|
Log-Analyse und Auswertung: FW defeckt? USB Tojaner? unerwüntschte WeiterleitungenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.12.2011, 20:27 | #1 |
| FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen kurz mal mein System: habe einen Lenovo Win7 Pc Home Premium SP1 64bit Intel core i7 hatte vor ein paar Wochen den Bundestojaner auf dem PC und auch erfolgreich entfernt (hoffe ich). So sieht der aus hxxp://geyerstation.de/wp-content/uploads/2011/11/bundestrojaner2_t1-6d7321f2faec3eee.jpg nun habe ich aber immer noch einige Probleme mit dem PC die da wären: 1) Win Fire-Wall läst sich nicht aktiviren hxxp://forum.computerbild.de/attachments/programme/win7-windows-firewall-laesst-aktivieren-22094d1311457174-firewall-aktiviert-.jpg wen ich sie dann manuell aktivieren möchte kommt diese Meldung: "einige der Einstellungen können von der windows-firewall nicht geändert werden Fehlercode 0x8007042c" 2) Sobald ich einen USB-Stick einstecke entsteht dort ein Ordner (kann ich nur mit winrar sehen) namens: "84612795" der leer ist. außerdem werde die Ordner die vorher waren nur als Verknüpfung angezeigt und lassen sich nicht öffnen (mit winrar sehe ich die normalen Ordner wider). und in Winrar gibt es eine Kopie der Ordner mit der Endung .ink Natürlich habe ich alle Ordner auf sichtbar gemacht. Hier mal ein Bild von mir: hier in Groß hxxp://s1.directupload.net/images/111211/lavjr9nb.jpg 3) ab und zu findet Windows defender einen Trojaner: Trojaner:Win32/Sirefef.P Ressourcen: file: C:\Windows\assembly\GAC_32\Desktop.ini den ich dann auch sofort lösche 4) dann funktioniert meine suche nicht vernünftig kleines Beispiel suche die Datei "HiJackThis204.exe" und nix wird gefunden wobei die Datei unter Downloads ist(meine die suche bei "Start" bzw. Win-Taste) wen ich aber auf das Laufwerk C: gehe und nach " HiJackThis204.exe" suche findet er es. 5) so zu guter letzt habe ich desöfteren Weiterleitungen mit meinem Internet-Explorer (seltener bei Google Chrome) auf den Seiten: kozanekozasearchsystem.com redirect.ad-feeds.com viewster.com rg45clickmaster.com hier mal mein Logfile von HiJackThis Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:00:20, on 11.12.2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe C:\Program Files\Lenovo\HealthCare\HealthCare.exe C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\SysWOW64\rundll32.exe C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Marvin\M-1-52-5782-8752-5245\winsvc.exe C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marvin\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O1 - Hosts: 217.23.4.166 www.google-analytics.com. O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net. O1 - Hosts: 217.23.4.166 www.statcounter.com. O1 - Hosts: 178.250.45.15 www.google-analytics.com. O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net. O1 - Hosts: 178.250.45.15 www.statcounter.com. O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - I:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll O2 - BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [ModeSwitch] "C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe" /AutoRun O4 - HKLM\..\Run: [Healthcare] C:\Program Files\Lenovo\HealthCare\HealthCare.exe /hide O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [AlcoholAutomount] "I:\Programme\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [PowerSuite] "I:\PROGRA~1\Schutz\POWERS~1\launcher.exe" delay 20000 -m O4 - HKCU\..\Run: [Microsoft® Windows Update] C:\Users\Marvin\M-1-52-5782-8752-5245\winsvc.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O20 - AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: LenovoCOMService (LenovoCOMSvc) - Lenovo - C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe O23 - Service: LitModeCtrl - Lenovo - C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: RtLedService Installer (RtLedService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtLED\RtLEDService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - I:\Programme\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TunngleService - Tunngle.net GmbH - I:\Spiele\internet\Tunngle\TnglCtrl.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10127 bytes Code:
ATTFilter O1 - Hosts: 217.23.4.166 www.google-analytics.com. O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net. O1 - Hosts: 217.23.4.166 www.statcounter.com. O1 - Hosts: 178.250.45.15 www.google-analytics.com. O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net. O1 - Hosts: 178.250.45.15 www.statcounter.com. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll O4 - HKCU\..\Run: [Microsoft® Windows Update] C:\Users\Marvin\M-1-52-5782-8752-5245\winsvc.exe O20 - AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:50:51, on 11.12.2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\SysWOW64\rundll32.exe C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marvin\Downloads\HiJackThis204.exe C:\windows\SysWOW64\NOTEPAD.EXE C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O1 - Hosts: 217.23.4.166 www.google-analytics.com. O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net. O1 - Hosts: 217.23.4.166 www.statcounter.com. O1 - Hosts: 178.250.45.15 www.google-analytics.com. O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net. O1 - Hosts: 178.250.45.15 www.statcounter.com. O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - I:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll O2 - BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [ModeSwitch] "C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe" /AutoRun O4 - HKLM\..