client\msseces.exe 4084 C:\Windows\ehome\ehtray.exe 2200 C:\Program Files\CrossriderWebApps\Crossrider.exe 2264 C:\Program Files\DAEMON Tools Lite\DTLite.exe 2308 C:\Program Files\NETGEAR\WG311T\wlancfg5.exe 1768 C:\Windows\ehome\ehmsas.exe 2564 C:\Windows\System32\WTMKM.exe 3720 C:\Windows\System32\wbem\unsecapp.exe 3080 WmiPrvSE.exe 1812 C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe 3816 C:\Windows\System32\svchost.exe 3128 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe 2544 C:\Windows\System32\wuauclt.exe 3532 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE 3924 C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe 5056 C:\Windows\System32\SearchProtocolHost.exe 5608 C:\Windows\System32\SearchFilterHost.exe 6028 C:\Program Files\Mozilla Firefox\firefox.exe 5672 C:\Program Files\Mozilla Firefox\plugin-container.exe 2336 C:\Users\Yvi\Desktop\MBRCheck.exe 4556 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000006f`70839c00 (FAT32) PhysicalDrive0 Model Number: WDC WD5000AACS-00ZUB0, Rev: 1.10 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 RE: Windows 98 MBR code detected SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E Done! |
|
14.09.2011, 22:10
| #13 |
| /// Malwareteam | smiley auf dunklem bildschirm, windows startete nicht mehrCombofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Lade ComboFix von einem dieser Download-Spiegel herunter: BleepingComputer - ForoSpyware * Wichtig !! Speichere ComboFix auf dem Desktop
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei. |
|
15.09.2011, 08:28
| #14 |
| | smiley auf dunklem bildschirm, windows startete nicht mehr Combofix Logfile: Code:
ATTFilter ComboFix 11-09-15.01 - Yvi 15.09.2011 9:17.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1979 [GMT 2:00]
ausgeführt von:: c:\users\Yvi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL80ED.tmp
c:\programdata\SPLA639.tmp
c:\programdata\SPLBCE8.tmp
c:\users\Yvi\AppData\Local\ApplicationHistory
c:\users\Yvi\AppData\Local\ApplicationHistory\EULA.exe.4fced5c1.ini
c:\users\Yvi\AppData\Local\ApplicationHistory\EULALauncher.exe.4df5db01.ini
c:\users\Yvi\AppData\Local\ApplicationHistory\GnabClient.exe.a8f69416.ini.inuse
c:\users\Yvi\AppData\Local\ApplicationHistory\GnabTray.exe.4aaf3909.ini.inuse
c:\users\Yvi\AppData\Local\ApplicationHistory\install.exe.b34347e0.ini
c:\users\Yvi\AppData\Local\ApplicationHistory\InstallUtil.exe.89c0d2f9.ini
c:\users\Yvi\AppData\Local\ApplicationHistory\RegAsm.exe.11f1da13.ini
c:\users\Yvi\AppData\Local\ApplicationHistory\shell-assoc.exe.92c8add.ini
c:\users\Yvi\AppData\Local\ApplicationHistory\uninstall-helper.exe.11771944.ini
c:\users\Yvi\hedgewars-win32.exe
c:\windows\IsUn0407.exe
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-08-15 bis 2011-09-15 ))))))))))))))))))))))))))))))
.
.
2011-09-15 07:24 . 2011-09-15 07:25 -------- d-----w- c:\users\Yvi\AppData\Local\temp
2011-09-15 07:24 . 2011-09-15 07:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-14 09:06 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-14 08:43 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85AFBCD1-C7CF-4845-8EE2-2C36A63B1517}\mpengine.dll
2011-09-09 09:13 . 2011-09-09 09:13 -------- d-----w- c:\users\Yvi\AppData\Roaming\Malwarebytes
2011-09-09 09:13 . 2011-09-09 09:13 -------- d-----w- c:\programdata\Malwarebytes
2011-09-08 11:55 . 2011-04-15 18:56 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0CA8B81-7919-4E6F-94FE-7B7BAA5B24DD}\gapaengine.dll
2011-09-06 07:35 . 2011-09-06 07:35 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2011-09-06 07:35 . 2011-09-06 07:35 -------- d-----w- c:\program files\Cisco Systems
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
2011-08-29 19:55 . 2011-08-29 19:55 -------- d-----w- c:\users\Yvi\atomix
2011-08-27 20:32 . 2011-09-08 11:44 -------- d-----w- c:\program files\Common Files\Steam
2011-08-27 20:32 . 2011-09-08 11:44 -------- d-----w- c:\program files\Steam
2011-08-24 16:47 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-17 15:49 . 2011-09-04 10:43 -------- d-----w- c:\users\Yvi\AppData\Local\Solid State Networks
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 02:44 . 2011-04-17 12:41 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-05 15:47 . 2011-08-05 15:47 1138440 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-27 10:12 . 2011-07-27 10:12 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-26 19:37 . 2011-07-25 20:41 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-26 19:37 . 2011-07-25 20:41 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-07-23 11:04 . 2011-08-10 16:10 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00 . 2011-08-10 16:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59 . 2011-08-10 16:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59 . 2011-08-10 16:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:59 . 2011-08-10 16:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:03 . 2011-08-10 16:10 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27 . 2011-08-10 16:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25 . 2011-08-10 16:10 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-13 03:39 . 2011-07-27 10:26 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-07 19:11 . 2011-07-07 19:11 0 ---ha-w- c:\users\Yvi\AppData\Local\BIT64AD.tmp
