| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Keylogger oder Malware an Board?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.10.2011, 20:46
| #1 |
| |  Keylogger oder Malware an Board? Hilfe! Ich glaube, bei mir ist ein Keylogger oder Malware am Werk. Mein Email bei einem Webanbieter wurde geknackt. Hier habe ich entsprechend Euren Vorschlägen die einzelnen Dateien aufgeführt. OTL OTL logfile created on: 21.10.2011 21:01:35 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\NN\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 50,22% Memory free 7,86 Gb Paging File | 5,70 Gb Available in Paging File | 72,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1356,17 Gb Total Space | 1268,25 Gb Free Space | 93,52% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 21,05 Gb Free Space | 52,62% Space Free | Partition Type: NTFS Computer Name: NN-PC | User Name: NN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.21 20:34:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\NN\Downloads\OTL.exe PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.07 18:08:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe PRC - [2011.02.18 17:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010.09.15 10:11:22 | 000,339,312 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe PRC - [2010.09.14 12:12:46 | 001,701,232 | ---- | M] (Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe PRC - [2010.05.21 00:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 00:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010.04.27 11:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.01.20 17:49:04 | 000,308,640 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe PRC - [2009.11.02 15:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007.06.15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe ========== Modules (No Company Name) ========== MOD - [2011.10.14 13:29:26 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll MOD - [2011.10.14 13:29:24 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\4ede0fecbdb3795efa9dca6b77c2031b\System.Messaging.ni.dll MOD - [2011.10.14 13:07:01 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll MOD - [2011.10.14 13:06:24 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.10.14 13:06:19 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.10.14 13:06:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011.10.14 13:06:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.10.14 13:06:03 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.10.14 13:05:59 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.10.07 18:08:53 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.08.26 22:44:34 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2010.12.11 11:54:31 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2010.05.12 10:17:22 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2010.05.04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009.11.02 15:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 15:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.05.27 18:59:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.06.15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.10.11 15:00:01 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.11 15:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.05.13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.05.31 11:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.05.27 19:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.05.27 18:25:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.05.15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2010.05.06 11:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.04.27 10:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.04.27 10:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006.08.25 15:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-225050612-1570215724-562165161-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-225050612-1570215724-562165161-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-225050612-1570215724-562165161-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 87 93 20 0F 47 CC 01 [binary data] IE - HKU\S-1-5-21-225050612-1570215724-562165161-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found IE - HKU\S-1-5-21-225050612-1570215724-562165161-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..extensions.enabledItems: {e8f509f0-b677-11de-8a39-0800200c9a66}:1.12 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.07 18:08:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.08 18:07:08 | 000,000,000 | ---D | M] [2010.12.11 11:56:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NN\AppData\Roaming\mozilla\Extensions [2011.10.18 21:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NN\AppData\Roaming\mozilla\Firefox\Profiles\f4vngxzo.default\extensions [2011.06.08 22:19:28 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\NN\AppData\Roaming\mozilla\Firefox\Profiles\f4vngxzo.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2011.10.18 21:23:09 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\NN\AppData\Roaming\mozilla\Firefox\Profiles\f4vngxzo.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011.07.19 22:00:52 | 000,000,000 | ---D | M] (Web2PDF converter) -- C:\Users\NN\AppData\Roaming\mozilla\Firefox\Profiles\f4vngxzo.