\Run: [Healthcare] C:\Program Files\Lenovo\HealthCare\HealthCare.exe /hide O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [AlcoholAutomount] "I:\Programme\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [PowerSuite] "I:\PROGRA~1\Schutz\POWERS~1\launcher.exe" delay 20000 -m O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O20 - AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: LenovoCOMService (LenovoCOMSvc) - Lenovo - C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe O23 - Service: LitModeCtrl - Lenovo - C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: RtLedService Installer (RtLedService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtLED\RtLEDService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - I:\Programme\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TunngleService - Tunngle.net GmbH - I:\Spiele\internet\Tunngle\TnglCtrl.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10311 bytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8352 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 11.12.2011 20:02:54 mbam-log-2011-12-11 (20-02-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|N:\|Q:\|) Durchsuchte Objekte: 597272 Laufzeit: 1 Stunde(n), 19 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\Marvin\m-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> No action taken. Infizierte Dateien: c:\Users\Marvin\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> No action taken. Danke. konnte leider keine Links einfügen deswegen immer die URL |
11.12.2011, 20:58 | #2 |
| FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen OTL.txt
__________________Code:
ATTFilter OTL logfile created on: 11.12.2011 20:47:35 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marvin\Desktop\otl 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,94 Gb Total Physical Memory | 4,27 Gb Available Physical Memory | 71,86% Memory free 11,93 Gb Paging File | 10,25 Gb Available in Paging File | 85,87% Paging File free Paging file location(s): C:\pagefile.sys 6142 6142 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 919,47 Gb Total Space | 550,20 Gb Free Space | 59,84% Space Free | Partition Type: NTFS Drive I: | 918,37 Gb Total Space | 812,23 Gb Free Space | 88,44% Space Free | Partition Type: NTFS Computer Name: MARVIN-PC | User Name: Marvin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.11 20:43:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Marvin\Desktop\otl\OTL.exe PRC - [2011.10.14 14:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) -- I:\Spiele\internet\Tunngle\TnglCtrl.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.09 19:54:18 | 001,599,888 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2011.07.18 16:08:22 | 000,053,088 | ---- | M] (Uniblue Systems Limited) -- I:\Programme\Schutz\PowerSuite\powersuite.exe PRC - [2011.07.18 15:17:16 | 000,056,168 | ---- | M] (Uniblue Systems Limited) -- I:\Programme\Schutz\SpeedUpMyPC\sump.exe PRC - [2010.11.20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.09.30 13:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 13:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.30 10:19:30 | 000,049,152 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Power Dial\LenovoCOMSvc.exe PRC - [2009.09.28 10:09:06 | 000,827,392 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\HealthCare\HealthCare.exe PRC - [2009.09.27 10:37:22 | 000,163,840 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Power Dial\LitModeSwitch.exe PRC - [2009.09.27 10:37:20 | 000,081,920 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Power Dial\LitModeCtrl.exe PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- I:\Programme\Alcohol 120\StarWind\StarWindServiceAE.exe ========== Modules (No Company Name) ========== MOD - [2011.10.14 02:30:39 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll MOD - [2011.10.14 02:26:41 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll MOD - [2011.10.14 02:26:20 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.10.14 02:26:15 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.10.14 02:26:04 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011.10.14 02:26:01 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011.10.14 02:25:58 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.10.14 02:25:58 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.10.14 02:25:51 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.07.18 16:08:22 | 000,131,584 | ---- | M] () -- I:\Programme\Schutz\PowerSuite\locale\de\de.dll MOD - [2011.07.18 16:08:22 | 000,047,616 | ---- | M] () -- I:\Programme\Schutz\PowerSuite\cache.dll MOD - [2011.07.18 16:08:22 | 000,013,312 | ---- | M] () -- I:\Programme\Schutz\PowerSuite\cwebpage.dll MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.09.14 07:00:11 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.09.09 08:24:38 | 000,057,344 | ---- | M] () -- C:\Programme\Lenovo\HealthCare\de-de\de-de.dll MOD - [2008.12.30 10:09:34 | 002,088,960 | ---- | M] () -- C:\Programme\Lenovo\Power Dial\LitModeSwitchRes.dll MOD - [2008.09.27 07:39:26 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\HealthCare\HOOK.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.09.08 18:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.02.05 13:43:20 | 000,311,296 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtLED\RtLEDService.exe -- (RtLedService) SRV:64bit: - [2009.09.30 10:19:30 | 000,049,152 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe -- (LenovoCOMSvc) SRV:64bit: - [2009.09.27 10:37:20 | 000,081,920 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe -- (LitModeCtrl) SRV - [2011.10.14 14:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- I:\Spiele\internet\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2011.09.29 20:23:10 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\windows\SysWow64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.10.12 11:47:24 | 000,096,752 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe -- (CEEBC40A-FDED-4C59-B354-939132350B01) SRV - [2009.09.30 13:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.09.30 13:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- I:\Programme\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.10.09 20:44:12 | 000,335,288 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2011.09.08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.09.08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.09.08 17:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.08.21 12:27:21 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.08.21 12:22:09 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.08.09 23:32:57 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011.07.26 18:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2011.07.10 15:43:22 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.03.03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.23 10:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R) DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV:64bit: - [2009.08.10 07:38:32 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.21 13:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64) DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.08.06 11:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2008.04.08 04:43:04 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.03.02 10:00:32 | 000,016,200 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\ddcdrv.sys -- (WinI2C-DDC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 D0 0C B8 38 B4 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marvin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marvin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: I:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.05.10 15:30:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.16 17:08:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.18 15:38:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.18 15:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marvin\AppData\Roaming\Mozilla\Extensions [2011.10.18 15:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) -- C:\USERS\MARVIN\APPDATA\ROAMING\GENIEO\APPLICATION\EXT\SENSOR_FF [2011.09.29 08:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marvin\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = I:\PFiles\Plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Marvin\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marvin\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Marvin\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ O1 HOSTS File: ([2011.11.27 17:22:10 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 217.23.4.166 www.google-analytics.com. O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net. O1 - Hosts: 217.23.4.166 www.statcounter.com. O1 - Hosts: 178.250.45.15 www.google-analytics.com. O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net. O1 - Hosts: 178.250.45.15 www.statcounter.com. O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - Reg Error: Value error. File not found O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - I:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc) O4 - HKLM..\Run: [Healthcare] C:\Program Files\Lenovo\HealthCare\HealthCare.exe (Lenovo) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] I:\Programme\Schutz\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ModeSwitch] C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe (Lenovo) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [PowerSuite] I:\Programme\Schutz\PowerSuite\Launcher.exe (Uniblue Systems Limited) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93496D7E-FC92-4851-937A-CB8EDF4EF0B0}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll) -C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll) -C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3215cd84-ab03-11e0-ab81-4437e60acb1a}\Shell - "" = AutoRun O33 - MountPoints2\{3215cd84-ab03-11e0-ab81-4437e60acb1a}\Shell\AutoRun\command - "" = M:\setup.exe O33 - MountPoints2\{3215cd89-ab03-11e0-ab81-4437e60acb1a}\Shell - "" = AutoRun O33 - MountPoints2\{3215cd89-ab03-11e0-ab81-4437e60acb1a}\Shell\AutoRun\command - "" = K:\start.exe O33 - MountPoints2\{8de20088-7a9c-11e0-8002-4437e60acb1a}\Shell - "" = AutoRun O33 - MountPoints2\{8de20088-7a9c-11e0-8002-4437e60acb1a}\Shell\AutoRun\command - "" = L:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= - I:\Programme\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: GenieoSystemTray - hkey= - key= - File not found MsConfig:64bit - StartUpReg: GenieoUpdaterService - hkey= - key= - File not found MsConfig:64bit - StartUpReg: jmekey - hkey= - key= - C:\Program Files (x86)\jmesoft\hotkey.exe (JME) MsConfig:64bit - StartUpReg: PowerSuite - hkey= - key= - I:\Programme\Schutz\PowerSuite\Launcher.exe (Uniblue Systems Limited) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - I:\Programme\Player\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5} - hkey= - key= - File not found MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig:64bit - StartUpReg: vProt - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.11 20:45:37 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\otl [2011.12.11 18:56:18 | 000,000,000 | RHSD | C] -- C:\Users\Marvin\M-1-52-5782-8752-5245 [2011.12.08 21:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.05 16:59:34 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\hesselmann [2011.12.02 18:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite [2011.11.27 17:21:41 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\BCE60 [2011.11.27 17:21:09 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\927BC [2011.11.27 17:20:47 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\zhhTTXwjUCelIrP [2011.11.27 17:20:47 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\tGG55sQQJ6EK8RZ [2011.11.27 17:20:44 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\rzzOONtxA0uc [2011.11.27 17:20:44 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\p333pnnG5 [2011.11.27 17:20:43 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\jRLL99hTXqjUekB [2011.11.25 23:44:28 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Documents\Tunngle [2011.11.25 23:44:28 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Tunngle [2011.11.25 23:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle [2011.11.25 23:44:24 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\windows\SysNative\drivers\tap0901t.sys [2011.11.25 23:44:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle [2011.11.25 23:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle [2011.11.25 16:20:13 | 000,000,000 | ---D | C] -- C:\windows\Minidump [2011.11.23 22:17:32 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\2 [2011.11.22 17:33:15 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Documents\Battlefield 3 [2011.11.22 17:27:51 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\rld-bf3 [2011.11.22 17:19:53 | 032,908,800 | ---- | C] (EA Digital Illusions CE AB) -- C:\Users\Marvin\Desktop\bf3.exe [2011.11.22 17:11:38 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\bf3mp-rzr-bta [2011.11.22 17:03:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed [2011.11.19 16:24:25 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\Update [2011.11.19 01:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Archive Password Recovery [2011.11.19 01:39:13 | 000,000,000 | -HSD | C] -- C:\Users\Marvin\AppData\Local\8cfd349e [2011.11.19 01:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElcomSoft [2011.11.19 01:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery [2011.11.19 01:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intelore [2010.09.24 15:50:59 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe ========== Files - Modified Within 30 Days ========== [2011.12.11 20:48:38 | 000,017,136 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.11 20:48:38 | 000,017,136 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.11 20:47:13 | 001,500,018 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2011.12.11 20:47:13 | 000,654,372 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2011.12.11 20:47:13 | 000,616,254 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2011.12.11 20:47:13 | 000,129,986 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2011.12.11 20:47:13 | 000,106,376 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2011.12.11 20:41:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011.12.11 20:41:10 | 485,347,327 | -HS- | M] () -- C:\hiberfil.sys [2011.12.11 20:38:55 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\Access.dat [2011.12.11 20:38:19 | 000,000,156 | ---- | M] () -- C:\Users\Marvin\defogger_reenable [2011.12.11 20:18:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3427846483-774009953-675166152-1001UA.job [2011.12.11 20:18:00 | 000,001,072 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3427846483-774009953-675166152-1001Core.job [2011.12.10 01:39:00 | 1035,508,469 | ---- | M] () -- C:\windows\MEMORY.DMP [2011.12.08 21:16:35 | 000,000,843 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.06 19:38:44 | 002,195,906 | ---- | M] () -- C:\Users\Marvin\Desktop\v8uggl5b.jpg [2011.12.06 19:38:44 | 002,195,906 | ---- | M] () -- C:\Users\Marvin\Desktop\v8uggl5b - Kopie.jpg [2011.12.04 18:37:24 | 000,000,693 | ---- | M] () -- C:\Users\Marvin\Desktop\1 - Kopie.bat [2011.12.04 17:56:12 | 000,001,007 | ---- | M] () -- C:\Users\Marvin\Desktop\1.bat [2011.12.04 06:34:27 | 000,007,600 | ---- | M] () -- C:\Users\Marvin\AppData\Local\Resmon.ResmonCfg [2011.12.03 17:03:33 | 000,000,717 | ---- | M] () -- C:\Users\Public\Desktop\PowerSuite.lnk [2011.12.02 19:30:37 | 000,001,955 | ---- | M] () -- C:\Users\Marvin\Desktop\WinSetupFromUSB.lnk [2011.11.27 17:22:10 | 000,001,392 | RHS- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2011.11.26 01:16:39 | 004,941,680 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2011.11.25 23:44:25 | 000,000,698 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk [2011.11.25 16:20:20 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\cd.dat [2011.11.22 16:57:28 | 000,000,631 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2011.11.19 16:23:59 | 000,011,634 | ---- | M] () -- C:\Users\Marvin\Desktop\Update.rar [2011.11.19 01:54:00 | 000,001,008 | ---- | M] () -- C:\windows\ARCHPR.INI [2011.11.19 00:13:56 | 000,019,903 | ---- | M] () -- C:\Users\Marvin\Desktop\sss.html ========== Files Created - No Company Name ========== [2011.12.11 20:38:19 | 000,000,156 | ---- | C] () -- C:\Users\Marvin\defogger_reenable [2011.12.08 21:16:35 | 000,000,843 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.06 19:45:16 | 002,195,906 | ---- | C] () -- C:\Users\Marvin\Desktop\v8uggl5b - Kopie.jpg [2011.12.06 19:35:52 | 002,195,906 | ---- | C] () -- C:\Users\Marvin\Desktop\v8uggl5b.jpg [2011.12.04 17:56:19 | 000,000,693 | ---- | C] () -- C:\Users\Marvin\Desktop\1 - Kopie.bat [2011.12.04 17:00:03 | 000,001,007 | ---- | C] () -- C:\Users\Marvin\Desktop\1.bat [2011.12.03 17:03:33 | 000,000,717 | ---- | C] () -- C:\Users\Public\Desktop\PowerSuite.lnk [2011.12.02 17:57:04 | 000,001,955 | ---- | C] () -- C:\Users\Marvin\Desktop\WinSetupFromUSB.lnk [2011.11.28 00:28:28 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\Access.dat [2011.11.25 23:44:25 | 000,000,698 | ---- | C] () -- C:\Users\Public\Desktop\Tunngle beta.lnk [2011.11.25 16:20:20 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\cd.dat [2011.11.25 16:20:09 | 1035,508,469 | ---- | C] () -- C:\windows\MEMORY.DMP [2011.11.19 16:23:57 | 000,011,634 | ---- | C] () -- C:\Users\Marvin\Desktop\Update.rar [2011.11.19 