2011-07-06 15:31 . 2011-08-09 20:11 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-22 20:42 . 2011-05-19 06:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 08:54 . 2011-08-09 20:11 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54 . 2011-08-09 20:11 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13 . 2011-08-09 20:11 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 16:03 . 2011-08-09 20:11 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-06-17 13:31 . 2011-08-09 20:11 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-12-14 20:27 . 2008-09-24 21:02 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-08-16 19:35 799472 ----a-w- c:\program files\kikin\ie_kikin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"CrossRiderPlugin"="c:\program files\CrossriderWebApps\Crossrider.exe" [2011-05-15 478720]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"atwtusb"="atwtusb.exe" [2007-05-29 360096]
"hplampc"="c:\windows\system32\hplampc.exe" [2002-01-17 40448]
"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2010-05-05 148280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-5-18 1499136]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-9-6 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^w98Eject.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\w98Eject.lnk
backup=c:\windows\pss\w98Eject.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2008-01-30 07:32 91432 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-14 20:27 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxeamon.exe]
2010-05-05 07:18 770728 ----a-w- c:\program files\Lexmark S300-S400 Series\lxeamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarTimer]
2008-07-14 13:18 126976 ----a-w- c:\program files\phonostar\ps_timer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-02-15 14:16 172032 ----a-w- c:\program files\HomeCinema\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-03-26 11:21 5369856 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-11 11:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 16:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-27 20:32 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-25 10:07 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 13:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVBroadcast]
2008-04-11 13:55 937984 ----a-w- c:\program files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 135664]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe [2010-04-14 193192]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-14 30192]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 135664]
R3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\DRIVERS\hp4200c.sys [2001-02-18 9312]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 utblfilt;utblfilt;c:\windows\system32\drivers\utblfilt.sys [2001-05-23 12084]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-27 218688]
S1 MpKslbda35929;MpKslbda35929;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85AFBCD1-C7CF-4845-8EE2-2C36A63B1517}\MpKslbda35929.sys [2011-09-15 28752]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\HomeCinema\PlayMovie\000.fcl [2008-02-15 41456]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-14 598696]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2008-02-28 1801216]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-11-21 569344]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLBDA35929
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-06 21:33]
.
2011-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 21:10]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 21:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.yodl.de/?&affid=1&uid=5ABE1BC3-76C2-4620-8ACC-E089E690C969
mSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Yvi\AppData\Roaming\Mozilla\Firefox\Profiles\luyqcj2o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.ninwiki.com/Special:Random
FF - prefs.js: keyword.URL - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Premiumplay Codec-C: crossriderapp435@crossrider.com - c:\programdata\CodecCheck\firefox
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-espaces - c:\premiumsoft\PhotoFun\photofun.exe
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-7-Zip - c:\users\Yvi\Desktop\Desktop\7-Zip\Uninstall.exe
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0407.exe
AddRemove-Die Sims - c:\windows\IsUn0407.exe
AddRemove-Pflanzen gegen Zombies - c:\users\Yvi\ZombiesVSplants\Plants vs. Zombies\PopUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-09-15 09:25
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD\000.fcl"
.
Zeit der Fertigstellung: 2011-09-15 09:27:08
ComboFix-quarantined-files.txt 2011-09-15 07:27
.
Vor Suchlauf: 15 Verzeichnis(se), 210.703.769.600 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 212.607.864.832 Bytes frei
.
- - End Of File - - 23892E331FEB6A23A23A7253E81A6607
|
|
15.09.2011, 08:31
| #15 |
| /// Malwareteam | smiley auf dunklem bildschirm, windows startete nicht mehr Und erscheint das smiley noch? |
|
| Themen zu smiley auf dunklem bildschirm, windows startete nicht mehr |
| angezeigt, bildschirm, bli, empfehlen, essen, frage, gen, heute, hochfahren, microsoft, microsoft security, microsoft security essentials, neustart, nicht mehr, nichts, problem, problemlos, schwarzer bildschirm, security, smiley, starten, strg, thema, thread, vista, windows, wirklich |
Textbox.
Linear-Darstellung