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66} [2011.10.02 12:56:44 | 000,000,943 | ---- | M] () -- C:\Users\NN\AppData\Roaming\Mozilla\Firefox\Profiles\f4vngxzo.default\searchplugins\conduit.xml [2011.09.13 21:30:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.07.20 22:31:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERS\NN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F4VNGXZO.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\NN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F4VNGXZO.DEFAULT\EXTENSIONS\KEYLOGGERBEATER@TOPTIP.CA.XPI [2011.10.07 18:08:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.07.20 22:31:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.09.03 02:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.03 02:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.03 02:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.03 02:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.03 02:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-225050612-1570215724-562165161-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\NN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Elke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-225050612-1570215724-562165161-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-225050612-1570215724-562165161-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-225050612-1570215724-562165161-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD5E01F9-BC4D-48B9-9404-173B1B085D0F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.10.21 20:13:19 | 000,000,000 | ---D | C] -- C:\Users\NN\AppData\Roaming\Malwarebytes [2011.10.21 20:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.21 20:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.21 20:13:10 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.10.21 20:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.10.17 22:22:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.10.16 11:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm [2011.10.16 11:10:02 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll [2011.10.16 11:09:53 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll [2011.10.16 11:09:53 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll [2011.10.16 11:09:50 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll [2011.10.16 11:09:47 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll [2011.10.16 11:09:47 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll [2011.10.16 11:09:46 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll [2011.10.16 11:09:46 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll [2011.10.16 11:09:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs [2011.10.16 11:09:45 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll [2011.10.16 11:09:35 | 000,458,840 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys [2011.10.16 11:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs [2011.10.16 11:08:51 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll [2011.10.16 11:08:50 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll [2011.10.16 10:02:15 | 000,000,000 | ---D | C] -- C:\Users\NN\AppData\Roaming\Avira [2011.10.16 10:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.10.16 10:01:48 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.10.16 10:01:48 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.10.16 10:01:48 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.10.16 10:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.10.16 10:01:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.10.16 10:01:03 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2011.10.14 21:11:14 | 000,000,000 | ---D | C] -- C:\Users\NN\Documents\ForceField Shared Files [2011.10.14 21:11:14 | 000,000,000 | ---D | C] -- C:\Users\NN\AppData\Roaming\CheckPoint [2011.10.14 21:10:53 | 000,000,000 | ---D | C] -- C:\Users\NN\AppData\Local\Conduit [2011.10.14 21:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2011.10.14 21:10:41 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\Windows\SysWow64\vsutil_loc0407.dll [2011.10.14 21:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2011.10.14 20:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.10.14 20:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.10.14 20:02:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.10.14 10:35:28 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.10.14 10:35:28 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.10.14 10:35:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.10.14 10:35:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.10.14 10:35:26 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.10.14 10:35:26 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.10.14 10:35:26 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.10.14 10:35:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.10.14 10:35:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.10.14 10:08:26 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2011.10.14 10:08:26 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2011.10.14 10:08:26 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2011.10.14 10:08:25 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2011.10.14 10:08:13 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.10.14 10:08:13 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2011.10.08 18:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.10.08 17:45:16 | 000,000,000 | R--D | C] -- C:\Users\NN\Documents\Scanned Documents [2011.10.08 17:45:15 | 000,000,000 | ---D | C] -- C:\Users\NN\Documents\Fax [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.10.21 20:58:25 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.10.21 20:19:27 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.10.21 20:13:14 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.21 19:51:38 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.21 19:51:38 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.21 19:43:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.21 19:43:42 | 3163,901,952 | -HS- | M] () -- C:\hiberfil.sys [2011.10.20 18:27:58 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.10.20 18:27:58 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.10.20 18:27:58 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.10.20 18:27:58 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.10.20 18:27:58 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.10.18 07:44:11 | 000,301,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.10.16 11:12:46 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011.10.16 11:10:05 | 000,005,977 | ---- | M] () -- C:\Windows\SysWow64\vsconfig.xml [2011.10.16 11:10:05 | 000,001,070 | ---- | M] () -- C:\Users\NN\Desktop\ZoneAlarm Security.lnk [2011.10.16 10:02:02 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.10.14 20:02:56 | 000,001,262 | ---- | M] () -- C:\Users\NN\Desktop\Spybot - Search & Destroy.lnk [2011.10.11 15:00:01 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.10.11 15:00:01 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.21 20:13:14 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.16 11:10:05 | 000,001,070 | ---- | C] () -- C:\Users\NN\Desktop\ZoneAlarm Security.lnk [2011.10.16 11:10:04 | 000,005,977 | ---- | C] () -- C:\Windows\SysWow64\vsconfig.xml [2011.10.16 11:09:45 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011.10.16 10:02:02 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.10.14 20:02:56 | 000,001,262 | ---- | C] () -- C:\Users\NN\Desktop\Spybot - Search & Destroy.lnk [2011.10.08 18:07:08 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.03.02 20:32:14 | 000,142,407 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2010.12.11 19:17:38 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.12.11 10:51:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.12.11 10:47:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2010.04.29 17:37:26 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll ========== Files - Unicode (All) ========== [2011.04.17 21:18:41 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污 [2011.04.17 21:16:52 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污 < End of report > Und hier der Extra.txt OTL Extras logfile created on: 21.10.2011 21:01:35 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\NN\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 50,22% Memory free 7,86 Gb Paging File | 5,70 Gb Available in Paging File | 72,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1356,17 Gb Total Space | 1268,25 Gb Free Space | 93,52% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 21,05 Gb Free Space | 52,62% Space Free | Partition Type: NTFS Computer Name: NN-PC | User Name: NN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-225050612-1570215724-562165161-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}" = Corel Shell Extension - 64Bit "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{4140EA03-7C3F-063D-B437-ADE98B912CF9}" = ATI Catalyst Install Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{584337C8-6ACB-86E1-C148-B45D2984278C}" = ccc-utility64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 "_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT "{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE "{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service "{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84639CB3-04D4-4758-B1D0-82E531D21F59}" = HD Writer AE 2.0 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}" = REALTEK Wireless LAN Driver "{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA "{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian "{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista "{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES "{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3898F55-9EF3-490F-8AF6-DD9EE5512BC0}" = TAXMAN 2011 spezial "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German "{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "Klett Mathetrainer 5_is1" = Klett Mathetrainer 5 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de) "NAVIGON Fresh" = NAVIGON Fresh 3.3.2 "WinLiveSuite" = Windows Live Essentials "ZoneAlarm" = ZoneAlarm ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.10.2011 10:21:50 | Computer Name = NN-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 7.0.1.4288 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2bc Startzeit: 01cc8820a693a859 Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 4befeada-f414-11e0-addb-6c626d886e23 Error - 11.10.2011 10:23:08 | Computer Name = NN-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 7.0.1.4288 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 808 Startzeit: 01cc882136b86341 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 874c62c0-f414-11e0-addb-6c626d886e23 Error - 11.10.2011 10:24:01 | Computer Name = NN-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 7.0.1.4288 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 5c8 Startzeit: 01cc88214e4f8d69 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: a630251f-f414-11e0-addb-6c626d886e23 Error - 12.10.2011 09:55:20 | Computer Name = NN-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 14.10.2011 14:41:39 | Computer Name = NN-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 14.10.2011 14:51:06 | Computer Name = NN-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 19.10.2011 14:32:51 | Computer Name = NN-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 19.10.2011 14:33:47 | Computer Name = NN-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 21.10.2011 09:31:44 | Computer Name = NN-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 21.10.2011 09:32:28 | Computer Name = NN-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. [ System Events ] Error - 25.09.2011 13:39:12 | Computer Name = NN-PC | Source = DCOM | ID = 10010 Description = Error - 04.10.2011 09:39:22 | Computer Name = NN-PC | Source = DCOM | ID = 10000 Description = Error - 13.10.2011 09:34:04 | Computer Name = NN-PC | Source = DCOM | ID = 10000 Description = Error - 14.10.2011 15:10:27 | Computer Name = NN-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "TrueVector Internet Monitor" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 14.10.2011 15:11:05 | Computer Name = NN-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 16.10.2011 03:47:33 | Computer Name = NN-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SBSD Security Center Service erreicht. Error - 16.10.2011 03:47:33 | Computer Name = NN-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SBSD Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 16.10.2011 05:09:51 | Computer Name = NN-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "TrueVector Internet Monitor" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 16.10.2011 05:15:14 | Computer Name = NN-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SBSD Security Center Service erreicht. Error - 16.10.2011 05:15:14 | Computer Name = NN-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SBSD Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > Dann habe ich noch MBR.exe laufen lassen. MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: Service Pack 1 (build 7601), 64-bit Base Board Manufacturer: MEDIONPC BIOS Manufacturer: American Megatrends Inc. System Manufacturer: MEDIONPC System Product Name: MS-7708 Logical Drives Mask: 0x000000fc Kernel Drivers (total 184): 0x02C14000 \SystemRoot\system32\ntoskrnl.exe 0x031FD000 \SystemRoot\system32\hal.dll 0x00BBA000 \SystemRoot\system32\kdcom.dll 0x00C33000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00C82000 \SystemRoot\system32\PSHED.dll 0x00C96000 \SystemRoot\system32\CLFS.SYS 0x00CF4000 \SystemRoot\system32\CI.dll 0x00E11000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00EB5000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00EC4000 \SystemRoot\system32\drivers\ACPI.sys 0x00F1B000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00F24000 \SystemRoot\system32\drivers\msisadrv.sys 0x00F2E000 \SystemRoot\system32\drivers\pci.sys 0x00F61000 \SystemRoot\system32\drivers\vdrvroot.sys 0x00F6E000 \SystemRoot\System32\drivers\partmgr.sys 0x00F83000 \SystemRoot\system32\drivers\volmgr.sys 0x00F98000 \SystemRoot\System32\drivers\volmgrx.sys 0x00DB4000 \SystemRoot\System32\drivers\mountmgr.sys 0x00FF4000 \SystemRoot\system32\drivers\atapi.sys 0x00DCE000 \SystemRoot\system32\drivers\ataport.SYS 0x00E00000 \SystemRoot\system32\drivers\msahci.sys 0x00C00000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x00C10000 \SystemRoot\system32\drivers\amdxata.sys 0x01050000 \SystemRoot\system32\drivers\fltmgr.sys 0x0109C000 \SystemRoot\system32\drivers\fileinfo.sys 0x01234000 \SystemRoot\System32\Drivers\Ntfs.sys 0x010B0000 \SystemRoot\System32\Drivers\msrpc.sys 0x013D7000 \SystemRoot\System32\Drivers\ksecdd.sys 0x0110E000 \SystemRoot\System32\Drivers\cng.sys 0x01200000 \SystemRoot\System32\drivers\pcw.sys 0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01451000 \SystemRoot\system32\drivers\ndis.sys 0x01544000 \SystemRoot\system32\drivers\NETIO.SYS 0x015A4000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01600000 \SystemRoot\System32\drivers\tcpip.sys 0x01804000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0184E000 \SystemRoot\system32\drivers\volsnap.sys 0x0189A000 \SystemRoot\System32\Drivers\spldr.sys 0x018A2000 \SystemRoot\System32\drivers\rdyboost.sys 0x018DC000 \SystemRoot\System32\Drivers\mup.sys 0x018EE000 \SystemRoot\System32\drivers\hwpolicy.sys 0x018F7000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01931000 \SystemRoot\system32\DRIVERS\disk.sys 0x01947000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x019AF000 \SystemRoot\system32\drivers\cdrom.sys 0x019D9000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS 0x019E7000 \SystemRoot\System32\Drivers\Null.SYS 0x019F0000 \SystemRoot\System32\Drivers\Beep.SYS 0x015CF000 \SystemRoot\System32\drivers\vga.sys 0x01400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x01425000 \SystemRoot\System32\drivers\watchdog.sys 0x019F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01435000 \SystemRoot\system32\drivers\rdpencdd.sys 0x0143E000 \SystemRoot\system32\drivers\rdprefmp.sys 0x015DD000 \SystemRoot\System32\Drivers\Msfs.SYS 0x015E8000 \SystemRoot\System32\Drivers\Npfs.SYS 0x01180000 \SystemRoot\system32\DRIVERS\tdx.sys 0x0121B000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x03AA7000 \SystemRoot\system32\drivers\afd.sys 0x03B30000 \SystemRoot\System32\DRIVERS\netbt.sys 0x03A00000 \SystemRoot\system32\DRIVERS\vsdatant.sys 0x03A95000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x03B75000 \SystemRoot\system32\DRIVERS\pacer.sys 0x03B9B000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x03BB1000 \SystemRoot\system32\DRIVERS\netbios.sys 0x03BC0000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x03BDB000 \SystemRoot\system32\drivers\termdd.sys 0x011A2000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x03BEF000 \SystemRoot\system32\drivers\nsiproxy.sys 0x01228000 \SystemRoot\system32\drivers\mssmbios.sys 0x01000000 \SystemRoot\System32\drivers\discache.sys 0x0100F000 \SystemRoot\System32\Drivers\dfsc.sys 0x0102D000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x01447000 \SystemRoot\system32\DRIVERS\avkmgr.sys 0x02C8E000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x02CB4000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x02CDA000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x02CF0000 \SystemRoot\system32\DRIVERS\atikmpag.sys 0x048FC000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x04800000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x02D36000 \SystemRoot\System32\drivers\dxgmms1.sys 0x04FD8000 \SystemRoot\system32\drivers\HDAudBus.sys 0x02D7C000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys 0x04FFC000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x02DAC000 \SystemRoot\system32\drivers\usbehci.sys 0x02C00000 \SystemRoot\system32\drivers\USBPORT.SYS 0x0440A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x0445D000 \SystemRoot\system32\drivers\i8042prt.sys 0x0447B000 \SystemRoot\system32\drivers\kbdclass.sys 0x0448A000 \SystemRoot\system32\drivers\mouclass.sys 0x04499000 \SystemRoot\system32\drivers\CompositeBus.sys 0x044A9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x044BF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x044E3000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x044EF000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x0451E000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x04539000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x0455A000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x04574000 \SystemRoot\system32\drivers\swenum.sys 0x04576000 \SystemRoot\system32\drivers\ks.sys 0x045B9000 \SystemRoot\system32\drivers\umbus.sys 0x045CB000 \SystemRoot\system32\DRIVERS\nusb3hub.sys 0x0503E000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x05098000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x050AD000 \SystemRoot\system32\drivers\AtiHdmi.sys 0x050D0000 \SystemRoot\system32\drivers\portcls.sys 0x0510D000 \SystemRoot\system32\drivers\drmk.sys 0x0512F000 \SystemRoot\system32\drivers\ksthunk.sys 0x058E1000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x05B29000 \SystemRoot\System32\Drivers\crashdmp.sys 0x05B37000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x05B43000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x05B4E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x00030000 \SystemRoot\System32\win32k.sys 0x05B61000 \SystemRoot\System32\drivers\Dxapi.sys 0x05B6D000 \SystemRoot\system32\DRIVERS\monitor.sys 0x005F0000 \SystemRoot\System32\TSDDD.dll 0x00730000 \SystemRoot\System32\cdd.dll 0x05B7B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x05800000 \SystemRoot\system32\DRIVERS\RTL8192su.sys 0x058C3000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x05B96000 \SystemRoot\system32\drivers\luafv.sys 0x05BB9000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x05BD9000 \SystemRoot\system32\drivers\WudfPf.sys 0x05135000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x058D0000 \SystemRoot\system32\DRIVERS\usbscan.sys 0x05152000 \SystemRoot\system32\DRIVERS\usbprint.sys 0x0515E000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x05173000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x051C6000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x051D9000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x04671000 \SystemRoot\system32\drivers\HTTP.sys 0x0473A000 \SystemRoot\system32\DRIVERS\bowser.sys 0x04758000 \SystemRoot\System32\drivers\mpsdrv.sys 0x04770000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0479D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x04600000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x0669F000 \SystemRoot\system32\drivers\peauth.sys 0x06745000 \SystemRoot\System32\Drivers\secdrv.SYS 0x06750000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x06781000 \SystemRoot\System32\drivers\tcpipreg.sys 0x06793000 \SystemRoot\System32\DRIVERS\srv2.sys 0x06600000 \SystemRoot\System32\DRIVERS\srv.sys 0x04624000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x04655000 \??