01:51:56 | 000,001,008 | ---- | C] () -- C:\windows\ARCHPR.INI [2011.11.19 00:12:40 | 000,019,903 | ---- | C] () -- C:\Users\Marvin\Desktop\sss.html [2011.10.24 20:40:15 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI [2011.09.29 20:23:15 | 000,280,904 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2011.09.29 20:23:10 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe [2011.08.26 21:28:23 | 000,484,352 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll [2011.08.26 21:13:44 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\AVSredirect.dll [2011.08.26 21:11:35 | 000,107,520 | RHS- | C] () -- C:\windows\SysWow64\TAKDSDecoder.dll [2011.05.30 04:51:15 | 001,526,060 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.05.25 15:25:07 | 000,007,600 | ---- | C] () -- C:\Users\Marvin\AppData\Local\Resmon.ResmonCfg [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2010.09.25 01:23:36 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe [2010.09.25 01:23:35 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe [2009.07.26 22:07:52 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2003.01.07 14:05:08 | 000,002,695 | ---- | C] () -- C:\windows\SysWow64\OUTLPERF.INI ========== LOP Check ========== [2011.06.08 16:11:42 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\.minecraft [2011.11.27 22:32:40 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\927BC [2011.11.27 22:32:40 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\BCE60 [2011.06.24 11:36:06 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Blender Foundation [2011.07.30 15:34:04 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\FileZilla [2011.08.26 21:28:28 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\FreeAudioPack [2011.08.27 08:04:40 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Genieo [2011.07.30 21:45:23 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Jens Lorek [2011.11.27 17:20:43 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\jRLL99hTXqjUekB [2011.06.26 16:35:58 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\MAXON [2011.05.26 15:25:52 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Notepad++ [2011.08.26 21:11:33 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\OpenCandy [2011.11.22 16:58:07 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Origin [2011.11.27 22:32:40 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\p333pnnG5 [2011.05.10 15:43:37 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\PACE Anti-Piracy [2011.11.27 17:20:44 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\rzzOONtxA0uc [2011.11.24 05:57:00 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\SoftGrid Client [2011.05.10 15:44:21 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.10.09 20:49:32 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Sytexis Software [2011.11.27 17:20:47 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\tGG55sQQJ6EK8RZ [2011.05.30 04:51:53 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\TP [2011.10.08 00:11:43 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\TS3Client [2011.09.13 15:21:38 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\ts3overlay [2011.11.26 00:14:16 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Tunngle [2011.07.17 14:49:35 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Uniblue [2011.12.09 18:55:50 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\uTorrent [2011.11.27 17:20:48 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\zhhTTXwjUCelIrP [2011.11.25 16:20:19 | 000,032,620 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.05.09 20:02:35 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.10.08 11:58:56 | 000,000,000 | ---D | M] -- C:\ATI [2009.07.26 03:01:44 | 000,000,000 | -HSD | M] -- C:\Boot [2011.05.09 20:02:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.09.14 15:35:24 | 000,000,000 | ---D | M] -- C:\Drivers [2010.09.24 15:29:19 | 000,000,000 | ---D | M] -- C:\Intel [2011.07.25 18:27:28 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.10.08 12:04:31 | 000,000,000 | R--D | M] -- C:\Program Files [2011.12.08 20:57:12 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.12.07 05:48:20 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.05.09 20:02:27 | 000,000,000 | -HSD | M] -- C:\Programme [2011.05.09 20:02:27 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.12.11 20:51:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.09.24 15:56:09 | 000,000,000 | ---D | M] -- C:\Templenovo [2011.06.24 11:59:16 | 000,000,000 | ---D | M] -- C:\tmp [2011.05.09 20:02:32 | 000,000,000 | ---D | M] -- C:\Users [2011.12.10 01:39:00 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\windows\SysNative\drivers\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2006.02.28 13:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\Users\Marvin\Downloads\111usb xp\win xp von iso\I386\REGEDIT.EXE [2006.02.28 12:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\Users\Marvin\Downloads\111usb xp\winL\I386\REGEDIT.EXE [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe [2002.08.29 02:43:40 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=FD95FFECC4B1FE72597D7FA6AF8C2870 -- C:\Users\Marvin\Downloads\111usb xp\win xp 2\I386\REGEDIT.EXE [2002.08.29 02:43:40 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=FD95FFECC4B1FE72597D7FA6AF8C2870 -- C:\Users\Marvin\Downloads\111usb xp\win xp cd\WXPSP1_DE\I386\REGEDIT.EXE < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 1126 bytes -> C:\Users\Marvin\AppData\Local\Temp:FEFcpEaOBT7B4EM5nlZM7LDt < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.12.2011 20:47:35 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marvin\Desktop\otl 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,94 Gb Total Physical Memory | 4,27 Gb Available Physical Memory | 71,86% Memory free 11,93 Gb Paging File | 10,25 Gb Available in Paging File | 85,87% Paging File free Paging file location(s): C:\pagefile.sys 6142 6142 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 919,47 Gb Total Space | 550,20 Gb Free Space | 59,84% Space Free | Partition Type: NTFS Drive I: | 918,37 Gb Total Space | 812,23 Gb Free Space | 88,44% Space Free | Partition Type: NTFS Computer Name: MARVIN-PC | User Name: Marvin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "I:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- I:\Programme\Adobe CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "I:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "I:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- I:\Programme\Adobe CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "I:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit) "{2FF4F477-2D6E-12F0-A32E-749C05345D3D}" = ccc-utility64 "{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System "{5ACF5427-B4E4-4F85-A512-151E0BECF7E3}" = RtLED "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Blender" = Blender "MAXON12D7161C" = NET Render Client / CINEMA 4D 11.530 "MAXONDF60C9BB" = CINEMA 4D Demo 12.021 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "PROSet" = Intel(R) Network Connections Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{05912563-6E7E-450E-9510-B327DD05A831}" = Catalyst Control Center - Branding "{06C7E071-2332-1F6F-B1F2-0859231776A4}" = CCC Help Chinese Standard "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0E7CCE-E1F3-483E-98A5-FCB131AA8735}" = Genesys USB Mass Storage Device "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool "{0EE78E05-93E6-228D-3CDC-B789A88967D2}" = CCC Help Thai "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{11A53AF0-BACC-EC34-856E-B577705F918C}" = CCC Help Russian "{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection "{1DFF4592-4BE6-DA0A-F51F-209E029393D5}" = Catalyst Control Center Graphics Previews Common "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22A3701B-230D-BB08-0C2B-7079E7B393CF}" = ccc-core-static "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22E9D18A-BA47-2982-B186-5B9D8B1D5A6E}" = Catalyst Control Center InstallProxy "{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox! "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{30AE7F6A-7520-8143-F8F3-CDAA1EFEEE1A}" = CCC Help Greek "{3167A895-579D-AD84-E159-FC78F0267E4E}" = CCC Help Finnish "{31B2FCA8-E303-F2D1-FF9C-60D9DAAF2279}" = Catalyst Control Center Graphics Light "{31F02EA5-6E18-2669-DF26-5C7CE693117A}" = CCC Help Dutch "{32F9BACF-FCD3-4B6A-AD85-255A449B6FA5}" = Roxio BackOnTrack "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{42B21298-C850-4272-AFD9-636CBC005421}" = LXH-JME2207FN Hotkey Driver "{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Treiber- und Anwendungsinstallation "{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta "{47E1443B-24B2-8FC8-6ED7-A8B635488620}" = CCC Help Norwegian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4ACE30D2-2769-ECF2-E5B1-55B170A6646D}" = Catalyst Control Center Graphics Full Existing "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{58872B3A-DC34-73CD-9CAF-C0911802BDA4}" = CCC Help Japanese "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{607C50A1-3577-38A1-B750-7D43A8B7F818}" = CCC Help French "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{66D4F501-A0D4-1D47-8DD6-B14E14201EE6}" = CCC Help English "{6803ED4F-1FD9-A831-A881-1D5CDB692558}" = CCC Help Spanish "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{6ADDDBA5-60F3-8753-8759-F3FFE59FB0B3}" = CCC Help Chinese Traditional "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite "{85BB7BA8-84EC-8604-F20C-69F6323C4662}" = CCC Help Swedish "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D40721A-6C0E-6214-C0CB-A1A6513E2E8D}" = Catalyst Control Center Graphics Previews Vista "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003 "{901E0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 German User Interface Pack "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9610EC3A-C7A0-4C31-9F3B-F9020C582B47}" = Lenovo Healthcare Software "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{9DED577E-73FB-4F6F-B4C7-85D4FAAEF4D1}" = CCC Help Turkish "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{AE3D06C4-389E-91D1-D720-D607263B8268}" = CCC Help Portuguese "{B673638D-5EE9-4E6A-0A4C-0F230C9236E1}" = CCC Help Korean "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 "{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CE96ADE2-B0DD-89E0-EE25-ADD44CE5AFD5}" = Catalyst Control Center Localization All "{D064BA6A-E756-8029-EFCF-64EFE8E04CB5}" = CCC Help Czech "{D094BB2A-384F-6488-0468-6F0EABAFAAD3}" = CCC Help Polish "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT "{D40D3778-2EFD-BE3E-9BE5-CA0A432F6D76}" = Catalyst Control Center Graphics Full New "{D503841B-2A7C-A2B9-9008-992EC80D6AE3}" = CCC Help Italian "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster "{EF2DF595-9250-E6D0-8CFA-1E6D6A2F2080}" = CCC Help Danish "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0C9E8E9-C54B-48C1-9192-F5D49633AB5D}" = Harry Potter und die Heiligtümer des Todes(TM) - Teil 2 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F29CBF73-C211-4616-898A-379A2679F990}" = ThemeWallpaper "{F733873A-D4B9-A563-E051-62A6A9D2EB55}" = CCC Help German "{F76BC600-E90E-5ABD-A75F-07EC808B4C5F}" = Catalyst Control Center Core Implementation "{F84691A3-49CB-FD8B-A76D-90FD18997AE8}" = CCC Help Hungarian "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F90F759A-78EF-4370-B25E-EC5F710D1097}" = Power Dial "Adobe AIR" = Adobe AIR "AutoItv3" = AutoIt v3.3.6.1 "Battlelog Web Plugins" = Battlelog Web Plugins "Call of Duty: Black Ops_is1" = Call of Duty: Black Ops "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DivX Setup" = DivX-Setup "ESN Sonar-0.70.0" = ESN Sonar "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.0 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "MinecraftAlpha" = MinecraftAlpha "Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de) "nLite_is1" = nLite 1.4.9.1 "Notepad++" = Notepad++ "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Origin" = Origin "PE Builder_is1" = PE Builder 3.1.10a "Protect Disc License Helper" = Protect Disc License Helper 1.0.118 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PunkBusterSvc" = PunkBuster Services "RealFlow 2012" = RealFlow 2012 "RealFlow 5" = RealFlow 5 "S3 Gold" = The Settlers III Gold Edition "Searchqu 0 MediaBar" = Windows Searchqu Toolbar "Siedler3Deinstall" = Siedler3 "Tunngle beta_is1" = Tunngle beta "uTorrent" = µTorrent "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.1.11 "Web Stream Recorder 2010" = Web Stream Recorder 2010 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FileZilla Client" = FileZilla Client 3.5.0 "Google Chrome" = Google Chrome "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinSetupFromUSB" = WinSetupFromUSB ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 08.12.2011 13:45:18 | Computer Name = Marvin-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0000000000000000 ID des fehlerhaften Prozesses: 0x163c Startzeit der fehlerhaften Anwendung: 0x01ccb5d12521a3a3 Pfad der fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 63fc13e9-21c4-11e1-9b12-4437e60acb1a Error - 08.12.2011 14:00:20 | Computer Name = Marvin-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0000000000000000 ID des fehlerhaften Prozesses: 0x1648 Startzeit der fehlerhaften Anwendung: 0x01ccb5d33ed64873 Pfad der fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 7da6cd4c-21c6-11e1-9b12-4437e60acb1a Error - 08.12.2011 14:15:22 | Computer Name = Marvin-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0000000000000000 ID des fehlerhaften Prozesses: 0xa1c Startzeit der fehlerhaften Anwendung: 0x01ccb5d55883218f Pfad der fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 97321462-21c8-11e1-9b12-4437e60acb1a Error - 08.12.2011 14:30:24 | Computer Name = Marvin-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c8f9 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0000000000018e3d ID des fehlerhaften Prozesses: 0x15f4 Startzeit der fehlerhaften Anwendung: 0x01ccb5d772021075 Pfad der fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: b0e1b0ef-21ca-11e1-9b12-4437e60acb1a Error - 08.12.2011 14:45:26 | Computer Name = Marvin-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0000000000000000 ID des fehlerhaften Prozesses: 0x155c Startzeit der fehlerhaften Anwendung: 0x01ccb5d98bb669b0 Pfad der fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: ca607a1e-21cc-11e1-9b12-4437e60acb1a Error - 08.12.2011 14:56:34 | Computer Name = Marvin-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 08.12.2011 14:57:30 | Computer Name = Marvin-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax. Error - 08.12.2011 15:00:26 | Computer Name = Marvin-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0000000000000000 ID des fehlerhaften Prozesses: 0x13e4 Startzeit der fehlerhaften Anwendung: 0x01ccb5dba55b7dd5 Pfad der fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: e3580df6-21ce-11e1-9b12-4437e60acb1a Error - 08.12.2011 15:15:28 | Computer Name = Marvin-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0000000000000000 ID des fehlerhaften Prozesses: 0x904 Startzeit der fehlerhaften Anwendung: 0x01ccb5ddbe2b6442 Pfad der fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: fd06e5db-21d0-11e1-9b12-4437e60acb1a Error - 08.12.2011 15:30:30 | Computer Name = Marvin-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c8f9 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0000000000018e3d ID des fehlerhaften Prozesses: 0x1858 Startzeit der fehlerhaften Anwendung: 0x01ccb5dfd7d3fca3 Pfad der fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 169c4435-21d3-11e1-9b12-4437e60acb1a [ Media Center Events ] Error - 16.08.2011 22:10:38 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 04:10:38 - Fehler beim Herstellen der Internetverbindung. 04:10:38 - Serververbindung konnte nicht hergestellt werden.. Error - 16.08.2011 22:10:43 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 04:10:43 - Fehler beim Herstellen der Internetverbindung. 04:10:43 - Serververbindung konnte nicht hergestellt werden.. Error - 16.08.2011 23:10:48 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 05:10:48 - Fehler beim Herstellen der Internetverbindung. 05:10:48 - Serververbindung konnte nicht hergestellt werden.. Error - 16.08.2011 23:10:53 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 05:10:53 - Fehler beim Herstellen der Internetverbindung. 05:10:53 - Serververbindung konnte nicht hergestellt werden.. Error - 17.08.2011 00:10:58 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 06:10:58 - Fehler beim Herstellen der Internetverbindung. 06:10:58 - Serververbindung konnte nicht hergestellt werden.. Error - 17.08.2011 00:11:03 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 06:11:03 - Fehler beim Herstellen der Internetverbindung. 06:11:03 - Serververbindung konnte nicht hergestellt werden.. Error - 18.08.2011 11:45:31 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 17:45:31 - Fehler beim Herstellen der Internetverbindung. 17:45:31 - Serververbindung konnte nicht hergestellt werden.. Error - 18.08.2011 11:45:40 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 17:45:36 - Fehler beim Herstellen der Internetverbindung. 17:45:36 - Serververbindung konnte nicht hergestellt werden.. Error - 18.11.2011 11:22:46 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 16:22:46 - Fehler beim Herstellen der Internetverbindung. 