\C:\Windows\system32\drivers\mbam.sys 0x77B80000 \Windows\System32\ntdll.dll 0x480D0000 \Windows\System32\smss.exe 0xFFEA0000 \Windows\System32\apisetschema.dll 0xFFD70000 \Windows\System32\autochk.exe 0x77A30000 \Windows\System32\urlmon.dll 0xFFDB0000 \Windows\System32\oleaut32.dll 0xFFD30000 \Windows\System32\difxapi.dll 0x77D50000 \Windows\System32\normaliz.dll 0xFFD10000 \Windows\System32\imagehlp.dll 0x77930000 \Windows\System32\user32.dll 0xFFC70000 \Windows\System32\clbcatq.dll 0xFEEE0000 \Windows\System32\shell32.dll 0xFEE00000 \Windows\System32\advapi32.dll 0xFED60000 \Windows\System32\comdlg32.dll 0xFED50000 \Windows\System32\lpk.dll 0x77D40000 \Windows\System32\psapi.dll 0xFEB70000 \Windows\System32\setupapi.dll 0x77720000 \Windows\System32\iertutil.dll 0xFEB50000 \Windows\System32\sechost.dll 0xFE940000 \Windows\System32\ole32.dll 0x775C0000 \Windows\System32\wininet.dll 0xFE910000 \Windows\System32\imm32.dll 0xFE800000 \Windows\System32\msctf.dll 0xFE7B0000 \Windows\System32\ws2_32.dll 0xFE710000 \Windows\System32\msvcrt.dll 0xFE5E0000 \Windows\System32\rpcrt4.dll 0x774A0000 \Windows\System32\kernel32.dll 0xFE560000 \Windows\System32\shlwapi.dll 0xFE500000 \Windows\System32\Wldap32.dll 0xFE430000 \Windows\System32\usp10.dll 0xFE3C0000 \Windows\System32\gdi32.dll 0xFE3B0000 \Windows\System32\nsi.dll 0xFE310000 \Windows\System32\comctl32.dll 0xFE2F0000 \Windows\System32\devobj.dll 0xFE2B0000 \Windows\System32\wintrust.dll 0xFE140000 \Windows\System32\crypt32.dll 0xFE100000 \Windows\System32\cfgmgr32.dll 0xFE090000 \Windows\System32\KernelBase.dll 0xFE080000 \Windows\System32\msasn1.dll Processes (total 65): 0 System Idle Process 4 System 284 C:\Windows\System32\smss.exe 440 csrss.exe 504 C:\Windows\System32\wininit.exe 528 csrss.exe 572 C:\Windows\System32\winlogon.exe 616 C:\Windows\System32\services.exe 636 C:\Windows\System32\lsass.exe 644 C:\Windows\System32\lsm.exe 744 C:\Windows\System32\svchost.exe 832 C:\Windows\System32\svchost.exe 896 C:\Windows\System32\atiesrxx.exe 964 C:\Windows\System32\svchost.exe 996 C:\Windows\System32\svchost.exe 116 C:\Windows\System32\svchost.exe 816 C:\Windows\System32\svchost.exe 1084 C:\Windows\System32\svchost.exe 1264 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe 1324 C:\Windows\System32\atieclxx.exe 1644 C:\Windows\System32\spoolsv.exe 1696 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1800 C:\Windows\System32\svchost.exe 1916 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 1944 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 1976 C:\Windows\SysWOW64\bgsvcgen.exe 2040 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 1120 C:\Windows\System32\svchost.exe 1248 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 296 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2024 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 2400 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 2408 C:\Windows\System32\conhost.exe 2612 C:\Windows\System32\svchost.exe 2676 WUDFHost.exe 2148 C:\Windows\System32\taskhost.exe 3008 C:\Windows\System32\dwm.exe 292 C:\Windows\explorer.exe 2564 C:\Windows\System32\svchost.exe 1408 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 3056 C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe 2888 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe 1296 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin 3208 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe 3232 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe 3260 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 3268 C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe 3288 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 3308 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 3316 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe 3624 C:\Windows\System32\SearchIndexer.exe 4036 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 1748 C:\Program Files\Windows Media Player\wmpnetwk.exe 1464 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 1708 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 3244 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 1736 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 1480 C:\Windows\System32\audiodg.exe 3684 C:\Windows\System32\cmd.exe 3816 C:\Windows\System32\conhost.exe 2708 <unknown> 424 <unknown> 956 C:\Users\NN\Desktop\MBRCheck.exe 1672 C:\Windows\System32\conhost.exe 1928 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000153`10e00000 (NTFS) PhysicalDrive0 Model Number: WDCWD15EARS-00MVWB0, Rev: 51.0AB51 Size Device Name MBR Status -------------------------------------------- 1397 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! Und Malwarebytes drüber laufen lassen. Aber mir sagt das leider alles nicht viel. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 7994 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 21.10.2011 21:00:14 mbam-log-2011-10-21 (21-00-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 519639 Laufzeit: 45 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Kann mir jemand weiterhelfen? |
| Themen zu Keylogger oder Malware an Board? |
| 64-bit, antivir, avg, avira, bho, build 7601, c:\windows\system32\rundll32.exe, converter, desktop, email, error, fehler, firefox, flash player, format, google earth, helper, home, install.exe, keylogger, langs, logfile, malware, mozilla, nicht möglich, plug-in, realtek, registry, richtlinie, rundll, safer networking, scan, shell32.dll, shortcut, software, usb, usb 3.0, virus, webcheck, windows |
Baum-Darstellung