16:22:46 - Serververbindung konnte nicht hergestellt werden.. Error - 18.11.2011 11:22:57 | Computer Name = Marvin-PC | Source = MCUpdate | ID = 0 Description = 16:22:52 - Fehler beim Herstellen der Internetverbindung. 16:22:52 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 07.12.2011 11:17:12 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. Error - 07.12.2011 17:47:18 | Computer Name = Marvin-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\windows\system32\athExt.dll Fehlercode: 126 Error - 07.12.2011 17:47:18 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows-Firewallautorisierungstreiber" wurde aufgrund folgenden Fehlers nicht gestartet: %%183 Error - 07.12.2011 17:47:18 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Windows-Firewall" ist vom Dienst "Windows-Firewallautorisierungstreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%183 Error - 07.12.2011 17:47:20 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "PnkBstrA" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 07.12.2011 17:47:35 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. Error - 08.12.2011 00:30:22 | Computer Name = Marvin-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\windows\system32\athExt.dll Fehlercode: 126 Error - 08.12.2011 00:30:23 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows-Firewallautorisierungstreiber" wurde aufgrund folgenden Fehlers nicht gestartet: %%183 Error - 08.12.2011 00:30:23 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Windows-Firewall" ist vom Dienst "Windows-Firewallautorisierungstreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%183 Error - 08.12.2011 00:30:23 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "PnkBstrA" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 < End of report > |
12.12.2011, 15:45 | #3 |
/// Malware-holic | FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen 1. warum fixt du einfach irgendwelche einträge, willst du das die programme dann evtl. nicht mehr richtig laufen?
__________________2. nutzt du das system für onlinebanking einkäufe sonstige zahlungsabwicklungen oder sonst was wichtiges?
__________________ |
12.12.2011, 16:46 | #4 |
| FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen zu 1. ich habe diese gefixd da ich diese nicht installiert habe und sie dem Pc schaden ich finde dann sollte man soetwas fixen und nicht rauszögern, nach erneutem Scan mit HijackThis sind die eh wider da also hat das fixen nix gebracht, und deswegen hoffte ich hier nach einer Lösung. zu 2. Nein, keinerlei Geschäftsabwicklung mit dem Pc. |
12.12.2011, 16:56 | #5 |
/// Malware-holic | FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen 1. blödsinn, nur 1 eintrag davon war gefährlich. 2. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.12.2011, 18:59 | #6 |
| FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen die Seite hxxp://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird kann ich nicht erreichen werde mir woanders eine anleitung suchen |
12.12.2011, 19:43 | #7 |
| FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen habe nun combo gestartet und nach dem automatischen neustart komme ich nicht mehr in i-net weil ich weder Google Chrome I-net explorer oder FF start kann meldung "es wurde versucht einen registrierungsschlüssel einem unzulässigen vorgang zu unterziehen der zum löschen markiert wurde" diese meldung kommt aber bei mehreren programmen vom calc.exe(rechner) bis zum editor. die combofix ist im anhang |
12.12.2011, 19:54 | #8 |
/// Malware-holic | FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen starte mal neu dann ist die meldung weg
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.12.2011, 19:55 | #9 |
/// Malware-holic | FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.12.2011, 19:59 | #10 |
| FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen jap kann auch malware starten und läuft bereits nach einen erneutem neustart, sobald er fertig ist poste ich das Log. |
12.12.2011, 21:07 | #11 |
| FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen so Maleware ist fertig hier der log Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8357 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 12.12.2011 21:06:28 mbam-log-2011-12-12 (21-06-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|I:\|Q:\|) Durchsuchte Objekte: 600816 Laufzeit: 1 Stunde(n), 7 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\Marvin\m-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Quarantined and deleted successfully. Infizierte Dateien: i:\programme\test\i386\fsquirt.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully. c:\Users\Marvin\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully. |
12.12.2011, 21:32 | #12 |
/// Malware-holic | FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen also, dein pc ist ziemlich stark infiziert. auch wenn du kein onlinebanking machst könnte es sein das dein pc für straftaten missbraucht wird. man kann nie 100 %ig sicher sagen das dieses system vernünftig, heißt vollständig, zu bereinigen ist. deswegen würde ich vorschlagen dieses system, nach datensicherung, bilder dokumente musik filme, neu aufzusetzen, vernünftig abzusichern und dann alle passwörter zu endern, natürlich werde ich dir gern dabei helfen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu FW defeckt? USB Tojaner? unerwüntschte Weiterleitungen |
0x8007042c, adobe, bho, bundestojaner, defender, dll, einstellungen, excel, fehlercode 0x8007042c, google, google chrome, hijack, hijackthis, home, internet explorer, laufwerk c, lenovo, logfile, nicht öffnen, notification, ordner, performance, plug-in, realtek, rundll, schutz, searchqu toolbar, security, seiten, software, suche, system, tojaner, trojan.agent.ge, usb, wmp |